Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Elliptic curve support #200

Merged
merged 22 commits into from
Dec 19, 2023
Merged

Elliptic curve support #200

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
22 commits
Select commit Hold shift + click to select a range
764b19f
fix: define a custom error for unsupported key while encrypting
Dec 7, 2023
5a83c2b
fix: JWE encryption with EC key
Dec 7, 2023
705c08c
fix: JWE decryption with EC key
Dec 7, 2023
9a9b605
feat: adapt EC keys
Dec 11, 2023
a2518f1
test: integration test with EC keys
Dec 11, 2023
96abf60
feat: dynamic JWK schema loading
Dec 11, 2023
53baa7d
test: dynamic JWK schema loading
Dec 11, 2023
d60732f
Merge branch 'dev' into elliptic-curve-support
Dec 12, 2023
96da976
fix: imports
Dec 12, 2023
ae37a3d
chore: keep only EC keys based integration test
Dec 12, 2023
5132b72
fix: elliptic curve name support
Dec 12, 2023
8c1979f
fix: remove redundant schema
Dec 14, 2023
86a16fd
Merge branch 'dev' into elliptic-curve-support
Dec 14, 2023
0c52d92
fix: update integration test to handle uppercase chars
Dec 14, 2023
98c24ff
fix: presentation definition validation in integration test
Dec 15, 2023
53e1c5c
fix: remove port 10000
Dec 15, 2023
0262985
fix: validate the schema after init
Dec 18, 2023
ab23643
fix: extend valid authorization algs
Dec 18, 2023
5908a3a
fix: update presentation definition in examples
Dec 18, 2023
bcc19a0
Merge branch 'dev' into elliptic-curve-support
Dec 18, 2023
b280092
fix(commit): validate the schema after init
Dec 18, 2023
726dd90
test: update tests to use EC keys
Dec 18, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
25 changes: 16 additions & 9 deletions example/satosa/integration_test/main.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
from bs4 import BeautifulSoup

from pyeudiw.jwt import DEFAULT_SIG_KTY_MAP
from pyeudiw.presentation_exchange.schemas.oid4vc_presentation_definition import PresentationDefinition
from pyeudiw.tests.federation.base import (
EXP,
leaf_cred,
Expand All @@ -27,10 +28,10 @@
load_specification_from_yaml_string,
issue_sd_jwt,
_adapt_keys,
import_pyca_pri_rsa
import_ec
)
from pyeudiw.storage.db_engine import DBEngine
from pyeudiw.jwt.utils import unpad_jwt_payload
from pyeudiw.jwt.utils import decode_jwt_payload
from pyeudiw.tools.utils import iat_now, exp_from_now

from saml2_sp import saml2_request, IDP_BASEURL
Expand Down Expand Up @@ -127,7 +128,7 @@
request_uri, verify=False, headers=http_headers)
print(sign_request_obj.json())

redirect_uri = unpad_jwt_payload(sign_request_obj.json()['response'])[
redirect_uri = decode_jwt_payload(sign_request_obj.json()['response'])[
'response_uri']

# create a SD-JWT signed by a trusted credential issuer
Expand Down Expand Up @@ -191,7 +192,7 @@
aud=str(uuid.uuid4()),
sign_alg=DEFAULT_SIG_KTY_MAP[WALLET_PRIVATE_JWK.key.kty],
holder_key=(
import_pyca_pri_rsa(
import_ec(
WALLET_PRIVATE_JWK.key.priv_key,
kid=WALLET_PRIVATE_JWK.kid
)
Expand All @@ -200,7 +201,7 @@
)
)

red_data = unpad_jwt_payload(sign_request_obj.json()['response'])
red_data = decode_jwt_payload(sign_request_obj.json()['response'])
req_nonce = red_data['nonce']

data = {
Expand All @@ -223,7 +224,10 @@
f'{IDP_BASEURL}/OpenID4VP/.well-known/openid-federation',
verify=False
).content.decode()
rp_ec = unpad_jwt_payload(rp_ec_jwt)
rp_ec = decode_jwt_payload(rp_ec_jwt)

presentation_definition = rp_ec["metadata"]["wallet_relying_party"]["presentation_definition"]
PresentationDefinition(**presentation_definition)

assert redirect_uri == rp_ec["metadata"]['wallet_relying_party']["redirect_uris"][0]

Expand Down Expand Up @@ -264,9 +268,12 @@
assert "/saml2" in form["action"]
input_tag = soup.find("input")
assert input_tag["name"] == "SAMLResponse"
value = BeautifulSoup(base64.b64decode(input_tag["value"]), features="xml")
attributes = value.find_all("saml:attribute")

lowered = base64.b64decode(input_tag["value"]).lower()
value = BeautifulSoup(lowered, features="xml")
attributes = value.find_all("saml:attribute")
# expect to have a non-empty list of attributes
assert attributes

expected = {
# https://oidref.com/2.5.4.42
Expand All @@ -280,4 +287,4 @@
value = attribute.contents[0].contents[0]
expected_value = expected.get(name, None)
if expected_value:
assert value == expected_value
assert value == expected_value.lower()
2 changes: 1 addition & 1 deletion example/satosa/integration_test/metadata/idp.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1 @@
<md:EntityDescriptor xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui" entityID="https://localhost:10000/Saml2IDP/metadata"><md:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol" WantAuthnRequestsSigned="false"><md:Extensions><mdui:UIInfo><mdui:DisplayName xml:lang="en">change with $SATOSA_UI_DISPLAY_NAME_EN</mdui:DisplayName><mdui:DisplayName xml:lang="it">change with $SATOSA_UI_DISPLAY_NAME_IT</mdui:DisplayName><mdui:Description xml:lang="en">change with $SATOSA_UI_DESCRIPTION_EN</mdui:Description><mdui:Description xml:lang="it">change with $SATOSA_UI_DESCRIPTION_IT</mdui:Description><mdui:Logo height="change with $SATOSA_UI_LOGO_HEIGHT" width="change with $SATOSA_UI_LOGO_WIDTH">change with $SATOSA_UI_LOGO_URL</mdui:Logo><mdui:InformationURL xml:lang="en">change with $SATOSA_UI_INFORMATION_URL_EN</mdui:InformationURL><mdui:InformationURL xml:lang="it">change with $SATOSA_UI_INFORMATION_URL_IT</mdui:InformationURL><mdui:PrivacyStatementURL xml:lang="en">change with $SATOSA_UI_PRIVACY_URL_EN</mdui:PrivacyStatementURL><mdui:PrivacyStatementURL xml:lang="it">change with $SATOSA_UI_PRIVACY_URL_IT</mdui:PrivacyStatementURL></mdui:UIInfo></md:Extensions><md:KeyDescriptor use="signing"><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIGJjCCBI6gAwIBAgIUfU0kpXVz4VKab7plowh6WarIYywwDQYJKoZIhvcNAQELBQAwgYoxJDAiBgNVBAoMG0EgQ29tcGFueSBNYWtpbmcgRXZlcnl0aGluZzEQMA4GA1UEAwwHQS5DLk0uRTEdMBsGA1UEUwwUaHR0cHM6Ly9zcGlkLmFjbWUuaXQxFTATBgNVBGEMDFBBOklULWNfaDUwMTELMAkGA1UEBhMCSVQxDTALBgNVBAcMBFJvbWEwHhcNMjIxMTE5MTY1MjIwWhcNMzIxMTE2MTY1MjIwWjCBijEkMCIGA1UECgwbQSBDb21wYW55IE1ha2luZyBFdmVyeXRoaW5nMRAwDgYDVQQDDAdBLkMuTS5FMR0wGwYDVQRTDBRodHRwczovL3NwaWQuYWNtZS5pdDEVMBMGA1UEYQwMUEE6SVQtY19oNTAxMQswCQYDVQQGEwJJVDENMAsGA1UEBwwEUm9tYTCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAJJL67gVrM6SNxiulqto4f8v1SqJwmdaR9/TTubScNzI6d2JnirqQ6a6urBiqP3KfRUrbGUMZ65Uw9T6fEDBSmizy9AkwQvhVie8KbbIA7xxTLr9zPq5LMQA1zKYAkUgEMvyPf6bJCMVEQBMoOt4qok+JDRcpznw5MP3lNCuvYxtqzBf3m7o+YMKhxSUbVaMr2gGLjW2hWYKd663iJ1ZzHvWKCL8KkEzCLwLfoCgHbiPHobVghTqePuqUe35gYq9MhmELBj5GArlWFp38fRP6DGudGye+qF3/4z1Bzj9TDt2sMaCdt00WCoq99OLRGFR2m7v81Z2o/3hDJncgIBj+vpj3EwUMc6JrCY3liMJcyjkHT940dbUF5LEMD0frePgn9/vE2pTjN5CRU5794q9XavOL9peORMxYsrI5qQyqUo39qA7pixqs9csUCsdnmBFLe7xk/qLMe5f5NREvzryS7WR1cVO81ZoTc7tD7bZChLjnJiZQBDzjIuSJwtlN164QQIDAQABo4IBgDCCAXwwCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBsAwcwYDVR0gBGwwajAfBgMrTBAwGDAWBggrBgEFBQcCAjAKDAhBZ0lEcm9vdDAgBgQrTBAGMBgwFgYIKwYBBQUHAgIwCgwIYWdJRGNlcnQwJQYGK0wQBAIBMBswGQYIKwYBBQUHAgIwDQwLY2VydF9TUF9QdWIwHQYDVR0OBBYEFNFS033ubTPFuD5Elo92XroK3yvpMIHKBgNVHSMEgcIwgb+AFNFS033ubTPFuD5Elo92XroK3yvpoYGQpIGNMIGKMSQwIgYDVQQKDBtBIENvbXBhbnkgTWFraW5nIEV2ZXJ5dGhpbmcxEDAOBgNVBAMMB0EuQy5NLkUxHTAbBgNVBFMMFGh0dHBzOi8vc3BpZC5hY21lLml0MRUwEwYDVQRhDAxQQTpJVC1jX2g1MDExCzAJBgNVBAYTAklUMQ0wCwYDVQQHDARSb21hghR9TSSldXPhUppvumWjCHpZqshjLDANBgkqhkiG9w0BAQsFAAOCAYEAZsT4xgbQo6lStFg1+7u+USWjil4FZIbadEl6qL4FjmWa+uGgFRO0Z2wvTl4Ek+WE94SqgQNwaZmebGAc9pxb7M5vH9NnxVgN0MHt758aVBX967wVoVM5lFGHx7d6jMYW9LiyYxcxD40zbZW0tFB8YuTPImjL1GiM2npY7jCRb/ZAxz0QcpTvZG98eR/WJprR8siniKkxC+PFYxzhsOntp+7r5UHrvN0WMjJEehjVNaUcowLDsTMIQGO0VIUF3jTOPikUtpRR4V5MluDS0dysmEYyOgUvt1hYC5LkoJ2v1tBH7AxzwkFpVtvTVNtFdotO1ZDMAlpDHA3d0LuGiM4JMfH87DkTCh+Mb4RNaeBfXDo+YCG7ueslLmjCzcjKjAr2QGdhfLnEdx/Ozn8CnMLOj+2PQ4rrfZ2ijzvv7dUNnbOs36DTrxbNys0BEQu0MhAoMzX6xAecDzd+FNnc+/+TK/xQ2pDZjxTYdwitJF0szdErUt11NzK85QNBL0JjCDWH</ds:X509Certificate></ds:X509Data></ds:KeyInfo></md:KeyDescriptor><md:KeyDescriptor use="encryption"><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIGJjCCBI6gAwIBAgIUfU0kpXVz4VKab7plowh6WarIYywwDQYJKoZIhvcNAQELBQAwgYoxJDAiBgNVBAoMG0EgQ29tcGFueSBNYWtpbmcgRXZlcnl0aGluZzEQMA4GA1UEAwwHQS5DLk0uRTEdMBsGA1UEUwwUaHR0cHM6Ly9zcGlkLmFjbWUuaXQxFTATBgNVBGEMDFBBOklULWNfaDUwMTELMAkGA1UEBhMCSVQxDTALBgNVBAcMBFJvbWEwHhcNMjIxMTE5MTY1MjIwWhcNMzIxMTE2MTY1MjIwWjCBijEkMCIGA1UECgwbQSBDb21wYW55IE1ha2luZyBFdmVyeXRoaW5nMRAwDgYDVQQDDAdBLkMuTS5FMR0wGwYDVQRTDBRodHRwczovL3NwaWQuYWNtZS5pdDEVMBMGA1UEYQwMUEE6SVQtY19oNTAxMQswCQYDVQQGEwJJVDENMAsGA1UEBwwEUm9tYTCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAJJL67gVrM6SNxiulqto4f8v1SqJwmdaR9/TTubScNzI6d2JnirqQ6a6urBiqP3KfRUrbGUMZ65Uw9T6fEDBSmizy9AkwQvhVie8KbbIA7xxTLr9zPq5LMQA1zKYAkUgEMvyPf6bJCMVEQBMoOt4qok+JDRcpznw5MP3lNCuvYxtqzBf3m7o+YMKhxSUbVaMr2gGLjW2hWYKd663iJ1ZzHvWKCL8KkEzCLwLfoCgHbiPHobVghTqePuqUe35gYq9MhmELBj5GArlWFp38fRP6DGudGye+qF3/4z1Bzj9TDt2sMaCdt00WCoq99OLRGFR2m7v81Z2o/3hDJncgIBj+vpj3EwUMc6JrCY3liMJcyjkHT940dbUF5LEMD0frePgn9/vE2pTjN5CRU5794q9XavOL9peORMxYsrI5qQyqUo39qA7pixqs9csUCsdnmBFLe7xk/qLMe5f5NREvzryS7WR1cVO81ZoTc7tD7bZChLjnJiZQBDzjIuSJwtlN164QQIDAQABo4IBgDCCAXwwCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBsAwcwYDVR0gBGwwajAfBgMrTBAwGDAWBggrBgEFBQcCAjAKDAhBZ0lEcm9vdDAgBgQrTBAGMBgwFgYIKwYBBQUHAgIwCgwIYWdJRGNlcnQwJQYGK0wQBAIBMBswGQYIKwYBBQUHAgIwDQwLY2VydF9TUF9QdWIwHQYDVR0OBBYEFNFS033ubTPFuD5Elo92XroK3yvpMIHKBgNVHSMEgcIwgb+AFNFS033ubTPFuD5Elo92XroK3yvpoYGQpIGNMIGKMSQwIgYDVQQKDBtBIENvbXBhbnkgTWFraW5nIEV2ZXJ5dGhpbmcxEDAOBgNVBAMMB0EuQy5NLkUxHTAbBgNVBFMMFGh0dHBzOi8vc3BpZC5hY21lLml0MRUwEwYDVQRhDAxQQTpJVC1jX2g1MDExCzAJBgNVBAYTAklUMQ0wCwYDVQQHDARSb21hghR9TSSldXPhUppvumWjCHpZqshjLDANBgkqhkiG9w0BAQsFAAOCAYEAZsT4xgbQo6lStFg1+7u+USWjil4FZIbadEl6qL4FjmWa+uGgFRO0Z2wvTl4Ek+WE94SqgQNwaZmebGAc9pxb7M5vH9NnxVgN0MHt758aVBX967wVoVM5lFGHx7d6jMYW9LiyYxcxD40zbZW0tFB8YuTPImjL1GiM2npY7jCRb/ZAxz0QcpTvZG98eR/WJprR8siniKkxC+PFYxzhsOntp+7r5UHrvN0WMjJEehjVNaUcowLDsTMIQGO0VIUF3jTOPikUtpRR4V5MluDS0dysmEYyOgUvt1hYC5LkoJ2v1tBH7AxzwkFpVtvTVNtFdotO1ZDMAlpDHA3d0LuGiM4JMfH87DkTCh+Mb4RNaeBfXDo+YCG7ueslLmjCzcjKjAr2QGdhfLnEdx/Ozn8CnMLOj+2PQ4rrfZ2ijzvv7dUNnbOs36DTrxbNys0BEQu0MhAoMzX6xAecDzd+FNnc+/+TK/xQ2pDZjxTYdwitJF0szdErUt11NzK85QNBL0JjCDWH</ds:X509Certificate></ds:X509Data></ds:KeyInfo></md:KeyDescriptor><md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat><md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://localhost:10000/Saml2/sso/post" /><md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://localhost:10000/spidSaml2/sso/post" /><md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://localhost:10000/cieSaml2/sso/post" /><md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://localhost:10000/OpenID4VP/sso/post" /><md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://localhost:10000/Saml2/sso/redirect" /><md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://localhost:10000/spidSaml2/sso/redirect" /><md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://localhost:10000/cieSaml2/sso/redirect" /><md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://localhost:10000/OpenID4VP/sso/redirect" /></md:IDPSSODescriptor><md:Organization><md:OrganizationName xml:lang="en">change with $SATOSA_ORGANIZATION_NAME_EN</md:OrganizationName><md:OrganizationName xml:lang="it">change with $SATOSA_ORGANIZATION_NAME_IT</md:OrganizationName><md:OrganizationDisplayName xml:lang="en">change with $SATOSA_ORGANIZATION_DISPLAY_NAME_EN</md:OrganizationDisplayName><md:OrganizationDisplayName xml:lang="it">change with $SAOSA_ORGANIZATION_DISPLAY_NAME_IT</md:OrganizationDisplayName><md:OrganizationURL xml:lang="en">change with $SATOSA_ORGANIZATION_URL_EN</md:OrganizationURL><md:OrganizationURL xml:lang="it">change with $SATOSA_ORGANIZATION_URL_IT</md:OrganizationURL></md:Organization><md:ContactPerson contactType="technical"><md:GivenName>change with $SATOSA_CONTACT_PERSON_GIVEN_NAME</md:GivenName><md:EmailAddress>change with $SATOSA_CONTACT_PERSON_EMAIL_ADDRESS</md:EmailAddress></md:ContactPerson></md:EntityDescriptor>
<md:EntityDescriptor xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui" entityID="https://localhost/Saml2IDP/metadata"><md:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol" WantAuthnRequestsSigned="false"><md:Extensions><mdui:UIInfo><mdui:DisplayName xml:lang="en">change with $SATOSA_UI_DISPLAY_NAME_EN</mdui:DisplayName><mdui:DisplayName xml:lang="it">change with $SATOSA_UI_DISPLAY_NAME_IT</mdui:DisplayName><mdui:Description xml:lang="en">change with $SATOSA_UI_DESCRIPTION_EN</mdui:Description><mdui:Description xml:lang="it">change with $SATOSA_UI_DESCRIPTION_IT</mdui:Description><mdui:Logo height="change with $SATOSA_UI_LOGO_HEIGHT" width="change with $SATOSA_UI_LOGO_WIDTH">change with $SATOSA_UI_LOGO_URL</mdui:Logo><mdui:InformationURL xml:lang="en">change with $SATOSA_UI_INFORMATION_URL_EN</mdui:InformationURL><mdui:InformationURL xml:lang="it">change with $SATOSA_UI_INFORMATION_URL_IT</mdui:InformationURL><mdui:PrivacyStatementURL xml:lang="en">change with $SATOSA_UI_PRIVACY_URL_EN</mdui:PrivacyStatementURL><mdui:PrivacyStatementURL xml:lang="it">change with $SATOSA_UI_PRIVACY_URL_IT</mdui:PrivacyStatementURL></mdui:UIInfo></md:Extensions><md:KeyDescriptor use="signing"><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIGJjCCBI6gAwIBAgIUfU0kpXVz4VKab7plowh6WarIYywwDQYJKoZIhvcNAQELBQAwgYoxJDAiBgNVBAoMG0EgQ29tcGFueSBNYWtpbmcgRXZlcnl0aGluZzEQMA4GA1UEAwwHQS5DLk0uRTEdMBsGA1UEUwwUaHR0cHM6Ly9zcGlkLmFjbWUuaXQxFTATBgNVBGEMDFBBOklULWNfaDUwMTELMAkGA1UEBhMCSVQxDTALBgNVBAcMBFJvbWEwHhcNMjIxMTE5MTY1MjIwWhcNMzIxMTE2MTY1MjIwWjCBijEkMCIGA1UECgwbQSBDb21wYW55IE1ha2luZyBFdmVyeXRoaW5nMRAwDgYDVQQDDAdBLkMuTS5FMR0wGwYDVQRTDBRodHRwczovL3NwaWQuYWNtZS5pdDEVMBMGA1UEYQwMUEE6SVQtY19oNTAxMQswCQYDVQQGEwJJVDENMAsGA1UEBwwEUm9tYTCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAJJL67gVrM6SNxiulqto4f8v1SqJwmdaR9/TTubScNzI6d2JnirqQ6a6urBiqP3KfRUrbGUMZ65Uw9T6fEDBSmizy9AkwQvhVie8KbbIA7xxTLr9zPq5LMQA1zKYAkUgEMvyPf6bJCMVEQBMoOt4qok+JDRcpznw5MP3lNCuvYxtqzBf3m7o+YMKhxSUbVaMr2gGLjW2hWYKd663iJ1ZzHvWKCL8KkEzCLwLfoCgHbiPHobVghTqePuqUe35gYq9MhmELBj5GArlWFp38fRP6DGudGye+qF3/4z1Bzj9TDt2sMaCdt00WCoq99OLRGFR2m7v81Z2o/3hDJncgIBj+vpj3EwUMc6JrCY3liMJcyjkHT940dbUF5LEMD0frePgn9/vE2pTjN5CRU5794q9XavOL9peORMxYsrI5qQyqUo39qA7pixqs9csUCsdnmBFLe7xk/qLMe5f5NREvzryS7WR1cVO81ZoTc7tD7bZChLjnJiZQBDzjIuSJwtlN164QQIDAQABo4IBgDCCAXwwCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBsAwcwYDVR0gBGwwajAfBgMrTBAwGDAWBggrBgEFBQcCAjAKDAhBZ0lEcm9vdDAgBgQrTBAGMBgwFgYIKwYBBQUHAgIwCgwIYWdJRGNlcnQwJQYGK0wQBAIBMBswGQYIKwYBBQUHAgIwDQwLY2VydF9TUF9QdWIwHQYDVR0OBBYEFNFS033ubTPFuD5Elo92XroK3yvpMIHKBgNVHSMEgcIwgb+AFNFS033ubTPFuD5Elo92XroK3yvpoYGQpIGNMIGKMSQwIgYDVQQKDBtBIENvbXBhbnkgTWFraW5nIEV2ZXJ5dGhpbmcxEDAOBgNVBAMMB0EuQy5NLkUxHTAbBgNVBFMMFGh0dHBzOi8vc3BpZC5hY21lLml0MRUwEwYDVQRhDAxQQTpJVC1jX2g1MDExCzAJBgNVBAYTAklUMQ0wCwYDVQQHDARSb21hghR9TSSldXPhUppvumWjCHpZqshjLDANBgkqhkiG9w0BAQsFAAOCAYEAZsT4xgbQo6lStFg1+7u+USWjil4FZIbadEl6qL4FjmWa+uGgFRO0Z2wvTl4Ek+WE94SqgQNwaZmebGAc9pxb7M5vH9NnxVgN0MHt758aVBX967wVoVM5lFGHx7d6jMYW9LiyYxcxD40zbZW0tFB8YuTPImjL1GiM2npY7jCRb/ZAxz0QcpTvZG98eR/WJprR8siniKkxC+PFYxzhsOntp+7r5UHrvN0WMjJEehjVNaUcowLDsTMIQGO0VIUF3jTOPikUtpRR4V5MluDS0dysmEYyOgUvt1hYC5LkoJ2v1tBH7AxzwkFpVtvTVNtFdotO1ZDMAlpDHA3d0LuGiM4JMfH87DkTCh+Mb4RNaeBfXDo+YCG7ueslLmjCzcjKjAr2QGdhfLnEdx/Ozn8CnMLOj+2PQ4rrfZ2ijzvv7dUNnbOs36DTrxbNys0BEQu0MhAoMzX6xAecDzd+FNnc+/+TK/xQ2pDZjxTYdwitJF0szdErUt11NzK85QNBL0JjCDWH</ds:X509Certificate></ds:X509Data></ds:KeyInfo></md:KeyDescriptor><md:KeyDescriptor use="encryption"><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIGJjCCBI6gAwIBAgIUfU0kpXVz4VKab7plowh6WarIYywwDQYJKoZIhvcNAQELBQAwgYoxJDAiBgNVBAoMG0EgQ29tcGFueSBNYWtpbmcgRXZlcnl0aGluZzEQMA4GA1UEAwwHQS5DLk0uRTEdMBsGA1UEUwwUaHR0cHM6Ly9zcGlkLmFjbWUuaXQxFTATBgNVBGEMDFBBOklULWNfaDUwMTELMAkGA1UEBhMCSVQxDTALBgNVBAcMBFJvbWEwHhcNMjIxMTE5MTY1MjIwWhcNMzIxMTE2MTY1MjIwWjCBijEkMCIGA1UECgwbQSBDb21wYW55IE1ha2luZyBFdmVyeXRoaW5nMRAwDgYDVQQDDAdBLkMuTS5FMR0wGwYDVQRTDBRodHRwczovL3NwaWQuYWNtZS5pdDEVMBMGA1UEYQwMUEE6SVQtY19oNTAxMQswCQYDVQQGEwJJVDENMAsGA1UEBwwEUm9tYTCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAJJL67gVrM6SNxiulqto4f8v1SqJwmdaR9/TTubScNzI6d2JnirqQ6a6urBiqP3KfRUrbGUMZ65Uw9T6fEDBSmizy9AkwQvhVie8KbbIA7xxTLr9zPq5LMQA1zKYAkUgEMvyPf6bJCMVEQBMoOt4qok+JDRcpznw5MP3lNCuvYxtqzBf3m7o+YMKhxSUbVaMr2gGLjW2hWYKd663iJ1ZzHvWKCL8KkEzCLwLfoCgHbiPHobVghTqePuqUe35gYq9MhmELBj5GArlWFp38fRP6DGudGye+qF3/4z1Bzj9TDt2sMaCdt00WCoq99OLRGFR2m7v81Z2o/3hDJncgIBj+vpj3EwUMc6JrCY3liMJcyjkHT940dbUF5LEMD0frePgn9/vE2pTjN5CRU5794q9XavOL9peORMxYsrI5qQyqUo39qA7pixqs9csUCsdnmBFLe7xk/qLMe5f5NREvzryS7WR1cVO81ZoTc7tD7bZChLjnJiZQBDzjIuSJwtlN164QQIDAQABo4IBgDCCAXwwCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBsAwcwYDVR0gBGwwajAfBgMrTBAwGDAWBggrBgEFBQcCAjAKDAhBZ0lEcm9vdDAgBgQrTBAGMBgwFgYIKwYBBQUHAgIwCgwIYWdJRGNlcnQwJQYGK0wQBAIBMBswGQYIKwYBBQUHAgIwDQwLY2VydF9TUF9QdWIwHQYDVR0OBBYEFNFS033ubTPFuD5Elo92XroK3yvpMIHKBgNVHSMEgcIwgb+AFNFS033ubTPFuD5Elo92XroK3yvpoYGQpIGNMIGKMSQwIgYDVQQKDBtBIENvbXBhbnkgTWFraW5nIEV2ZXJ5dGhpbmcxEDAOBgNVBAMMB0EuQy5NLkUxHTAbBgNVBFMMFGh0dHBzOi8vc3BpZC5hY21lLml0MRUwEwYDVQRhDAxQQTpJVC1jX2g1MDExCzAJBgNVBAYTAklUMQ0wCwYDVQQHDARSb21hghR9TSSldXPhUppvumWjCHpZqshjLDANBgkqhkiG9w0BAQsFAAOCAYEAZsT4xgbQo6lStFg1+7u+USWjil4FZIbadEl6qL4FjmWa+uGgFRO0Z2wvTl4Ek+WE94SqgQNwaZmebGAc9pxb7M5vH9NnxVgN0MHt758aVBX967wVoVM5lFGHx7d6jMYW9LiyYxcxD40zbZW0tFB8YuTPImjL1GiM2npY7jCRb/ZAxz0QcpTvZG98eR/WJprR8siniKkxC+PFYxzhsOntp+7r5UHrvN0WMjJEehjVNaUcowLDsTMIQGO0VIUF3jTOPikUtpRR4V5MluDS0dysmEYyOgUvt1hYC5LkoJ2v1tBH7AxzwkFpVtvTVNtFdotO1ZDMAlpDHA3d0LuGiM4JMfH87DkTCh+Mb4RNaeBfXDo+YCG7ueslLmjCzcjKjAr2QGdhfLnEdx/Ozn8CnMLOj+2PQ4rrfZ2ijzvv7dUNnbOs36DTrxbNys0BEQu0MhAoMzX6xAecDzd+FNnc+/+TK/xQ2pDZjxTYdwitJF0szdErUt11NzK85QNBL0JjCDWH</ds:X509Certificate></ds:X509Data></ds:KeyInfo></md:KeyDescriptor><md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat><md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://localhost/Saml2/sso/post" /><md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://localhost/spidSaml2/sso/post" /><md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://localhost/cieSaml2/sso/post" /><md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://localhost/OpenID4VP/sso/post" /><md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://localhost/Saml2/sso/redirect" /><md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://localhost/spidSaml2/sso/redirect" /><md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://localhost/cieSaml2/sso/redirect" /><md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://localhost/OpenID4VP/sso/redirect" /></md:IDPSSODescriptor><md:Organization><md:OrganizationName xml:lang="en">change with $SATOSA_ORGANIZATION_NAME_EN</md:OrganizationName><md:OrganizationName xml:lang="it">change with $SATOSA_ORGANIZATION_NAME_IT</md:OrganizationName><md:OrganizationDisplayName xml:lang="en">change with $SATOSA_ORGANIZATION_DISPLAY_NAME_EN</md:OrganizationDisplayName><md:OrganizationDisplayName xml:lang="it">change with $SAOSA_ORGANIZATION_DISPLAY_NAME_IT</md:OrganizationDisplayName><md:OrganizationURL xml:lang="en">change with $SATOSA_ORGANIZATION_URL_EN</md:OrganizationURL><md:OrganizationURL xml:lang="it">change with $SATOSA_ORGANIZATION_URL_IT</md:OrganizationURL></md:Organization><md:ContactPerson contactType="technical"><md:GivenName>change with $SATOSA_CONTACT_PERSON_GIVEN_NAME</md:GivenName><md:EmailAddress>change with $SATOSA_CONTACT_PERSON_EMAIL_ADDRESS</md:EmailAddress></md:ContactPerson></md:EntityDescriptor>
2 changes: 1 addition & 1 deletion example/satosa/integration_test/saml2_sp.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@
BASE = 'http://pyeudiw_demo.example.org'
BASE_URL = '{}/saml2'.format(BASE)

IDP_BASEURL = "https://localhost:10000"
IDP_BASEURL = "https://localhost"
IDP_ENTITYID = f'{IDP_BASEURL}/Saml2IDP/metadata'

SAML_CONFIG = {
Expand Down
8 changes: 4 additions & 4 deletions example/satosa/integration_test/settings.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
from pyeudiw.tools.utils import iat_now, exp_from_now


RP_EID = "https://localhost:10000/OpenID4VP"
RP_EID = "https://localhost/OpenID4VP"

CONFIG_DB = {
"mongo_db": {
Expand Down Expand Up @@ -110,7 +110,7 @@
]
}
rp_signer = JWS(
rp_ec, alg="RS256",
rp_ec, alg="ES256",
typ="application/entity-statement+jwt"
)

Expand All @@ -125,11 +125,11 @@
}
}
ta_signer = JWS(
_es, alg="RS256",
_es, alg="ES256",
typ="application/entity-statement+jwt"
)

its_trust_chain = [
rp_signer.sign_compact([key_from_jwk_dict(rp_jwks[0])]),
rp_signer.sign_compact([key_from_jwk_dict(rp_jwks[1])]),
ta_signer.sign_compact([ta_jwk])
]
Loading
Loading