Merge pull request #410 from italia/fix/integration_tests

Fix for integration tests

Author: peppelinux

example/satosa/pyeudiw_backend.yaml

@@ -114,13 +114,14 @@ config:
 
   # private jwk
   metadata_jwks: &metadata_jwks
-    - crv: P-256 # Please note: this is the first key [0] and it is used for signing the presentation requests
-      d: KzQBowMMoPmSZe7G8QsdEWc1IvR2nsgE8qTOYmMcLtc
-      kid: dDwPWXz5sCtczj7CJbqgPGJ2qQ83gZ9Sfs-tJyULi6s
+    - kty: EC # Please note: this is the first key [0] and it is used for signing the presentation requests
+      d: i0HQiqDPXf-MqC776ztbgOCI9-eARhcUczqJ-7_httc
       use: sig
-      kty: EC
-      x: TSO-KOqdnUj5SUuasdlRB2VVFSqtJOxuR5GftUTuBdk
-      y: ByWgQt1wGBSnF56jQqLdoO1xKUynMY-BHIDB3eXlR7
+      crv: P-256
+      kid: SQgNjv4yU8sfuafJ2DPWq2tnOlK1JSibd3V5KqYRhOk
+      x: Q46FDkhMjewZIP9qP8ZKZIP-ZEemctvjxeP0l3vWHMI
+      y: IT7lsGxdJewmonk9l1_TAVYx_nixydTtI1Sbn0LkfEA
+      alg: ES256
     - kty: RSA
       d: QUZsh1NqvpueootsdSjFQz-BUvxwd3Qnzm5qNb-WeOsvt3rWMEv0Q8CZrla2tndHTJhwioo1U4NuQey7znijhZ177bUwPPxSW1r68dEnL2U74nKwwoYeeMdEXnUfZSPxzs7nY6b7vtyCoA-AjiVYFOlgKNAItspv1HxeyGCLhLYhKvS_YoTdAeLuegETU5D6K1xGQIuw0nS13Icjz79Y8jC10TX4FdZwdX-NmuIEDP5-s95V9DMENtVqJAVE3L-wO-NdDilyjyOmAbntgsCzYVGH9U3W_djh4t3qVFCv3r0S-DA2FD3THvlrFi655L0QHR3gu_Fbj3b9Ybtajpue_Q
       e: AQAB
@@ -193,8 +194,6 @@ config:
       - module: pyeudiw.openid4vp.vp_sd_jwt_vc
         class:  VpVcSdJwtParserVerifier
         format: dc+sd-jwt
-        config:
-          sig_alg_supported: *sig_alg_supported
       - module: pyeudiw.openid4vp.vp_mdoc_cbor
         class:  VpMDocCbor
         format: mso_mdoc
@@ -262,28 +261,28 @@ config:
         # client_id: *client_id
         client_id_scheme: x509_san_dns # this will be prepended in the client id scheme used in the request. 
         certificate_authorities:
-          - ca.example.com: |
-                -----BEGIN CERTIFICATE-----
-                MIIDYzCCAkugAwIBAgIUHVMNJD9vqAA4mR+QAJyEQFW4kjQwDQYJKoZIhvcNAQEL
-                BQAwUjEuMCwGA1UEAwwlQ049Y2EuZXhhbXBsZS5jb20sIE89RXhhbXBsZSBDQSwg
-                Qz1JVDETMBEGA1UECgwKRXhhbXBsZSBDQTELMAkGA1UEBhMCSVQwHhcNMjUwNDAz
-                MTU0NzU2WhcNMjYwNDA0MTU0NzU2WjBSMS4wLAYDVQQDDCVDTj1jYS5leGFtcGxl
-                LmNvbSwgTz1FeGFtcGxlIENBLCBDPUlUMRMwEQYDVQQKDApFeGFtcGxlIENBMQsw
-                CQYDVQQGEwJJVDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMf3zvlY
-                zX1DYgv9QjRusMQjSRNdZi72/ydnxO/cAQ1GsgLZ8ewqIL1CnXtIs6i2F8poUOec
-                g957xk1db6sTqEWXRi5h9IfMUFcd5G7gIbJzjXCiLSVz6m9vZlvqR7BDka1VQhuH
-                rW2xEIE6+F2lWxJ+crimea/c5VlMKBCh+gQldFq3lTu6smGUz8xl8rhleBPgTgZz
-                TO4VuVO1dOb/S4lq9twfVYCTznF9vgaNaNh3la7yjzCf+zpSTGQD8TFO8ws1SZRq
-                O0bkabW8/5XsnwFHLT2LMSPkWMgMD8r+7xef93bvbEy7SA4Hw1Iow2xIIcTDYQ7F
-                77HQ3OjkogHmhrMCAwEAAaMxMC8wEgYDVR0TAQH/BAgwBgEB/wIBATAZBgNVHREE
-                EjAQgg5jYS5leGFtcGxlLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEApRUUxw5Dn0wd
-                lFPApjn7n/SZyx5I1XnOHOIk8aWD0KFFa1zsnONlmRDgC8EQ5XKw3nMUwvnCQUR8
-                6FmrqP5gINHdqfvWiitC0eQdDhMhIHvdfUMBicgZ0XDVjDZhD6W9A+IWwR3ySLCf
-                lZHA5JwjYhpAjMYFXwSVZklOre34zJL6CRwgIUKjc9uyGPmlnVRFTUcUqLB9Uq/U
-                dFc7XMPBAbMt1frOJRj6P1OFtubuC0INpEhzivg3+w8bXmpEN6e2hBvIjoNkgnWF
-                O6HVbDnJXTA34/I4snisJfZQ+Z9gln921+2Q27sMvyS7aBqtocDuWB0w3XZ3aCYk
-                DTEzMjUtQA==
-                -----END CERTIFICATE-----
+          ca.example.com: |
+              -----BEGIN CERTIFICATE-----
+              MIIDYzCCAkugAwIBAgIUHVMNJD9vqAA4mR+QAJyEQFW4kjQwDQYJKoZIhvcNAQEL
+              BQAwUjEuMCwGA1UEAwwlQ049Y2EuZXhhbXBsZS5jb20sIE89RXhhbXBsZSBDQSwg
+              Qz1JVDETMBEGA1UECgwKRXhhbXBsZSBDQTELMAkGA1UEBhMCSVQwHhcNMjUwNDAz
+              MTU0NzU2WhcNMjYwNDA0MTU0NzU2WjBSMS4wLAYDVQQDDCVDTj1jYS5leGFtcGxl
+              LmNvbSwgTz1FeGFtcGxlIENBLCBDPUlUMRMwEQYDVQQKDApFeGFtcGxlIENBMQsw
+              CQYDVQQGEwJJVDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMf3zvlY
+              zX1DYgv9QjRusMQjSRNdZi72/ydnxO/cAQ1GsgLZ8ewqIL1CnXtIs6i2F8poUOec
+              g957xk1db6sTqEWXRi5h9IfMUFcd5G7gIbJzjXCiLSVz6m9vZlvqR7BDka1VQhuH
+              rW2xEIE6+F2lWxJ+crimea/c5VlMKBCh+gQldFq3lTu6smGUz8xl8rhleBPgTgZz
+              TO4VuVO1dOb/S4lq9twfVYCTznF9vgaNaNh3la7yjzCf+zpSTGQD8TFO8ws1SZRq
+              O0bkabW8/5XsnwFHLT2LMSPkWMgMD8r+7xef93bvbEy7SA4Hw1Iow2xIIcTDYQ7F
+              77HQ3OjkogHmhrMCAwEAAaMxMC8wEgYDVR0TAQH/BAgwBgEB/wIBATAZBgNVHREE
+              EjAQgg5jYS5leGFtcGxlLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEApRUUxw5Dn0wd
+              lFPApjn7n/SZyx5I1XnOHOIk8aWD0KFFa1zsnONlmRDgC8EQ5XKw3nMUwvnCQUR8
+              6FmrqP5gINHdqfvWiitC0eQdDhMhIHvdfUMBicgZ0XDVjDZhD6W9A+IWwR3ySLCf
+              lZHA5JwjYhpAjMYFXwSVZklOre34zJL6CRwgIUKjc9uyGPmlnVRFTUcUqLB9Uq/U
+              dFc7XMPBAbMt1frOJRj6P1OFtubuC0INpEhzivg3+w8bXmpEN6e2hBvIjoNkgnWF
+              O6HVbDnJXTA34/I4snisJfZQ+Z9gln921+2Q27sMvyS7aBqtocDuWB0w3XZ3aCYk
+              DTEzMjUtQA==
+              -----END CERTIFICATE-----
         relying_party_certificate_chains_by_ca: # X.509 chains in PEM format. Please note: Leaf's certificate MUST be related to metadata_jwks[0]
             ca.example.com:
               - |

pyeudiw/openid4vp/presentation_submission/__init__.py

@@ -23,6 +23,7 @@ def __init__(
             self, 
             config: dict,
             trust_evaluator: CombinedTrustEvaluator,
+            sig_alg_supported: list[str] = [],
         ) -> None:
         """
         Initialize the PresentationSubmissionHandler handler with the submission data.
@@ -64,7 +65,7 @@ def __init__(
                 if not issubclass(cls, BaseVPParser):
                      raise TypeError(f"Class '{class_name}' must inherit from BaseVPParser.")
 
-                self.handlers[format_name] = cls(trust_evaluator=self.trust_evaluator, **module_config)
+                self.handlers[format_name] = cls(trust_evaluator=self.trust_evaluator, **module_config, sig_alg_supported=sig_alg_supported)
             except ModuleNotFoundError:
                 raise ImportError(f"Module '{module_name}' not found for format '{format_conf['name']}'.")
             except AttributeError:

pyeudiw/satosa/default/openid4vp_backend.py

@@ -116,7 +116,8 @@ def __init__(
         credential_presentation_handlers_configuration = self.config.get("credential_presentation_handlers", {})
         self.vp_token_parser = PresentationSubmissionHandler(
             credential_presentation_handlers_configuration,
-            self.trust_evaluator
+            self.trust_evaluator,
+            self.config.get("jwt", {}).get("sig_alg_supported", [])
         )
 
     def get_trust_backend_by_class_name(self, class_name: str) -> TrustHandlerInterface:

pyeudiw/tests/openid4vp/test_presentation_submission.py

@@ -45,7 +45,11 @@
 
 def test_handler_initialization():
 
-    ps = PresentationSubmissionHandler(trust_evaluator=trust_ev, config=mock_format_config)
+    ps = PresentationSubmissionHandler(
+        trust_evaluator=trust_ev, 
+        config=mock_format_config,
+        sig_alg_supported=["ES256", "ES384", "ES512"]
+    )
 
     assert len(ps.handlers) == 3, "Not all handlers were created."
 
@@ -54,7 +58,11 @@ def test_handler_initialization():
     assert isinstance(ps.handlers["fail_parser"], MockFailingParser), "Handler for 'fail_parser' format is incorrect."
 
 def test_handler_correct_parsing():
-    ps = PresentationSubmissionHandler(trust_evaluator=trust_ev, config=mock_format_config)
+    ps = PresentationSubmissionHandler(
+        trust_evaluator=trust_ev, 
+        config=mock_format_config,
+        sig_alg_supported=["ES256", "ES384", "ES512"]
+    )
 
     parsed_tokens = ps.parse(valid_submission, ["vp_token_1", "vp_token_2"])
 
@@ -63,7 +71,10 @@ def test_handler_correct_parsing():
     assert parsed_tokens[1] == {"parsed": "vp_token_2"}, "Token 2 was not parsed correctly."
 
 def test_handler_missing_handler():
-    ps = PresentationSubmissionHandler(trust_evaluator=trust_ev, config=mock_format_config)
+    ps = PresentationSubmissionHandler(
+        trust_evaluator=trust_ev, 
+        config=mock_format_config,
+        sig_alg_supported=["ES256", "ES384", "ES512"])
 
     invalid_submission = {
         "id": "submission_id",
@@ -81,7 +92,11 @@ def test_handler_missing_handler():
         assert str(e) == "Handler for format 'non_existent_format' not found.", "Incorrect exception message."
 
 def test_handler_invalid_path():
-    ps = PresentationSubmissionHandler(trust_evaluator=trust_ev, config=mock_format_config)
+    ps = PresentationSubmissionHandler(
+        trust_evaluator=trust_ev, 
+        config=mock_format_config,
+        sig_alg_supported=["ES256", "ES384", "ES512"]
+    )
 
     invalid_submission = {
         "id": "submission_id",
@@ -99,7 +114,11 @@ def test_handler_invalid_path():
         assert str(e) == "Invalid path format: invalid_path", "Incorrect exception message."
 
 def test_handler_mismatched_tokens():
-    ps = PresentationSubmissionHandler(trust_evaluator=trust_ev, config=mock_format_config)
+    ps = PresentationSubmissionHandler(
+        trust_evaluator=trust_ev, 
+        config=mock_format_config,
+        sig_alg_supported=["ES256", "ES384", "ES512"]
+    )
 
     invalid_submission = {
         "id": "submission_id",
@@ -116,7 +135,11 @@ def test_handler_mismatched_tokens():
         assert str(e) == "Number of VP tokens (1) does not match the number of descriptors (2).", "Incorrect exception message."
 
 def test_handler_invalid_submission():
-    ps = PresentationSubmissionHandler(trust_evaluator=trust_ev, config=mock_format_config)
+    ps = PresentationSubmissionHandler(
+        trust_evaluator=trust_ev, 
+        config=mock_format_config,
+        sig_alg_supported=["ES256", "ES384", "ES512"]
+    )
 
     invalid_submission = {
         "fail": "submission"
@@ -130,7 +153,11 @@ def test_handler_invalid_submission():
         assert False, f"Incorrect exception type: {type(e)}"
 
 def test_handler_parser_failure():
-    ps = PresentationSubmissionHandler(trust_evaluator=trust_ev, config=mock_format_config)
+    ps = PresentationSubmissionHandler(
+        trust_evaluator=trust_ev, 
+        config=mock_format_config,
+        sig_alg_supported=["ES256", "ES384", "ES512"]
+    )
 
     invalid_submission = {
         "id": "submission_id",

pyeudiw/tests/settings.py

@@ -154,6 +154,13 @@ def base64url_to_int(val):
             "A192GCM",
             "A256GCM",
         ],
+        "sig_alg_supported": [
+            "RS256",
+            "ES256",
+            "ES384",
+            "ES512",
+            "EdDSA",
+        ],
     },
     "authorization": {
         "url_scheme": "haip",  # haip://
@@ -406,16 +413,7 @@ def base64url_to_int(val):
                 "module": "pyeudiw.openid4vp.vp_sd_jwt_vc",
                 "class": "VpVcSdJwtParserVerifier",
                 "format": "dc+sd-jwt",
-                "config": {
-                    "sig_alg_supported": [
-                            "RS256",
-                            "RS384",
-                            "RS512",
-                            "ES256",
-                            "ES384",
-                            "ES512",
-                    ]
-                }
+                "config": {}
             },
             {
                 "module": "pyeudiw.openid4vp.vp_mdoc_cbor",

pyeudiw/tests/trust/mock_trust_handler.py

@@ -1,7 +1,6 @@
 from pyeudiw.trust.handler.interface import TrustHandlerInterface
 from pyeudiw.trust.model.trust_source import TrustSourceData
 from pyeudiw.trust.model.trust_source import TrustEvaluationType
-from datetime import datetime
 from pyeudiw.tools.utils import exp_from_now
 
 mock_jwk = {
@@ -55,19 +54,20 @@ def extract_and_update_trust_materials(
     ) -> TrustSourceData:
         trust_source = self.get_metadata(issuer, trust_source)
 
+
         if issuer == self.client_id:
             trust_param = TrustEvaluationType(
                 attribute_name="trust_param_name",
                 jwks=[mock_jwk, mock_jwk_private],
-                expiration_date=datetime.fromtimestamp(exp_from_now(self.exp)),
+                expiration_date=exp_from_now(self.exp),
                 trust_param_name={'trust_param_key': 'trust_param_value'},
                 trust_handler_name=str(self.__class__.__name__)
             )
         else:
             trust_param = TrustEvaluationType(
                 attribute_name="trust_param_name",
                 jwks=[mock_jwk, mock_jwk_private],
-                expiration_date=datetime.fromtimestamp(exp_from_now(self.exp)),
+                expiration_date=exp_from_now(self.exp),
                 trust_param_name={"trust_param_key": "trust_param_value"},
                 trust_handler_name=str(self.__class__.__name__)
             )
@@ -99,7 +99,7 @@ def extract_and_update_trust_materials(
         trust_param = TrustEvaluationType(
             attribute_name="trust_param_name",
             jwks=[mock_jwk],
-            expiration_date=datetime.fromtimestamp(exp_from_now(self.exp)),
+            expiration_date=exp_from_now(self.exp),
             trust_param_name={'updated_trust_param_key': 'updated_trust_param_value'},
             trust_handler_name=str(self.__class__.__name__)
         )

pyeudiw/tests/trust/test_dynamic.py

@@ -1,5 +1,6 @@
 from uuid import uuid4
 
+import time
 from pyeudiw.storage.db_engine import DBEngine
 from pyeudiw.tests.settings import CONFIG
 from pyeudiw.tests.trust import correct_config, not_conformant
@@ -131,6 +132,7 @@ def test_cache_first_strategy_expired():
     uuid_url = f"http://{uuid4()}.issuer.it"
 
     assert trust_ev.get_jwt_header_trust_parameters(uuid_url) == {'trust_param_name': {'trust_param_key': 'trust_param_value'}}
+    time.sleep(1)
     assert trust_ev.get_jwt_header_trust_parameters(uuid_url) == {'trust_param_name': {'updated_trust_param_key': 'updated_trust_param_value'}}
 
 def test_cache_first_strategy_expired_revoked():

pyeudiw/trust/model/trust_source.py

@@ -1,10 +1,10 @@
 from dataclasses import dataclass
-from datetime import datetime
 from typing import Optional
 
 from cryptojwt.jwk.jwk import key_from_jwk_dict
 
 from pyeudiw.jwk import JWK
+from pyeudiw.tools.utils import iat_now
 
 @dataclass
 class TrustEvaluationType:
@@ -15,7 +15,7 @@ class TrustEvaluationType:
     def __init__(
         self,
         attribute_name: str,
-        expiration_date: datetime,
+        expiration_date: int,
         jwks: list[dict | JWK ] = [],
         trust_handler_name: str = "",
         **kwargs
@@ -25,8 +25,8 @@ def __init__(
 
         :param attribute_name: The attribute name of the the field that holds the trust parameter data
         :type attribute_name: str
-        :param expiration_date: The expiration date of the trust parameter data
-        :type expiration_date: datetime
+        :param expiration_date: The expiration date in unix timestamp of the trust parameter data
+        :type expiration_date: int
         :param jwks: The jwks of the trust parameter data
         :type jwks: list[dict | JWK], optional
         :param trust_handler_name: The trust handler that handles the trust parameter data
@@ -69,7 +69,7 @@ def expired(self) -> bool:
         :returns: Whether the trust parameter data has expired
         :rtype: bool
         """
-        return datetime.now() > self.expiration_date
+        return iat_now() > self.expiration_date
 
     def get_jwks(self) -> list[dict]:
         return self.jwks