pyeudiw.trust.handler package
Submodules
pyeudiw.trust.handler.commons module
- pyeudiw.trust.handler.commons.DEFAULT_OPENID4VCI_METADATA_ENDPOINT = '/.well-known/openid-credential-issuer'
Default endpoint where metadata issuer credential are exposed/ For further reference, see https://openid.net/specs/openid-4-verifiable-credential-issuance-1_0.html#name-well-known-uri-registry
pyeudiw.trust.handler.direct_trust_jar module
- pyeudiw.trust.handler.direct_trust_jar.DEFAULT_JARISSUER_METADATA_ENDPOINT = '/.well-known/jar-issuer'
Default endpoint adopted by potential interopebility document as of version 1.1. The endpopint should be positioned between the host component and the path component (if any) of the iss claim value in the JAR.
- class pyeudiw.trust.handler.direct_trust_jar.DirectTrustJar(httpc_params: dict = {'connection': {'ssl': True}, 'session': {'timeout': 6}}, jwk_endpoint: str = '/.well-known/jar-issuer', cache_ttl: int = 0, jwks: list[dict] | None = None, client_id: str = None)[source]
Bases:
_DirectTrustJwkHandlerDirectTrustJar is specialization of _DirectTrustJwkHandler used in the context of JAR (RFC9101).
- extract_and_update_trust_materials(issuer: str, trust_source: TrustSourceData) TrustSourceData[source]
Fetches the public key of the issuer by querying a given endpoint. Previous responses might or might not be cached based on the cache_ttl parameter.
- Returns:
a list of jwk(s)
- get_handled_trust_material_name() str[source]
Return the name of the trust material that is handled by the trust handler.
- get_metadata(issuer: str, trust_source: TrustSourceData) TrustSourceData[source]
Get the metadata of a certain issuer if is needed by the specifics.
- Parameters:
issuer (str) – The issuer
trust_source (TrustSourceData) – The trust source to update
- Returns:
The updated trust source
- Return type:
pyeudiw.trust.handler.direct_trust_sd_jwt_vc module
- pyeudiw.trust.handler.direct_trust_sd_jwt_vc.DEFAULT_SDJWTVC_METADATA_ENDPOINT = '/.well-known/jwt-vc-issuer'
Default endpoint where issuer keys used for sd-jwt vc are exposed. For further reference, see https://www.ietf.org/archive/id/draft-ietf-oauth-sd-jwt-vc-06.html#name-jwt-vc-issuer-metadata
- class pyeudiw.trust.handler.direct_trust_sd_jwt_vc.DirectTrustSdJwtVc(httpc_params: dict = {'connection': {'ssl': True}, 'session': {'timeout': 6}}, jwk_endpoint: str = '/.well-known/jwt-vc-issuer', metadata_endpoint: str = '/.well-known/openid-credential-issuer', cache_ttl: int = 0, jwks: list[dict] | None = None, client_id: str = None)[source]
Bases:
_DirectTrustJwkHandlerDirectTrustSdJwtVc is specialization of _DirectTrustJwkHandler used in the context of sd-jwt for verifiable credentials.
- get_metadata(issuer: str, trust_source: TrustSourceData) TrustSourceData[source]
Fetches the public metadata of an issuer by interrogating a given endpoint. The endpoint must yield information in a format that can be transalted to a meaning dictionary (such as json)
- Returns:
a dictionary of metadata information
pyeudiw.trust.handler.exceptions module
pyeudiw.trust.handler.federation module
pyeudiw.trust.handler.interface module
- class pyeudiw.trust.handler.interface.TrustHandlerInterface(*args, **kwargs)[source]
Bases:
object- build_metadata_endpoints(backend_name: str, entity_uri: str) List[Tuple[str, Callable[[Context, Any], Response]]][source]
Expose one or more metadata endpoints required to publish metadata information about this handler (for example public keys, configurations, policies, etc.). The endpoints are attached to a backend whose name is the first function argument.
The result of this method is a list of elements where each one is of type List[Tuple[str, Callable[[Context, Any], Response]]], compliant with satosa.backend.BackendModule.register_endpoints: 1. the first element of the tuple is a regexp used for routing to that endpoint; 2. the second element is an HTTP handler that can provide a Response given the Context.
The entity_uri is the full path component of the exposed satosa module and may be used as issuer value when signing tokens. Due to satosa routing restrictions, exposed endpoints must start with the satosa module name.
If the TrustHandler has no associated metadata endpoints, return an empty list.
- property default_client_id: str
Return the default client id of the trust handler.
- Returns:
The default client id of the trust handler
- Return type:
str
- extract_and_update_trust_materials(issuer: str, trust_source: TrustSourceData) TrustSourceData[source]
Extract the trust material of a certain issuer using a trust handler implementation.
- Parameters:
issuer (str) – The issuer
trust_source (TrustSourceData) – The trust source to update
- Returns:
The updated trust source
- Return type:
- extract_jwt_header_trust_parameters(trust_source: TrustSourceData) dict[source]
Parse a trust source to extract the trust parameters (in the source) that can be used as a JWT header according to what this very own trust evaluation mechanism is capable of understanding.
Some trust evaluation mechanism is not associated to any JWT header mechanism, in which case an empty dictionary is returned.
- get_client_id() str | None[source]
Return the client ID associated with this trust evaluator. This is typically used for OAuth2 or OpenID Connect flows.
- get_handled_trust_material_name() str[source]
Return the name of the trust material that this handler can handle.
- Returns:
The name of the trust material
- Return type:
str
- get_metadata(issuer: str, trust_source: TrustSourceData) TrustSourceData[source]
Get the metadata of a certain issuer if is needed by the specifics.
- Parameters:
issuer (str) – The issuer
trust_source (TrustSourceData) – The trust source to update
- Returns:
The updated trust source
- Return type:
- is_it_me(client_id: str) bool[source]
Returns true if, according to this trust framework implementation, the argument client_id refers to the implementation itself as a member of the trust framework.
- property name: str
Return the name of the trust handler.
- Returns:
The name of the trust handler
- Return type:
str
- validate_trust_material(chain: list[str], trust_source: TrustSourceData) tuple[bool, TrustSourceData][source]
Validate the trust chain using the trust handler.
- Parameters:
trust_chain (list[str]) – The trust chain to validate
trust_source (TrustSourceData) – The trust source
db_engine (DBEngine) – The database engine
- Returns:
True if the trust chain is valid, False otherwise
- Return type:
bool