pyeudiw.trust package

Subpackages

• pyeudiw.trust.default package
  • Submodules
  • pyeudiw.trust.default.direct_trust_sd_jwt_vc module
    • DirectTrust
    • DirectTrustSdJwtVc
      • DirectTrustSdJwtVc.build_issuer_jwk_endpoint()
      • DirectTrustSdJwtVc.build_issuer_metadata_endpoint()
      • DirectTrustSdJwtVc.get_metadata()
      • DirectTrustSdJwtVc.get_public_keys()
  • Module contents
• pyeudiw.trust.handler package
  • Submodules
  • pyeudiw.trust.handler.commons module
    • DEFAULT_OPENID4VCI_METADATA_ENDPOINT
  • pyeudiw.trust.handler.direct_trust_jar module
    • DEFAULT_JARISSUER_METADATA_ENDPOINT
    • DirectTrustJar
      • DirectTrustJar.extract_and_update_trust_materials()
      • DirectTrustJar.get_handled_trust_material_name()
      • DirectTrustJar.get_metadata()
  • pyeudiw.trust.handler.direct_trust_sd_jwt_vc module
    • DEFAULT_SDJWTVC_METADATA_ENDPOINT
    • DirectTrustSdJwtVc
      • DirectTrustSdJwtVc.get_metadata()
    • build_metadata_issuer_endpoint()
  • pyeudiw.trust.handler.exceptions module
    • InvalidTrustHandlerConfiguration
  • pyeudiw.trust.handler.federation module
  • pyeudiw.trust.handler.interface module
    • TrustHandlerInterface
      • TrustHandlerInterface.build_metadata_endpoints()
      • TrustHandlerInterface.default_client_id
      • TrustHandlerInterface.extract_and_update_trust_materials()
      • TrustHandlerInterface.extract_jwt_header_trust_parameters()
      • TrustHandlerInterface.get_client_id()
      • TrustHandlerInterface.get_handled_trust_material_name()
      • TrustHandlerInterface.get_metadata()
      • TrustHandlerInterface.is_it_me()
      • TrustHandlerInterface.name
      • TrustHandlerInterface.validate_trust_material()
  • pyeudiw.trust.handler.x509 module
  • Module contents
• pyeudiw.trust.model package
  • Submodules
  • pyeudiw.trust.model.trust_source module
    • TrustEvaluationType
      • TrustEvaluationType.expired
      • TrustEvaluationType.get_jwks()
      • TrustEvaluationType.serialize()
    • TrustSourceData
      • TrustSourceData.add_trust_param()
      • TrustSourceData.empty()
      • TrustSourceData.from_dict()
      • TrustSourceData.get_trust_evaluation_type_by_handler_name()
      • TrustSourceData.get_trust_param()
      • TrustSourceData.has_trust_param()
      • TrustSourceData.is_revoked()
      • TrustSourceData.serialize()
  • Module contents
    • TrustModuleConfiguration_T

Submodules

pyeudiw.trust.anchors_loader module

pyeudiw.trust.dynamic module

class pyeudiw.trust.dynamic.CombinedTrustEvaluator(handlers: list[TrustHandlerInterface], db_engine: DBEngine, mode: Literal['update_first', 'cache_first'] = 'update_first')

Bases: BaseLogger

A trust evaluator that combines multiple trust models.

build_metadata_endpoints(backend_name: str, entity_uri: str) → list[tuple[str, Callable[[Context, Any], Response]]]

static from_config(config: dict, db_engine: DBEngine, default_client_id: str, mode: Literal['update_first', 'cache_first'] = 'update_first') → CombinedTrustEvaluator

Create a CombinedTrustEvaluator from a configuration.

Parameters:

• config (dict) – The configuration

• db_engine (DBEngine) – The database engine

Returns:

The CombinedTrustEvaluator

Return type:

CombinedTrustEvaluator

get_jwt_header_trust_parameters(issuer: str | None = None, force_update: bool = False) → dict[str, Any]

Get the trust parameters of a certain issuer according to some trust model.

Parameters:

issuer (str) – The issuer

Returns:

The trust parameters

Return type:

list[dict]

get_metadata(issuer: str | None = None, force_update: bool = False) → dict

Yields a dictionary of metadata about an issuer, according to some trust model.

Parameters:

• issuer (str) – The issuer

• force_update (bool) – If the metadata should be updated even if it is already present in the cache

Returns:

The metadata

Return type:

dict

get_policies(issuer: str | None = None, force_update: bool = False) → dict[str, any]

Get the policies of a certain issuer according to some trust model.

Parameters:

issuer (str) – The issuer

Returns:

The policies

Return type:

dict[str, any]

get_public_keys(issuer: str | None = None, static_trust_materials: dict = {}, force_update: bool = False) → list[dict]

Yields a list of public keys for an issuer, according to some trust model. If trust materials are provided, they are used to derive the public keys. If not, the public keys are derived from a trust model that does not require trust materials to attest the trust.

Parameters:

• issuer (str) – The issuer

• static_trust_materials (dict) – The static trust materials

• force_update (bool) – If the public keys should be updated even if they are already present in the cache

Returns:

The public keys

Return type:

list[dict]

has_client_id(client_id: str) → bool

Check if the trust source has a client id.

Parameters:

issuer (str) – The issuer

Returns:

If the trust source has a client id

Return type:

bool

is_revoked(issuer: str | None = None, force_update: bool = False) → bool

Yield if the trust toward the issuer was revoked according to some trust model; This asusmed that the isser exists, is valid, but is not trusted.

Parameters:

issuer (str) – The issuer

Returns:

If the trust toward the issuer was revoked

Return type:

bool

revoke(issuer: str | None = None) → None

Revoke the trust toward the issuer according to some trust model.

Parameters:

issuer (str) – The issuer

pyeudiw.trust.exceptions module

exception pyeudiw.trust.exceptions.InvalidAnchor

Bases: Exception

exception pyeudiw.trust.exceptions.InvalidJwkMetadataException

Bases: Exception

exception pyeudiw.trust.exceptions.InvalidTrustType

Bases: Exception

exception pyeudiw.trust.exceptions.MissingProtocolSpecificJwks

Bases: Exception

exception pyeudiw.trust.exceptions.MissingTrustType

Bases: Exception

exception pyeudiw.trust.exceptions.NoCriptographicMaterial

Bases: Exception

exception pyeudiw.trust.exceptions.NoMetadata

Bases: Exception

exception pyeudiw.trust.exceptions.NoTrustChainProvided

Bases: Exception

exception pyeudiw.trust.exceptions.TrustConfigurationError

Bases: Exception

exception pyeudiw.trust.exceptions.UnknownTrustAnchor

Bases: Exception

pyeudiw.trust.interface module

class pyeudiw.trust.interface.TrustEvaluator

Bases: object

TrustEvaluator is an interface that defined the expected behaviour of a class that, as the very core, can: (1) obtain the cryptographic material of an issuer, which might or might not be trusted according to some trust model (2) obtain the meta information about an issuer that is defined according to some trust model

build_metadata_endpoints(base_path: str) → list[tuple[str, Callable[[Context, Any], Response]]]

Return metadata endpoints for this trust evaluator (e.g. keys, config, policies).

Each item must be a tuple (regex: str, handler: Callable[[Context, Any], Response]) compatible with satosa.backend.BackendModule.register_endpoints.

base_path is the module base path and can be used when building the routes. Return an empty list if there are no endpoints to expose.

get_jwt_header_trust_parameters() → dict

get_metadata(issuer: str) → dict

yields a dictionary of metadata about an issuer, according to some trust model.

get_policies(issuer: str) → dict

get_public_keys(issuer: str) → list[dict]

yields the public cryptographic material of the issuer

Returns:

a list of jwk(s); note that those key are _not_ necessarely identified by a kid claim

initialize_istance(issuer: str) → None

Initialize the cryptographic material of the issuer, according to some trust model.

is_revoked(issuer: str) → bool

yield if the trust toward the issuer was revoked according to some trust model; this asusmed that the isser exists, is valid, but is not trusted.

Module contents