From 12af7973d3479db55810226a6a2b3c3e240c41ee Mon Sep 17 00:00:00 2001
From: Zicchio <chiozzi.thomas@gmail.com>
Date: Wed, 18 Dec 2024 16:04:02 +0100
Subject: [PATCH] feat: update integrations tests

---
 example/satosa/integration_test/.env.example  |  1 +
 example/satosa/integration_test/commons.py    | 41 ++++++++++++-------
 .../cross_device_integration_test.py          |  2 +-
 example/satosa/integration_test/settings.py   |  7 +++-
 example/satosa/pyeudiw_backend.yaml           |  1 +
 5 files changed, 35 insertions(+), 17 deletions(-)
 create mode 100644 example/satosa/integration_test/.env.example

diff --git a/example/satosa/integration_test/.env.example b/example/satosa/integration_test/.env.example
new file mode 100644
index 00000000..0a29c2ad
--- /dev/null
+++ b/example/satosa/integration_test/.env.example
@@ -0,0 +1 @@
+PYEUDIW_MONGO_TEST_AUTH_INLINE=satosa:thatpassword@
\ No newline at end of file
diff --git a/example/satosa/integration_test/commons.py b/example/satosa/integration_test/commons.py
index b69936d1..e07e9efb 100644
--- a/example/satosa/integration_test/commons.py
+++ b/example/satosa/integration_test/commons.py
@@ -26,6 +26,7 @@
     leaf_wallet_signed,
 )
 from pyeudiw.sd_jwt.holder import SDJWTHolder
+from pyeudiw.trust.model.trust_source import TrustSourceData
 from saml2_sp import saml2_request
 
 from settings import (
@@ -51,6 +52,15 @@
     "default_exp": 1024,
     "key_binding": True
 }
+CREDENTIAL_ISSUER_TRUST_SOURCE_Dict = {
+    "entity_id": ISSUER_CONF["issuer"],
+    "policies": {},
+    "metadata": {},
+    "revoked": False,
+    "keys": [CREDENTIAL_ISSUER_JWK.as_dict()],
+    "trust_params": {}
+}
+CREDENTIAL_ISSUER_TRUST_SOURCE = TrustSourceData(**CREDENTIAL_ISSUER_TRUST_SOURCE_Dict)
 WALLET_PRIVATE_JWK = JWK(leaf_wallet_jwk.serialize(private=True))
 WALLET_PUBLIC_JWK = JWK(leaf_wallet_jwk.serialize())
 
@@ -81,7 +91,8 @@ def apply_trust_settings(db_engine_inst: DBEngine) -> DBEngine:
     db_engine_inst.add_or_update_trust_attestation(
         entity_id=leaf_cred["iss"],
         attestation=leaf_cred_signed,
-        exp=datetime.datetime.now().isoformat()
+        exp=datetime.datetime.now().isoformat(),
+        trust_type=TrustType.FEDERATION
     )
 
     settings = ISSUER_CONF
@@ -90,12 +101,18 @@ def apply_trust_settings(db_engine_inst: DBEngine) -> DBEngine:
         trust_type=TrustType.DIRECT_TRUST_SD_JWT_VC,
         jwks=[leaf_cred_jwk_prot.serialize()]
     )
+
+    db_engine_inst.add_trust_source(
+        trust_source=CREDENTIAL_ISSUER_TRUST_SOURCE_Dict
+    )
     return db_engine_inst
 
+
 def create_saml_auth_request() -> str:
     auth_req_url = f"{saml2_request['headers'][0][1]}&idp_hinting=wallet"
     return auth_req_url
 
+
 def create_issuer_test_data() -> dict[Literal["jws"] | Literal["issuance"], str]:
     # create a SD-JWT signed by a trusted credential issuer
     settings = ISSUER_CONF
@@ -109,15 +126,14 @@ def create_issuer_test_data() -> dict[Literal["jws"] | Literal["issuance"], str]
     }
     user_claims.update(claims)
     
-    
     issued_jwt = SDJWTIssuer(
-        issuer_keys=CREDENTIAL_ISSUER_JWK,
-        holder_key= WALLET_PUBLIC_JWK,
+        issuer_keys=CREDENTIAL_ISSUER_JWK.as_dict(),
+        holder_key=WALLET_PUBLIC_JWK.as_dict(),
         extra_header_parameters={
             "typ": "dc+sd-jwt",
             "kid": CREDENTIAL_ISSUER_JWK.kid
         },
-        user_claims=_yaml_load_specification(StringIO(settings["sd_specification"])),
+        user_claims=user_claims,
         add_decoy_claims=claims.get("add_decoy_claims", True)
     )
     
@@ -131,6 +147,9 @@ def create_holder_test_data(issued_jwt: dict[Literal["jws"] | Literal["issuance"
         issued_jwt["issuance"],
         serialization_format="compact",
     )
+
+    holder_private_key: dict | None = WALLET_PRIVATE_JWK.as_dict() if settings.get("key_binding", False) else None
+
     sdjwt_at_holder.create_presentation(
         claims_to_disclose={
             "tax_id_code": True,
@@ -140,19 +159,13 @@ def create_holder_test_data(issued_jwt: dict[Literal["jws"] | Literal["issuance"
         nonce=request_nonce,
         aud=request_aud,
         sign_alg=DEFAULT_SIG_KTY_MAP[WALLET_PRIVATE_JWK.key.kty],
-        holder_key=(
-            key_from_jwk_dict(
-                WALLET_PRIVATE_JWK.key.priv_key,
-                kid=WALLET_PRIVATE_JWK.kid
-            )
-            if settings.get("key_binding", False)
-            else None
-        )
+        holder_key=holder_private_key
     )
 
     vp_token = sdjwt_at_holder.sd_jwt_presentation
     return vp_token
 
+
 def create_authorize_response(vp_token: str, state: str, response_uri: str) -> str:
     # Extract public key from RP's entity configuration
     client = requests.Session()
@@ -183,7 +196,7 @@ def create_authorize_response(vp_token: str, state: str, response_uri: str) -> s
     }
     encrypted_response = JWEHelper(
         # RSA (EC is not fully supported to date)
-        JWK(encryption_key)
+        JWK(encryption_key).as_dict()
     ).encrypt(response)
     return encrypted_response
 
diff --git a/example/satosa/integration_test/cross_device_integration_test.py b/example/satosa/integration_test/cross_device_integration_test.py
index 2d8fbd79..2d30e558 100644
--- a/example/satosa/integration_test/cross_device_integration_test.py
+++ b/example/satosa/integration_test/cross_device_integration_test.py
@@ -7,7 +7,7 @@
 
 from pyeudiw.jwt.utils import decode_jwt_payload
 
-from . commons import (
+from commons import (
     ISSUER_CONF,
     setup_test_db_engine,
     apply_trust_settings,
diff --git a/example/satosa/integration_test/settings.py b/example/satosa/integration_test/settings.py
index d58147c0..082693d2 100644
--- a/example/satosa/integration_test/settings.py
+++ b/example/satosa/integration_test/settings.py
@@ -14,6 +14,8 @@
 TIMEOUT_S = 10
 IDP_BASEURL = "https://localhost"
 RP_EID = "https://localhost/OpenID4VP"
+MONGO_AUTH_INLINE = os.getenv('PYEUDIW_MONGO_TEST_AUTH_INLINE', '')
+MONGO_URL_CONNECTION = f"mongodb://{MONGO_AUTH_INLINE}localhost:27017/?timeoutMS=2000"
 
 CONFIG_DB = {
     "mongo_db": {
@@ -22,12 +24,13 @@
             "class": "MongoStorage",
             "init_params": {
                 # according to Satosa-Saml2Spid demo
-                "url": f"mongodb://{os.getenv('PYEUDIW_MONGO_TEST_AUTH_INLINE', '')}localhost:27017/?timeoutMS=2000",
+                "url": MONGO_URL_CONNECTION,
                 "conf": {
                     "db_name": "eudiw",
                     "db_sessions_collection": "sessions",
                     "db_trust_attestations_collection": "trust_attestations",
-                    "db_trust_anchors_collection": "trust_anchors"
+                    "db_trust_anchors_collection": "trust_anchors",
+                    "db_trust_sources_collection": "trust_sources"
                 },
                 "connection_params": {}
             }
diff --git a/example/satosa/pyeudiw_backend.yaml b/example/satosa/pyeudiw_backend.yaml
index 0f602dcc..57f7fa48 100644
--- a/example/satosa/pyeudiw_backend.yaml
+++ b/example/satosa/pyeudiw_backend.yaml
@@ -161,6 +161,7 @@ config:
             db_sessions_collection: sessions
             db_trust_attestations_collection: trust_attestations
             db_trust_anchors_collection: trust_anchors
+            db_trust_sources_collection: trust_sources
             data_ttl: 63072000 # 2 years
           # - connection_params: