def test_handle_registration_response(self):
federation_key = sym_key()
op_root_key = rsa_key()
op_intermediate_key = rsa_key()
op_signed_intermediate_key = JWS(json.dumps(op_intermediate_key.serialize(private=False)),
alg=op_root_key.alg).sign_compact(keys=[op_root_key])
op_software_statement = Federation(federation_key).create_software_statement(
dict(issuer=ISSUER, root_key=op_root_key.serialize(private=False),
scopes_supported=["openid", "test_scope"]))
rp = RP(None, sym_key(), [], [federation_key], None)
signed_jwks_uri = "{}/signed_jwks".format(ISSUER)
# fake provider discovery
rp.client.provider_info = FederationProviderConfigurationResponse(
**dict(signing_key=op_signed_intermediate_key, signed_jwks_uri=signed_jwks_uri,
issuer=ISSUER))
# signed_jwks_uri
expected_kid = "OP key 1"
keys = [RSAKey(key=RSA.generate(1024), kid=expected_kid).serialize(private=False)]
jwks = json.dumps(dict(keys=keys))
jws = JWS(jwks, alg=op_intermediate_key.alg).sign_compact(keys=[op_intermediate_key])
responses.add(responses.GET, signed_jwks_uri, body=jws, status=200,
content_type="application/jose")
resp_args = dict(provider_software_statement=op_software_statement, client_id="foo")
reg_resp = FederationRegistrationResponse(**resp_args)
rp._handle_registration_response(reg_resp)
assert set(rp.client.provider_info["scopes_supported"]) == {"openid", "test_scope"}
assert rp.client.client_id == "foo"
assert rp.client.keyjar[ISSUER][0].keys()[0].kid == expected_kid
def test_handle_registration_response_fail_when_wrong_software_statement(self):
rp = RP(None, sym_key(), [], None, None)
rp.client.provider_info = FederationProviderConfigurationResponse(
**dict(signing_key="whatever")) # fake provider discovery
resp_args = dict(provider_software_statement="abcdef")
reg_resp = FederationRegistrationResponse(**resp_args)
with pytest.raises(OIDCFederationError) as exc:
rp._handle_registration_response(reg_resp)
assert "software statement" in str(exc.value)