def test_reject_signed_metadata_not_signed_by_provider_intermediate_key(self): op_intermediate_key = rsa_key() other_key = rsa_key() rp = RP(None, sym_key(), [], None, None) signed_provider_metadata = JWS(json.dumps(DEFAULT_PROVIDER_CONFIG), alg=other_key.alg).sign_compact(keys=[other_key]) with pytest.raises(OIDCFederationError): rp._verify_signed_provider_metadata(signed_provider_metadata, op_intermediate_key)
def test_accept_signed_metadata_provider_intermediate_key(self): op_intermediate_key = rsa_key() rp = RP(None, sym_key(), [], None, None) signed_provider_metadata = JWS(json.dumps(DEFAULT_PROVIDER_CONFIG), alg=op_intermediate_key.alg).sign_compact( keys=[op_intermediate_key]) assert rp._verify_signed_provider_metadata(signed_provider_metadata, op_intermediate_key)