OP-Rotation-RP-Sig crashes

aeneasr commented 6 years ago

Currently trying to run the OP-Rotation-RP-Sig test, but it fails with an exception:

********************************************************************************
Something went seriously wrong, please tell us at certification@oidf.org
********************************************************************************

Traceback (most recent call last):
  File "/usr/local/lib/python3.5/dist-packages/oic-0.14.0-py3.5.egg/oic/oauth2/message.py", line 679, in from_jwt
    _jw.verify_compact(txt, key)
  File "/usr/local/lib/python3.5/dist-packages/pyjwkest-1.4.0-py3.5.egg/jwkest/jws.py", line 517, in verify_compact
    return self.verify_compact_verbose(jws, keys, allow_none, sigalg)['msg']
  File "/usr/local/lib/python3.5/dist-packages/pyjwkest-1.4.0-py3.5.egg/jwkest/jws.py", line 565, in verify_compact_verbose
    "No key with kid: %s" % (self["kid"]))
jwkest.jws.NoSuitableSigningKeys: No key with kid: public:69c4a208-31d4-4a84-b3a2-97dd12c08ab5

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/local/lib/python3.5/dist-packages/otest-0.7.5-py3.5.egg/otest/aus/tool.py", line 87, in run_flow
    resp = _oper()
  File "/usr/local/lib/python3.5/dist-packages/otest-0.7.5-py3.5.egg/otest/operation.py", line 105, in __call__
    res = self.run(*args, **kwargs)
  File "/usr/local/lib/python3.5/dist-packages/oidctest-0.7.3-py3.5.egg/oidctest/op/oper.py", line 205, in run
    res = self._run()
  File "/usr/local/lib/python3.5/dist-packages/oidctest-0.7.3-py3.5.egg/oidctest/op/oper.py", line 220, in _run
    request_args=self.req_args, **self.op_args)
  File "/usr/local/lib/python3.5/dist-packages/otest-0.7.5-py3.5.egg/otest/operation.py", line 171, in catch_exception_and_error
    res = func(**kwargs)
  File "/usr/local/lib/python3.5/dist-packages/oic-0.14.0-py3.5.egg/oic/oic/__init__.py", line 681, in do_access_token_request
    authn_method, **kwargs)
  File "/usr/local/lib/python3.5/dist-packages/oic-0.14.0-py3.5.egg/oic/oauth2/__init__.py", line 758, in do_access_token_request
    http_args=http_args, **kwargs)
  File "/usr/local/lib/python3.5/dist-packages/oic-0.14.0-py3.5.egg/oic/oauth2/__init__.py", line 681, in request_and_return
    **kwargs)
  File "/usr/local/lib/python3.5/dist-packages/oic-0.14.0-py3.5.egg/oic/oauth2/__init__.py", line 635, in parse_request_response
    state, **kwargs)
  File "/usr/local/lib/python3.5/dist-packages/oic-0.14.0-py3.5.egg/oic/oauth2/__init__.py", line 562, in parse_response
    verf = resp.verify(**kwargs)
  File "/usr/local/lib/python3.5/dist-packages/oic-0.14.0-py3.5.egg/oic/oic/message.py", line 302, in verify
    idt = IdToken().from_jwt(str(self["id_token"]), **args)
  File "/usr/local/lib/python3.5/dist-packages/oic-0.14.0-py3.5.egg/oic/oauth2/message.py", line 685, in from_jwt
    _jw.verify_compact(txt, key)
  File "/usr/local/lib/python3.5/dist-packages/pyjwkest-1.4.0-py3.5.egg/jwkest/jws.py", line 517, in verify_compact
    return self.verify_compact_verbose(jws, keys, allow_none, sigalg)['msg']
  File "/usr/local/lib/python3.5/dist-packages/pyjwkest-1.4.0-py3.5.egg/jwkest/jws.py", line 565, in verify_compact_verbose
    "No key with kid: %s" % (self["kid"]))
jwkest.jws.NoSuitableSigningKeys: No key with kid: public:69c4a208-31d4-4a84-b3a2-97dd12c08ab5

aeneasr commented 6 years ago

I think the exception is caused by the JWK not being available at /.well-known/jwks.json

zandbelt commented 6 years ago

If you can confirm that no key with key id public:69c4a208-31d4-4a84-b3a2-97dd12c08ab5 is published on the JWKs URL then I think we can closed this as invalid.

aeneasr commented 6 years ago

Yes can confirm, could show an error in the log instead but since the error message is guessable I think it's ok to leave it as is.

openid-certification / oidctest

OP-Rotation-RP-Sig crashes #110