def test_reject_entity_signing_key_not_signed_by_software_statement_root_key(self): root_key = rsa_key() intermediate_key = rsa_key() # sign intermediate key with key other than op_root_key other_key = rsa_key() signing_key = JWS(intermediate_key.serialize(private=False), alg=other_key.alg).sign_compact(keys=[other_key]) entity = OIDCFederationEntity(None, sym_key(), [], None, None) with pytest.raises(OIDCFederationError): entity._verify_signing_key(signing_key, root_key)
def test_accept_provider_signing_key_signed_by_software_statement_root_key(self): root_key = rsa_key() op_intermediate_key = rsa_key() entity = OIDCFederationEntity(None, sym_key(), [], None, None) signing_key = JWS(op_intermediate_key.serialize(private=False), alg=root_key.alg).sign_compact(keys=[root_key]) assert entity._verify_signing_key(signing_key, root_key)