italia · peppelinux · Jul 28, 2023 · Jul 26, 2023 · Jul 26, 2023 · Jul 27, 2023
diff --git a/pyeudiw/tests/oauth2/test_dpop.py b/pyeudiw/tests/oauth2/test_dpop.py
@@ -65,18 +65,40 @@ def wia_jws(jwshelper):
 
 def test_create_validate_dpop_http_headers(wia_jws, private_jwk=PRIVATE_JWK):
     # create
-    unpad_jwt_header(wia_jws)
+    header = unpad_jwt_header(wia_jws)
+    assert header
+    assert header["trust_chain"] == []
+    assert header["x5c"] == []
+    assert header["alg"]
+    assert header["kid"]
+
     payload = unpad_jwt_payload(wia_jws)
-    # TODO assertions for upadded headers and payload
-
+    assert payload
+    assert payload["iss"] == WALLET_INSTANCE_ATTESTATION["iss"]
+    assert payload["sub"] == WALLET_INSTANCE_ATTESTATION["sub"]
+    assert payload["type"] == WALLET_INSTANCE_ATTESTATION["type"]
+    assert payload["policy_uri"] == WALLET_INSTANCE_ATTESTATION["policy_uri"]
+    assert payload["tos_uri"] == WALLET_INSTANCE_ATTESTATION["tos_uri"]
+    assert payload["logo_uri"] == WALLET_INSTANCE_ATTESTATION["logo_uri"]
+    assert payload["asc"] == WALLET_INSTANCE_ATTESTATION["asc"]
+    assert payload["cnf"]
+    assert payload["cnf"]["jwk"]
+    assert payload["cnf"]["jwk"]["kty"]
+    assert payload["cnf"]["jwk"]["crv"]
+    assert payload["cnf"]["jwk"]["kid"]
+    assert payload["cnf"]["jwk"]["x"]
+    assert payload["cnf"]["jwk"]["y"]
+    assert payload["authorization_endpoint"] == WALLET_INSTANCE_ATTESTATION["authorization_endpoint"]
+    assert payload["response_types_supported"] == WALLET_INSTANCE_ATTESTATION["response_types_supported"]
+    assert payload["vp_formats_supported"] == WALLET_INSTANCE_ATTESTATION["vp_formats_supported"]
+
     new_dpop = DPoPIssuer(
         htu='https://example.org/redirect',
         token=wia_jws,
         private_jwk=private_jwk
     )
     proof = new_dpop.proof
-
-    # TODO assertions
+    assert proof
 
     # verify
     dpop = DPoPVerifier(
@@ -86,4 +108,35 @@ def test_create_validate_dpop_http_headers(wia_jws, private_jwk=PRIVATE_JWK):
     )
 
     assert dpop.is_valid
-    # TODO assertions
+
+
+    # Notes:
+    # `is_valid` should return False in case the underlying checks fail for some reason.
+    # In the following cases, the function is tested against invalid inputs
+
+    # Error case: wrong JWK
+
+    # TODO fix code causing:
+    # FAILED Exception: kid error
+
+    # jwk = JWK(key_type="RSA").public_key
+    # dpop = DPoPVerifier(
+    #     public_jwk=jwk,
+    #     http_header_authz=f"DPoP {wia_jws}",
+    #     http_header_dpop=proof
+    # )
+    # assert dpop.is_valid == False
+
+
+    # Error case: invalid proof
+
+    # TODO fix code causing:
+    # FAILED UnicodeDecodeError: 'utf-8' codec can't decode byte (invalid start byte)
+
+    # dpop = DPoPVerifier(
+    #     public_jwk=payload['cnf']['jwk'],
+    #     http_header_authz=f"DPoP {wia_jws}",
+    #     http_header_dpop="aaa" + proof[3:]
+    # )
+    # assert dpop.is_valid == False
+
diff --git a/pyeudiw/tests/tools/test_jwt.py b/pyeudiw/tests/tools/test_jwt.py
@@ -78,7 +78,6 @@ def test_jws_helper_sign(jwk, payload):
     helper = JWSHelper(jwk)
     jws = helper.sign(payload)
     assert jws
-    print(jws)
 
 
 @pytest.mark.parametrize("jwk, payload", JWKs_RSA)