本文整理汇总了Python中oic.utils.keyio.KeyBundle类的典型用法代码示例。如果您正苦于以下问题:Python KeyBundle类的具体用法?Python KeyBundle怎么用?Python KeyBundle使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
在下文中一共展示了KeyBundle类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: __call__
def __call__(self):
# find the name of the file to which the JWKS should be written
try:
_uri = self.conv.entity.registration_response["jwks_uri"]
except KeyError:
raise RequirementsNotMet("No dynamic key handling")
r = urlparse(_uri)
# find the old key for this key usage and mark that as inactive
for kb in self.conv.entity.keyjar.issuer_keys[""]:
for key in list(kb.keys()):
if key.use in self.new_key["use"]:
key.inactive = True
kid = 0
# only one key
_nk = self.new_key
_typ = _nk["type"].upper()
if _typ == "RSA":
kb = KeyBundle(source="file://%s" % _nk["key"],
fileformat="der", keytype=_typ,
keyusage=_nk["use"])
else:
kb = {}
for k in list(kb.keys()):
k.serialize()
k.kid = self.kid_template % kid
kid += 1
self.conv.entity.kid[k.use][k.kty] = k.kid
self.conv.entity.keyjar.add_kb("", kb)
dump_jwks(self.conv.entity.keyjar[""], r.path[1:])示例2: _func
def _func(self, conv):
response = get_protocol_response(conv, ASConfigurationResponse)
if not response:
response = get_protocol_response(conv, ServerMetadata)
response = response[-1] # Should only be one but ...
res = {}
try:
_jwks_uri = response['jwks_uri']
except KeyError:
try:
kb = KeyBundle(response['jwks'])
except KeyBundle:
self._message = "Neither jwks_uri or jwks defined"
self._status = ERROR
except UnknownKeyType as err:
self._message = '{}'.format(err)
self._status = ERROR
else:
kb = KeyBundle(source=_jwks_uri, verify_ssl=False)
try:
kb.update()
except UpdateFailed as err:
self._message = '{}'.format(err)
self._status = ERROR
return res示例3: export
def export(self):
# has to be there
self.trace.info("EXPORT")
if self.client.keyjar is None:
self.client.keyjar = KeyJar()
kbl = []
kid_template = "a%d"
kid = 0
for typ, info in self.cconf["keys"].items():
kb = KeyBundle(source="file://%s" % info["key"], fileformat="der", keytype=typ)
for k in kb.keys():
k.serialize()
k.kid = kid_template % kid
kid += 1
self.client.kid[k.use][k.kty] = k.kid
self.client.keyjar.add_kb("", kb)
kbl.append(kb)
try:
new_name = "static/jwks.json"
dump_jwks(kbl, new_name)
self.client.jwks_uri = "%s%s" % (self.cconf["_base_url"], new_name)
except KeyError:
pass
if self.args.internal_server:
self._pop = start_key_server(self.cconf["_base_url"], self.args.script_path or None)
self.environ["keyprovider"] = self._pop
self.trace.info("Started key provider")
time.sleep(1)示例4: construct_jwks
def construct_jwks(_client, key_conf):
"""
Construct the jwks
"""
if _client.keyjar is None:
_client.keyjar = KeyJar()
kbl = []
kid_template = "a%d"
kid = 0
for typ, info in key_conf.items():
kb = KeyBundle(source="file://%s" % info["key"], fileformat="der",
keytype=typ)
for k in kb.keys():
k.serialize()
k.kid = kid_template % kid
kid += 1
_client.kid[k.use][k.kty] = k.kid
_client.keyjar.add_kb("", kb)
kbl.append(kb)
jwks = {"keys": []}
for kb in kbl:
# ignore simple keys
jwks["keys"].extend([k.to_dict()
for k in kb.keys() if k.kty != 'oct'])
return jwks示例5: init_keyjar
def init_keyjar():
# Keys that are kept by the AS
kb = KeyBundle()
kb.do_keys(JWKS["keys"])
keyjar = KeyJar()
keyjar.add_kb('', kb)
return keyjar示例6: rotate_jwks
def rotate_jwks(self):
# type: () -> None
"""Replace the current JWKS with a fresh one."""
self.jwks = KeyJar()
kb = KeyBundle(keyusage=["enc", "sig"])
kb.append(RSAKey(key=RSA.generate(1024), kid=self._create_kid()))
self.jwks.add_kb("", kb)示例7: export
def export(self, client, cconf, role):
# has to be there
self.trace.info("EXPORT")
if client.keyjar is None:
client.keyjar = KeyJar()
kbl = []
for typ, info in cconf["keys"].items():
kb = KeyBundle(source="file://%s" % info["key"],
fileformat="der", keytype=typ)
for k in kb.keys():
k.serialize()
client.keyjar.add_kb("", kb)
kbl.append(kb)
try:
new_name = "static/%s_jwks.json" % role
dump_jwks(kbl, new_name)
client.jwks_uri = "%s%s" % (cconf["_base_url"], new_name)
except KeyError:
pass
if not self.args.external_server and not self.keysrv_running:
self._pop = start_key_server(cconf["_base_url"])
self.environ["keyprovider"] = self._pop
self.trace.info("Started key provider")
time.sleep(1)
self.keysrv_running = True示例8: _create_symmetric_key
def _create_symmetric_key(issuer, key):
provider_keys = KeyJar()
key = SYMKey(use='sig', k=key)
kb = KeyBundle(keytype='oct')
kb.append(key)
provider_keys[issuer] = [kb]
return provider_keys示例9: store_key
def store_key(self, key):
kb = KeyBundle()
kb.do_keys([key])
# Store key with thumbprint as key
key_thumbprint = b64e(kb.keys()[0].thumbprint('SHA-256')).decode(
'utf8')
self.thumbprint2key[key_thumbprint] = key
return key_thumbprint示例10: __call__
def __call__(self, conv, **kwargs):
pi = conv.client.provider_info
kb = KeyBundle(source=pi["jwks_uri"])
kb.verify_ssl = False
kb.update()
try:
conv.keybundle.append(kb)
except AttributeError:
conv.keybundle = [kb]示例11: test_chain_1
def test_chain_1():
kc = KeyBundle([{"kty": "oct", "key": "supersecret", "use": "sig"}])
assert len(kc.get("oct")) == 1
assert len(kc.get("rsa")) == 0
assert kc.remote is False
assert kc.source is None
kc.update() # Nothing should happen
assert len(kc.get("oct")) == 1
assert len(kc.get("rsa")) == 0
assert kc.remote is False
assert kc.source is None示例12: test_verify_token_encrypted_no_key
def test_verify_token_encrypted_no_key():
idt = IdToken(sub='553df2bcf909104751cfd8b2', aud=['5542958437706128204e0000', '554295ce3770612820620000'],
auth_time=1441364872, azp='554295ce3770612820620000')
kj = KeyJar()
kb = KeyBundle()
kb.do_local_der(os.path.join(os.path.dirname(__file__), 'data', 'keys', 'cert.key'), 'some', ['enc', 'sig'])
kj.add_kb('', kb)
kj.add_kb('https://sso.qa.7pass.ctf.prosiebensat1.com', kb)
packer = JWT(kj, lifetime=3600, iss='https://sso.qa.7pass.ctf.prosiebensat1.com', encrypt=True)
_jws = packer.pack(**idt.to_dict())
msg = AuthorizationResponse(id_token=_jws)
# Do not pass they keyjar with keys
with pytest.raises(VerificationError):
verify_id_token(msg, keyjar=KeyJar(),
iss="https://sso.qa.7pass.ctf.prosiebensat1.com",
client_id="554295ce3770612820620000")示例13: test_verify_token_encrypted
def test_verify_token_encrypted():
idt = IdToken(sub='553df2bcf909104751cfd8b2', aud=['5542958437706128204e0000', '554295ce3770612820620000'],
auth_time=1441364872, azp='554295ce3770612820620000')
kj = KeyJar()
kb = KeyBundle()
kb.do_local_der(os.path.join(os.path.dirname(__file__), 'data', 'keys', 'cert.key'), 'some', ['enc', 'sig'])
kj.add_kb('', kb)
kj.add_kb('https://sso.qa.7pass.ctf.prosiebensat1.com', kb)
packer = JWT(kj, lifetime=3600, iss='https://sso.qa.7pass.ctf.prosiebensat1.com', encrypt=True)
_jws = packer.pack(**idt.to_dict())
msg = AuthorizationResponse(id_token=_jws)
vidt = verify_id_token(msg, keyjar=kj,
iss="https://sso.qa.7pass.ctf.prosiebensat1.com",
client_id="554295ce3770612820620000")
assert vidt
assert vidt.jwe_header == {'enc': 'A128CBC-HS256', 'alg': 'RSA1_5', 'cty': 'JWT'}示例14: test_key_export
def test_key_export():
kj = KeyJar()
url = key_export("http://example.com/keys/", "outbound", "secret",
keyjar=kj, sig={"alg": "rsa", "format": ["x509", "jwk"]})
assert url == "http://example.com/keys/outbound/jwks"
# Now a jwks should reside in './keys/outbound/jwks'
kb = KeyBundle(source='file://./keys/outbound/jwks')
# One key
assert len(kb) == 1
# more specifically one RSA key
assert len(kb.get('RSA')) == 1
k = kb.get('RSA')[0]
# For signing
assert k.use == 'sig'示例15: test_dump_private_jwks
def test_dump_private_jwks():
keys = [
{"type": "RSA", "use": ["enc", "sig"]},
{"type": "EC", "crv": "P-256", "use": ["sig"]},
]
jwks, keyjar, kidd = build_keyjar(keys)
kbl = keyjar.issuer_keys['']
dump_jwks(kbl, 'foo.jwks', private=True)
kb_public = KeyBundle(source='file://./foo.jwks')
# All RSA keys
for k in kb_public.keys():
if k.kty == 'RSA':
assert k.d
assert k.p
assert k.q
else: # MUST be 'EC'
assert k.d