def keys_by_alg_and_usage(self, issuer, alg, usage):
if usage in ["sig", "ver"]:
ktype = jws.alg2keytype(alg)
else:
ktype = jwe.alg2keytype(alg)
return self.get(usage, ktype, issuer)
def keys_by_alg_and_usage(self, issuer, alg, usage):
if usage in ["sig", "ver"]:
ktype = jws.alg2keytype(alg)
else:
ktype = jwe.alg2keytype(alg)
return self.get(usage, ktype, issuer)
def request_object_encryption(self, msg, **kwargs):
try:
encalg = self.behaviour["request_object_encryption_alg"]
except KeyError:
return msg
else:
encenc = self.behaviour["request_object_encryption_enc"]
_jwe = JWE(msg, alg=encalg, enc=encenc)
_kty = jwe.alg2keytype(encalg)
try:
_kid = kwargs["enc_kid"]
except KeyError:
try:
_kid = self.kid["enc"][_kty]
except KeyError:
_kid = ""
if _kid:
_jwe["keys"] = self.keyjar.get_encrypt_key(_kty, kid=_kid)
_jwe["kid"] = _kid
else:
_jwe["keys"] = self.keyjar.get_signing_key(_kty)
return _jwe.encrypt(self.keyjar)
def get_jwt_decrypt_keys(self, jwt, **kwargs):
"""
Get decryption keys from a keyjar.
These keys should be usable to decrypt an encrypted JWT.
:param jwt: A jwkest.jwt.JWT instance
:param kwargs: Other key word arguments
:return: list of usable keys
"""
keys = []
try:
_key_type = jwe.alg2keytype(jwt.headers['alg'])
except KeyError:
_key_type = ''
try:
_kid = jwt.headers['kid']
except KeyError:
_kid = ''
keys = self._add_key(keys, '', 'enc', _key_type, _kid, {'': None})
return keys
def request_object_encryption(self, msg, **kwargs):
try:
encalg = kwargs["request_object_encryption_alg"]
except KeyError:
try:
encalg = self.behaviour["request_object_encryption_alg"]
except KeyError:
return msg
try:
encenc = kwargs["request_object_encryption_enc"]
except KeyError:
try:
encenc = self.behaviour["request_object_encryption_enc"]
except KeyError:
raise MissingRequiredAttribute("No request_object_encryption_enc specified")
_jwe = JWE(msg, alg=encalg, enc=encenc)
_kty = jwe.alg2keytype(encalg)
try:
_kid = kwargs["enc_kid"]
except KeyError:
_kid = ""
if "target" not in kwargs:
raise MissingRequiredAttribute("No target specified")
if _kid:
_keys = self.keyjar.get_encrypt_key(_kty, owner=kwargs["target"], kid=_kid)
_jwe["kid"] = _kid
else:
_keys = self.keyjar.get_encrypt_key(_kty, owner=kwargs["target"])
return _jwe.encrypt(_keys)
