def test_reject_signed_metadata_not_signed_by_provider_intermediate_key(self):
op_intermediate_key = rsa_key()
other_key = rsa_key()
rp = RP(None, sym_key(), [], None, None)
signed_provider_metadata = JWS(json.dumps(DEFAULT_PROVIDER_CONFIG),
alg=other_key.alg).sign_compact(keys=[other_key])
with pytest.raises(OIDCFederationError):
rp._verify_signed_provider_metadata(signed_provider_metadata, op_intermediate_key)
def test_accept_signed_metadata_provider_intermediate_key(self):
op_intermediate_key = rsa_key()
rp = RP(None, sym_key(), [], None, None)
signed_provider_metadata = JWS(json.dumps(DEFAULT_PROVIDER_CONFIG),
alg=op_intermediate_key.alg).sign_compact(
keys=[op_intermediate_key])
assert rp._verify_signed_provider_metadata(signed_provider_metadata, op_intermediate_key)
