feat!: pydantic for dopo schema validation, jwk moved from tools to jwk

italia · Jul 23, 2023 · 01f29f0 · 01f29f0
1 parent 79c53e6
commit 01f29f0
Show file tree

Hide file tree

Showing 8 changed files with 72 additions and 80 deletions.
diff --git a/pyeudiw/oauth2/dpop.py b/pyeudiw/oauth2/dpop.py
@@ -0,0 +1,54 @@
+from pydantic import BaseModel, HttpUrl, validator
+
+from pyeudiw.jwk import JWK
+from pyeudiw.tools.jwt import JWSHelper
+
+from typing import List, Literal, Optional
+
+
+class DPoPTokenHeaderSchema(BaseModel):
+    # header
+    typ: Literal["dpop+jwt"]
+    alg: Literal[
+        "RS256",
+        "RS384",
+        "RS512",
+        "ES256",
+        "ES384",
+        "ES512",
+        "PS256",
+        "PS384",
+        "PS512",
+    ]
+    jwk: SINGLE_REQUIRED_JSON
+
+class DPoPTokenPayloadSchema(BaseModel):
+    # body
+    jti: str,
+    htm: Literal["GET", "POST", "get", "post"],
+    htu: HttpUrl
+    iat: int
+    ath: str
+
+
+class DPoPIssuer:
+    def __init__(self, token :str, private_jwk :dict):
+        self.token = token
+        self.private_jwk = private_jwk
+
+    def get_proof(self):
+        pass
+
+
+class DPoPVerifier:
+    def __init__(
+        self, token :str, 
+        public_jwk :dict, 
+        http_header_authz :str, 
+        http_header_dpop :str
+    ):
+        self.token = token
+        self.public_jwk = private_jwk
+
+    def validate_proof(self):
+        pass
diff --git a/pyeudiw/satosa/backend.py b/pyeudiw/satosa/backend.py
@@ -12,7 +12,7 @@
 
 from pyeudiw.satosa.html_template import Jinja2TemplateHandler
 from pyeudiw.tools.qr_code import QRCode
-from pyeudiw.tools.jwk import JWK
+from pyeudiw.jwk import JWK
 from pyeudiw.tools.jwt import JWSHelper
 from pyeudiw.tools.mobile import is_smartphone
 
@@ -134,6 +134,7 @@ def pre_request_endpoint(self, context, internal_request, **kwargs):
             'client_id': self.client_id,
             'request_uri': self.absolute_request_url
         }
+
         url_params = urlencode(payload, quote_via=quote_plus)
 
         res_url = f'{self.config["authorization_url_scheme"]}://authorize?{url_params}'
@@ -171,7 +172,14 @@ def redirect_endpoint(self, context, *args):
 
     def request_endpoint(self, context, *args):
         jwk = self.metadata_jwk
-
+
+        # validate, if any, the DPoP http request header
+
+        if context.http_headers and 'HTTP_AUTHORIZATION' in context.http_headers:
+            # the wallet uses the endpoint authentication ...
+            breakpoint()
+            pass
+
         helper = JWSHelper(jwk)
         data = {
             "state": "3be39b69-6ac1-41aa-921b-3e6c07ddcb03",

diff --git a/pyeudiw/tests/satosa/test_backend.py b/pyeudiw/tests/satosa/test_backend.py
@@ -351,8 +351,10 @@ def test_redirect_endpoint(self):
         msg = json.loads(redirect_endpoint.message)
         assert msg["request"]
 
-    def test_request_endpoint(self):
-        request_endpoint = self.backend.request_endpoint(None)
+    def test_request_endpoint(self, context):
+        breakpoint()
+        request_endpoint = self.backend.request_endpoint(context)
+
         assert request_endpoint
         assert request_endpoint.status == "200"
         assert request_endpoint.message

diff --git a/pyeudiw/tests/tools/test_jwk.py b/pyeudiw/tests/tools/test_jwk.py
@@ -1,6 +1,6 @@
 import pytest
 
-from pyeudiw.tools.jwk import JWK
+from pyeudiw.jwk import JWK
 
 
 @pytest.mark.parametrize(

diff --git a/pyeudiw/tests/tools/test_jwt.py b/pyeudiw/tests/tools/test_jwt.py
@@ -1,6 +1,6 @@
 import pytest
 
-from pyeudiw.tools.jwk import JWK
+from pyeudiw.jwk import JWK
 from pyeudiw.tools.jwt import JWEHelper, JWSHelper, unpad_jwt_header, DEFAULT_JWE_ALG, DEFAULT_JWE_ENC
 
 JWKs_EC = [

diff --git a/pyeudiw/tools/jwk.py b/pyeudiw/tools/jwk.py
diff --git a/pyeudiw/tools/jwt.py b/pyeudiw/tools/jwt.py
@@ -11,7 +11,7 @@
 from cryptojwt.jws.jws import JWS as JWSec
 from typing import Union
 
-from .jwk import JWK
+from pyeudiw.jwk import JWK
 
 DEFAULT_HASH_FUNC = "SHA-256"
 

diff --git a/setup.py b/setup.py
@@ -21,7 +21,6 @@ def readme():
     classifiers=[
         "Development Status :: 4 - Beta",
         "License :: OSI Approved :: Apache Software License",
-        "Programming Language :: Python :: 3.8",
         "Programming Language :: Python :: 3.9",
         "Programming Language :: Python :: 3.10",
         "Programming Language :: Python :: 3.11",
@@ -42,6 +41,7 @@ def readme():
     install_requires=[
         "cryptojwt>=1.8.2,<1.9",
         "qrcode>=7.4.2,<7.5",
+        "pydantic>=2.0,<2.2"
     ],
     extra_require={
         "satosa": [