search

italia / eudi-wallet-it-python

Python toolchain for building an OpenID4VP RP with a SATOSA backend compliant with the Italian Wallet implementation profile
Apache License 2.0
17 stars 14 forks source link

[trust] Inconsistent representation of JWK(s) #282

Closed Zicchio closed 1 month ago

Zicchio commented 1 month ago

Trust Evaluator can provide multiple public keys for an entity. In the trust evaluator realizations, the notion of multiple public keys is sometimes represented as list[dict] (as in, array of jwk), and sometimes is presented as dict (as in, jwks dictionary). Since public keys are eventually saved in the persistence layer, this might lead to situation where public keys of an entity are inconsistent or corrupted. See code examples: https://github.com/italia/eudi-wallet-it-python/blob/13bb76635697d959ab463cdc4921cf032193a808/pyeudiw/trust/interface.py#L11 and https://github.com/italia/eudi-wallet-it-python/blob/13bb76635697d959ab463cdc4921cf032193a808/pyeudiw/trust/dynamic.py#L64

The trust layer should stick with one representation of jwk(s) when yielding and storing jwks. Either:

  1. arrray of jwk [{…}, {…}, …, {…}]
  2. traditional jwks as with shape {"keys": [{…}, {…}, …, {…}] }
peppelinux commented 1 month ago

it must be always an array of jwk objects