pyeudiw.federation package

Subpackages

• pyeudiw.federation.schemas package
  • Submodules
  • pyeudiw.federation.schemas.entity_configuration module
    • EntityConfigurationHeader
      • EntityConfigurationHeader.alg
      • EntityConfigurationHeader.kid
      • EntityConfigurationHeader.model_config
      • EntityConfigurationHeader.typ
    • EntityConfigurationMetadataSchema
      • EntityConfigurationMetadataSchema.federation_entity
      • EntityConfigurationMetadataSchema.model_config
      • EntityConfigurationMetadataSchema.openid_credential_verifier
    • EntityConfigurationPayload
      • EntityConfigurationPayload.authority_hints
      • EntityConfigurationPayload.exp
      • EntityConfigurationPayload.iat
      • EntityConfigurationPayload.iss
      • EntityConfigurationPayload.jwks
      • EntityConfigurationPayload.metadata
      • EntityConfigurationPayload.model_config
      • EntityConfigurationPayload.sub
    • EntityStatementPayload
      • EntityStatementPayload.exp
      • EntityStatementPayload.iat
      • EntityStatementPayload.iss
      • EntityStatementPayload.jwks
      • EntityStatementPayload.metadata
      • EntityStatementPayload.metadata_policy
      • EntityStatementPayload.model_config
      • EntityStatementPayload.source_endpoint
      • EntityStatementPayload.sub
      • EntityStatementPayload.trust_marks
  • pyeudiw.federation.schemas.federation_configuration module
    • FederationConfig
      • FederationConfig.authority_hints
      • FederationConfig.default_sig_alg
      • FederationConfig.federation_entity_metadata
      • FederationConfig.federation_jwks
      • FederationConfig.metadata_type
      • FederationConfig.model_config
      • FederationConfig.trust_anchors
    • FederationEntityMetadata
      • FederationEntityMetadata.homepage_uri
      • FederationEntityMetadata.logo_uri
      • FederationEntityMetadata.model_config
      • FederationEntityMetadata.organization_name
      • FederationEntityMetadata.policy_uri
      • FederationEntityMetadata.tos_uri
  • pyeudiw.federation.schemas.federation_entity module
    • FederationEntity
      • FederationEntity.contacts
      • FederationEntity.homepage_uri
      • FederationEntity.logo_uri
      • FederationEntity.model_config
      • FederationEntity.organization_name
      • FederationEntity.policy_uri
  • pyeudiw.federation.schemas.openid_credential_verifier module
    • AcrValuesSupported
      • AcrValuesSupported.spid_l1
      • AcrValuesSupported.spid_l2
      • AcrValuesSupported.spid_l3
    • AuthorizationSignedResponseAlg
      • AuthorizationSignedResponseAlg.es256
      • AuthorizationSignedResponseAlg.es384
      • AuthorizationSignedResponseAlg.es512
      • AuthorizationSignedResponseAlg.rs256
      • AuthorizationSignedResponseAlg.rs384
      • AuthorizationSignedResponseAlg.rs512
    • EncryptionAlgValuesSupported
      • EncryptionAlgValuesSupported.ecdh_es
      • EncryptionAlgValuesSupported.ecdh_es_a128kw
      • EncryptionAlgValuesSupported.ecdh_es_a192kw
      • EncryptionAlgValuesSupported.ecdh_es_a256kw
      • EncryptionAlgValuesSupported.ras_oaep_256
      • EncryptionAlgValuesSupported.rsa_oaep
    • EncryptionEncValuesSupported
      • EncryptionEncValuesSupported.a128cbc_hs256
      • EncryptionEncValuesSupported.a128gcm
      • EncryptionEncValuesSupported.a192cbc_hs384
      • EncryptionEncValuesSupported.a192gcm
      • EncryptionEncValuesSupported.a256cbc_hs512
      • EncryptionEncValuesSupported.a256gcm
    • OpenIDCredentialVerifier
      • OpenIDCredentialVerifier.application_type
      • OpenIDCredentialVerifier.authorization_encrypted_response_alg
      • OpenIDCredentialVerifier.authorization_encrypted_response_enc
      • OpenIDCredentialVerifier.authorization_signed_response_alg
      • OpenIDCredentialVerifier.client_id
      • OpenIDCredentialVerifier.client_name
      • OpenIDCredentialVerifier.contacts
      • OpenIDCredentialVerifier.default_acr_values
      • OpenIDCredentialVerifier.id_token_encrypted_response_alg
      • OpenIDCredentialVerifier.id_token_encrypted_response_enc
      • OpenIDCredentialVerifier.id_token_signed_response_alg
      • OpenIDCredentialVerifier.jwks
      • OpenIDCredentialVerifier.model_config
      • OpenIDCredentialVerifier.redirect_uris
      • OpenIDCredentialVerifier.request_uris
      • OpenIDCredentialVerifier.vp_formats
    • SigningAlgValuesSupported
      • SigningAlgValuesSupported.es256
      • SigningAlgValuesSupported.es384
      • SigningAlgValuesSupported.es512
      • SigningAlgValuesSupported.rs256
      • SigningAlgValuesSupported.rs384
      • SigningAlgValuesSupported.rs512
  • Module contents
• pyeudiw.federation.trust_chain package
  • Submodules
  • pyeudiw.federation.trust_chain.builder module
  • pyeudiw.federation.trust_chain.validator module
  • Module contents

Submodules

pyeudiw.federation.exceptions module

exception pyeudiw.federation.exceptions.InvalidChainError

Bases: Exception

exception pyeudiw.federation.exceptions.InvalidEntityConfiguration

Bases: Exception

exception pyeudiw.federation.exceptions.InvalidEntityHeader

Bases: Exception

exception pyeudiw.federation.exceptions.InvalidEntityStatement

Bases: Exception

exception pyeudiw.federation.exceptions.InvalidEntityStatementPayload

Bases: Exception

exception pyeudiw.federation.exceptions.InvalidRequiredTrustMark

Bases: Exception

exception pyeudiw.federation.exceptions.InvalidTrustchain

Bases: Exception

exception pyeudiw.federation.exceptions.KeyValidationError

Bases: Exception

exception pyeudiw.federation.exceptions.MetadataDiscoveryException

Bases: Exception

exception pyeudiw.federation.exceptions.MissingAuthorityHintsClaim

Bases: Exception

exception pyeudiw.federation.exceptions.MissingJwksClaim

Bases: Exception

exception pyeudiw.federation.exceptions.MissingTrustAnchorPublicKey

Bases: Exception

exception pyeudiw.federation.exceptions.MissingTrustMark

Bases: Exception

exception pyeudiw.federation.exceptions.NotDescendant

Bases: Exception

exception pyeudiw.federation.exceptions.PolicyError

Bases: Exception

exception pyeudiw.federation.exceptions.ProtocolMetadataNotFound

Bases: Exception

exception pyeudiw.federation.exceptions.TimeValidationError

Bases: Exception

exception pyeudiw.federation.exceptions.TrustAnchorNeeded

Bases: Exception

exception pyeudiw.federation.exceptions.TrustChainHttpError

Bases: HttpError

exception pyeudiw.federation.exceptions.TrustchainMissingMetadata

Bases: Exception

exception pyeudiw.federation.exceptions.UnknownKid

Bases: Exception

pyeudiw.federation.policy module

class pyeudiw.federation.policy.TrustChainPolicy

Bases: object

apply_policy(metadata: dict, policy: dict) → dict

Apply a metadata policy on metadata.

Parameters:

• metadata – Metadata statements

• policy – A dictionary with metadata and metadata_policy as keys

Returns:

A metadata statement that adheres to a metadata policy

gather_policies(chain, entity_type)

Gather and combine all the metadata policies that are defined in the trust chain :param chain: A list of Entity Statements :return: The combined metadata policy

pyeudiw.federation.policy.combine(superior: dict, sub: dict) → dict

Parameters:

• rule – Dictionary with two keys metadata_policy and metadata

• sub – Dictionary with two keys metadata_policy and metadata

Returns:

pyeudiw.federation.policy.combine_add(s1, s2)

pyeudiw.federation.policy.combine_claim_policy(superior, child)

Combine policy rules. Applying the child policy can only make the combined policy more restrictive.

Parameters:

• superior – Superior policy

• child – Intermediates policy

pyeudiw.federation.policy.combine_one_of(s1, s2)

pyeudiw.federation.policy.combine_subset_of(s1, s2)

pyeudiw.federation.policy.combine_superset_of(s1, s2)

pyeudiw.federation.policy.do_default(superior, child, policy)

pyeudiw.federation.policy.do_essential(superior, child, policy)

pyeudiw.federation.policy.do_sub_one_super_add(superior, child, policy)

pyeudiw.federation.policy.do_value(superior, child, policy)

pyeudiw.federation.policy.gather_policies(chain, entity_type)

Gather and combine all the metadata policies that are defined in the trust chain :param chain: A list of Entity Statements :return: The combined metadata policy

pyeudiw.federation.policy.union(val1, val2)

pyeudiw.federation.statements module

class pyeudiw.federation.statements.EntityStatement(jwt: str, httpc_params: dict, filter_by_allowed_trust_marks: list[str] = [], trust_anchor_entity_conf: EntityStatement | None = None, trust_mark_issuers_entity_confs: list[EntityStatement] = [])

Bases: object

The self issued/signed statement of a federation entity

get_superiors(authority_hints: list[str] = [], max_authority_hints: int = 0, superiors_hints: list[dict] = []) → dict

get superiors entity configurations

Parameters:

• authority_hints (list[str]) – the authority hint list

• max_authority_hints (int) – the number of max authority hint

• superiors_hints (list[dict]) – the list of superior hints

Returns:

a dict with the superior’s entity configurations

Return type:

dict

update_trust_anchor_conf(trust_anchor_entity_conf: EntityStatement) → None

Updates the internal Trust Anchor conf.

Parameters:

trust_anchor_entity_conf (EntityStatement) – the trust anchor entity conf

validate_by_allowed_trust_marks() → bool

validate the entity configuration ony if marked by a well known trust mark, issued by a trusted issuer

validate_by_itself() → bool

validates the entity configuration by it self

validate_by_superior_statement(jwt: str, ec: EntityStatement) → str

validates self with the jwks contained in statement of the superior :param jwt: the statement issued by a superior in form of JWT :type jwt: str :param ec: is a superior entity configuration :type ec: EntityStatement

Returns:

the entity configuration subject if is valid

Return type:

str

validate_by_superiors(superiors_entity_configurations: dict = {}) → dict

validates the entity configuration with the entity statements issued by its superiors this methods create self.verified_superiors and failed ones and self.verified_by_superiors and failed ones

Parameters:

superiors_entity_configurations (dict) – an object containing the entity configurations of superiors

Returns:

an object containing the superior validations

Return type:

dict

validate_descendant_statement(jwt: str) → bool

jwt is a descendant entity statement issued by self

Parameters:

jwt (str) – the JWT to validate by

Returns:

True if is valid or False otherwise

Return type:

bool

class pyeudiw.federation.statements.TrustMark(jwt: str, httpc_params: dict)

Bases: object

The class representing a Trust Mark

validate_by(ec: dict) → bool

Validates Trust Marks by an Entity Configuration

Parameters:

ec (dict) – the entity configuration to validate by

Returns:

True if is valid otherwise False

Return type:

bool

validate_by_its_issuer() → bool

Validates Trust Marks by it’s issuer

Returns:

True if is valid otherwise False

Return type:

bool

pyeudiw.federation.statements.get_entity_configurations(subjects: list[str] | str, httpc_params: dict, http_async: bool = False) → list[bytes]

Fetches an entity configuration from the specified subjects.

Parameters:

• subjects (list[str] | str) – The url or a list of url where perform the GET HTTP calls

• httpc_params (dict) – parameters to perform http requests.

• http_async (bool) – if is set to True the operation will be performed in async (deafault True)

Returns:

A list of entity statements.

Return type:

list[Response]

pyeudiw.federation.statements.get_entity_statements(urls: list[str] | str, httpc_params: dict, http_async: bool = True) → list[bytes]

Fetches an entity statement from the specified urls.

Parameters:

• urls (list[str] | str) – The url or a list of url where perform the GET HTTP calls

• httpc_params (dict) – parameters to perform http requests.

• http_async (bool) – if is set to True the operation will be performed in async (deafault True)

Returns:

A list of entity statements.

Return type:

list[Response]

pyeudiw.federation.statements.get_federation_jwks(jwt_payload: dict) → list[dict]

Returns the list of JWKS inside a JWT payload.

Parameters:

jwt_payload (dict) – the jwt payload from where extract the JWKs.

Returns:

A list of entity jwk’s keys.

Return type:

list[dict]

pyeudiw.federation.trust_chain_builder module

class pyeudiw.federation.trust_chain_builder.TrustChainBuilder(subject: str, trust_anchor: str, httpc_params: dict, trust_anchor_configuration: EntityStatement | str | None = None, max_authority_hints: int = 10, subject_configuration: EntityStatement | None = None, required_trust_marks: list[dict] = [], **kwargs)

Bases: object

A trust walker that fetches statements and evaluate the evaluables

apply_metadata_policy() → dict

filters the trust path from subject to trust anchor apply the metadata policies along the path.

Returns:

the final metadata with policy applied

Return type:

dict

discovery() → bool

discovers the chain of verified statements from the lower up to the trust anchor and updates the internal representation of chain.

Returns:

the validity status of the updated chain

Return type:

bool

property exp_datetime: datetime

The exp filed converted in datetime format

get_subject_configuration() → None

Download and updates the internal field subject_configuration with the entity statement of leaf.

Return type:

None

get_trust_anchor_configuration() → None

Download and updates the internal field trust_anchor_configuration with the entity statement of trust anchor.

get_trust_chain() → list[str]

Retrieves the leaf and the Trust Anchor entity configurations.

Returns:

the list containing the ECs

Return type:

list[str]

serialize() → str

Serializes the chain in JSON format.

Returns:

the serialized chain in JSON format

Return type:

str

start()

Retrieves the subject (leaf) configuration and starts chain discovery.

Returns:

the list containing the ECs

Return type:

list[str]

pyeudiw.federation.trust_chain_validator module

class pyeudiw.federation.trust_chain_validator.StaticTrustChainValidator(static_trust_chain: list[str], trust_anchor_jwks: list[dict[str, Any]], httpc_params: dict, **kwargs)

Bases: object

Helper class for Static Trust Chain validation

property entity_id: str

Get the chain’s entity_id.

property final_metadata: dict

Apply the metadata and returns the final metadata.

property is_expired: int

Get the status of chain expiration.

property is_valid: bool

Get the validity of chain.

set_exp(exp: int) → None

Updates the self.exp field if the exp parameter is more recent than the previous one.

Parameters:

exp (int) – an integer that represent the timestemp to check

property trust_chain: list[str]

Get the list of the jwt that compones the trust chain.

update() → bool

Updates the statement retrieving and the exp filed and determines the validity of it.

Returns:

True if the updated chain is valid, False otherwise.

Return type:

bool

validate() → bool

Validates the static chain checking the validity in all jwt inside the field trust_chain.

Returns:

True if static chain is valid and False otherwise

Return type:

bool

pyeudiw.federation.utils module

pyeudiw.federation.utils.is_es(payload: dict) → None

Determines if payload dict is a Subordinate Entity Statement

Parameters:

payload (dict) – the object to determine if is a Subordinate Entity Statement

Module contents