refactor: add argument description to get_card method, improve readability of clean_empty by declaring types, add a multiple signatures test to test_signing.py

Author: sokoliva

src/a2a/client/base_client.py

@@ -271,8 +271,7 @@ async def get_card(
         Args:
             context: The client call context.
             extensions: List of extensions to be activated.
-            key_provider: A callable that takes key-id (kid) and JSON web key url (jku)
-            and returns the verification key for signature verification.
+            signature_verifier: A callable used to verify the agent card's signatures.
 
         Returns:
             The `AgentCard` for the agent.

src/a2a/utils/signing.py

@@ -20,22 +20,22 @@
 
 
 def clean_empty(d: Any) -> Any:
-    """Recursively remove empty lists, dicts, strings, and None values from a dictionary."""
+    """Recursively remove empty strings, lists, dicts, and None values from a dictionary."""
     if isinstance(d, dict):
-        cleaned = {k: clean_empty(v) for k, v in d.items()}
+        cleaned_dict: dict[Any, Any] = {k: clean_empty(v) for k, v in d.items()}
         return {
             k: v
-            for k, v in cleaned.items()
+            for k, v in cleaned_dict.items()
             if v is not None and (isinstance(v, (bool, int, float)) or v)
         }
     if isinstance(d, list):
-        cleaned = [clean_empty(v) for v in d]
+        cleaned_list: list[Any] = [clean_empty(v) for v in d]
         return [
             v
-            for v in cleaned
+            for v in cleaned_list
             if v is not None and (isinstance(v, (bool, int, float)) or v)
         ]
-    return d if d not in [None, '', [], {}] else None
+    return d if d not in ['', [], {}, None] else None
 
 
 def canonicalize_agent_card(agent_card: AgentCard) -> str:
@@ -151,11 +151,13 @@ def signature_verifier(
                     key=verification_key,
                     algorithms=None,
                 )
-                return  # Found a valid signature
-
+                # Found a valid signature, exit the loop and function
+                break
             except JOSEError as e:
                 last_error = e
                 continue
-        raise JOSEError('No valid signature found') from last_error
+        else:
+            # This block runs only if the loop completes without a break
+            raise JOSEError('No valid signature found') from last_error
 
     return signature_verifier

tests/utils/test_signing.py

@@ -7,6 +7,7 @@
     AgentCard,
     AgentCapabilities,
     AgentSkill,
+    AgentCardSignature,
 )
 from a2a.utils.signing import (
     canonicalize_agent_card,
@@ -16,6 +17,7 @@
 from typing import Any
 from jose.backends.base import Key
 from jose.exceptions import JOSEError
+from jose.utils import base64url_encode
 
 import pytest
 from cryptography.hazmat.primitives import asymmetric
@@ -86,6 +88,46 @@ def test_signer_and_verifier_symmetric(sample_agent_card: AgentCard):
         verifier_wrong_key(signed_card)
 
 
+def test_signer_and_verifier_symmetric_multiple_signatures(
+    sample_agent_card: AgentCard,
+):
+    """Test the agent card signing and verification process with symmetric key encryption.
+    This test adds a signatures to the AgentCard before signing."""
+    encoded_header = base64url_encode(
+        b'{"alg": "HS256", "kid": "old_key"}'
+    ).decode('utf-8')
+    sample_agent_card.signatures = [
+        AgentCardSignature(protected=encoded_header, signature='old_signature')
+    ]
+    key = 'key12345'  # Using a simple symmetric key for HS256
+    wrong_key = 'wrongkey'
+
+    agent_card_signer = create_agent_card_signer(
+        signing_key=key, alg='HS384', kid='key1'
+    )
+    signed_card = agent_card_signer(sample_agent_card)
+
+    assert signed_card.signatures is not None
+    assert len(signed_card.signatures) == 2
+    signature = signed_card.signatures[1]
+    assert signature.protected is not None
+    assert signature.signature is not None
+
+    # Verify the signature
+    verifier = create_signature_verifier(create_key_provider(key))
+    try:
+        verifier(signed_card)
+    except JOSEError:
+        pytest.fail('Signature verification failed with correct key')
+
+    # Verify with wrong key
+    verifier_wrong_key = create_signature_verifier(
+        create_key_provider(wrong_key)
+    )
+    with pytest.raises(JOSEError):
+        verifier_wrong_key(signed_card)
+
+
 def test_signer_and_verifier_asymmetric(sample_agent_card: AgentCard):
     """Test the agent card signing and verification process with an asymmetric key encryption."""
     # Generate a dummy EC private key for ES256