Merge branch 'main' into feat/jwt_trust_header_inclusion

Author: Zicchio

example/satosa/pyeudiw_backend.yaml

@@ -251,19 +251,19 @@ config:
         client_id_scheme: x509_san_dns # this will be prepended in the client id scheme used in the request. 
         include_issued_jwt_header_param: true # default false; if true, it will include x5c header parameters in the signed presentation request issued by this trust handler
         certificate_authorities:
-          - ca.example.com: |
-                -----BEGIN CERTIFICATE-----
-                MIIB2DCCAX2gAwIBAgIULx2ECoVuwx8Hjz9KT8LU2UnO5fcwCgYIKoZIzj0EAwIw
-                UjEuMCwGA1UEAwwlQ049Y2EuZXhhbXBsZS5jb20sIE89RXhhbXBsZSBDQSwgQz1J
-                VDETMBEGA1UECgwKRXhhbXBsZSBDQTELMAkGA1UEBhMCSVQwHhcNMjUwNDA5MTIw
-                ODUwWhcNMjYwNDEwMTIwODUwWjBSMS4wLAYDVQQDDCVDTj1jYS5leGFtcGxlLmNv
-                bSwgTz1FeGFtcGxlIENBLCBDPUlUMRMwEQYDVQQKDApFeGFtcGxlIENBMQswCQYD
-                VQQGEwJJVDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABFnk7w/2CELwYAo1HYjh
-                v07QS3Xo3HL1Qt/SD2s5pcBmENuFzPUS8E1JFZ047hfaGIb+6NQdUcNt7RGBQgvJ
-                cNqjMTAvMBIGA1UdEwEB/wQIMAYBAf8CAQEwGQYDVR0RBBIwEIIOY2EuZXhhbXBs
-                ZS5jb20wCgYIKoZIzj0EAwIDSQAwRgIhAJLASYXdk77YGrVeuj2bdy48fFeGcHwY
-                hEt3dD1GqdqkAiEAqekBRTF9wzJ/lPmRJyPdLoxzGBbIkd53NCtGUfNvaL0=
-                -----END CERTIFICATE-----
+          ca.example.com: |
+            -----BEGIN CERTIFICATE-----
+            MIIB2DCCAX2gAwIBAgIULx2ECoVuwx8Hjz9KT8LU2UnO5fcwCgYIKoZIzj0EAwIw
+            UjEuMCwGA1UEAwwlQ049Y2EuZXhhbXBsZS5jb20sIE89RXhhbXBsZSBDQSwgQz1J
+            VDETMBEGA1UECgwKRXhhbXBsZSBDQTELMAkGA1UEBhMCSVQwHhcNMjUwNDA5MTIw
+            ODUwWhcNMjYwNDEwMTIwODUwWjBSMS4wLAYDVQQDDCVDTj1jYS5leGFtcGxlLmNv
+            bSwgTz1FeGFtcGxlIENBLCBDPUlUMRMwEQYDVQQKDApFeGFtcGxlIENBMQswCQYD
+            VQQGEwJJVDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABFnk7w/2CELwYAo1HYjh
+            v07QS3Xo3HL1Qt/SD2s5pcBmENuFzPUS8E1JFZ047hfaGIb+6NQdUcNt7RGBQgvJ
+            cNqjMTAvMBIGA1UdEwEB/wQIMAYBAf8CAQEwGQYDVR0RBBIwEIIOY2EuZXhhbXBs
+            ZS5jb20wCgYIKoZIzj0EAwIDSQAwRgIhAJLASYXdk77YGrVeuj2bdy48fFeGcHwY
+            hEt3dD1GqdqkAiEAqekBRTF9wzJ/lPmRJyPdLoxzGBbIkd53NCtGUfNvaL0=
+            -----END CERTIFICATE-----
         relying_party_certificate_chains_by_ca: # X.509 chains in PEM format. Please note: Leaf's certificate MUST be related to metadata_jwks[0]
             ca.example.com:
               - |

pyeudiw/satosa/schemas/config.py

@@ -7,7 +7,6 @@
 from pyeudiw.jwt.schemas.jwt import JWTConfig
 from pyeudiw.satosa.schemas.autorization import AuthorizationConfig
 from pyeudiw.satosa.schemas.endpoint import EndpointsConfig
-from pyeudiw.satosa.schemas.qrcode import QRCode
 from pyeudiw.satosa.schemas.response import ResponseConfig
 from pyeudiw.satosa.schemas.ui import UiConfig
 from pyeudiw.satosa.schemas.user_attributes import UserAttributesConfig
@@ -18,7 +17,6 @@
 class PyeudiwBackendConfig(BaseModel):
     ui: UiConfig
     endpoints: EndpointsConfig
-    qrcode: QRCode
     response_code: ResponseConfig
     jwt: JWTConfig
     authorization: AuthorizationConfig

pyeudiw/satosa/schemas/qrcode.py

@@ -312,7 +312,7 @@ def base64url_to_int(val):
             "config": {
                 "client_id": f"{BASE_URL}/OpenID4VP",
                 "include_issued_jwt_header_param": True,
-                "relying_party_certificate_chains_by_ca":{
+                "relying_party_certificate_chains_by_ca": {
                     "ca.example.com": DEFAULT_X509_CHAIN,
                 },
                 "certificate_authorities": {

pyeudiw/tests/settings.py

@@ -117,7 +117,7 @@ def _cache_upsert_source_trust_materials(
         return trust_source
 
     def _upsert_source_trust_materials(
-        self, trust_source: Optional[TrustSourceData], issuer: Optional[str] = None, force_update: bool = False
+        self, trust_source: Optional[TrustSourceData], entity_id: Optional[str], force_update: bool = False
     ) -> TrustSourceData:
         """
         Extract the trust material of a certain issuer from all the trust handlers.
@@ -130,20 +130,15 @@ def _upsert_source_trust_materials(
         :rtype: Optional[TrustSourceData]
         """
 
-        entity_id = issuer or "__internal__"
-
         if not trust_source:
             trust_source = TrustSourceData.empty(entity_id)
-
-        if entity_id == "__internal__":
-            return self._cache_upsert_source_trust_materials(trust_source, issuer)
 
         if self.mode == "update_first" or force_update:
-            return self._update_upsert_source_trust_materials(trust_source, issuer)
+            return self._update_upsert_source_trust_materials(trust_source, entity_id)
         else:
-            return self._cache_upsert_source_trust_materials(trust_source, issuer)
+            return self._cache_upsert_source_trust_materials(trust_source, entity_id)
 
-    def _get_trust_source(self, issuer: Optional[str] = None, force_update: bool = False) -> TrustSourceData:
+    def _get_trust_source(self, entity_id: Optional[str], force_update: bool = False) -> TrustSourceData:
         """
         Retrieve the trust source from the database or extract it from the trust handlers.
 
@@ -153,9 +148,9 @@ def _get_trust_source(self, issuer: Optional[str] = None, force_update: bool = F
         :returns: The trust source
         :rtype: TrustSourceData
         """
-        trust_source = self._retrieve_trust_source(issuer or "__internal__")            
+        trust_source = self._retrieve_trust_source(entity_id)            
 
-        return self._upsert_source_trust_materials(trust_source, issuer, force_update)
+        return self._upsert_source_trust_materials(trust_source, entity_id, force_update)
 
     def get_public_keys(
             self,