def test_accept_entity_with_common_federation(self): fed1_key = sym_key() federation = Federation(fed1_key) rp_software_statement = federation.create_software_statement({"foo": "bar"}) op_software_statement = federation.create_software_statement({"abc": "xyz"}) entity = OIDCFederationEntity(None, sym_key(), [rp_software_statement], [fed1_key], None) assert entity._verify_software_statements([op_software_statement])
def test_key_rotation(self): name = "https://entity.example.com" entity = OIDCFederationEntity(name, sym_key(), [], None, None) entity.rotate_intermediate_key() entity.rotate_jwks() self.check_intermediate_key(entity) self.check_jwks(entity)
def test_accept_provider_signing_key_signed_by_software_statement_root_key(self): root_key = rsa_key() op_intermediate_key = rsa_key() entity = OIDCFederationEntity(None, sym_key(), [], None, None) signing_key = JWS(op_intermediate_key.serialize(private=False), alg=root_key.alg).sign_compact(keys=[root_key]) assert entity._verify_signing_key(signing_key, root_key)
def test_reject_entity_with_no_common_federation(self): fed1_key = sym_key() federation1 = Federation(fed1_key) federation2 = Federation(sym_key()) rp_software_statement = federation1.create_software_statement({"foo": "bar"}) op_software_statement = federation2.create_software_statement({"abc": "xyz"}) entity = OIDCFederationEntity(None, sym_key(), [rp_software_statement], [fed1_key], None) with pytest.raises(OIDCFederationError): entity._verify_software_statements([op_software_statement])
def test_reject_entity_signing_key_not_signed_by_software_statement_root_key(self): root_key = rsa_key() intermediate_key = rsa_key() # sign intermediate key with key other than op_root_key other_key = rsa_key() signing_key = JWS(intermediate_key.serialize(private=False), alg=other_key.alg).sign_compact(keys=[other_key]) entity = OIDCFederationEntity(None, sym_key(), [], None, None) with pytest.raises(OIDCFederationError): entity._verify_signing_key(signing_key, root_key)