def _new_rsa_key(spec):
if 'name' not in spec:
if '/' in spec['key']:
(head, tail) = os.path.split(spec['key'])
spec['path'] = head
spec['name'] = tail
else:
spec['name'] = spec['key']
return rsa_init(spec)
def test_rsa_init():
kb = rsa_init({
'use': ['enc', 'sig'],
'size': 1024,
'name': 'rsa',
'path': 'keys'
})
assert kb
assert len(kb) == 2
assert len(kb.get('rsa')) == 2
def test_remove_rsa():
kb = rsa_init({
'use': ['enc', 'sig'],
'size': 1024,
'name': 'rsa',
'path': 'keys'
})
assert len(kb) == 2
keys = kb.get('rsa')
assert len(keys) == 2
kb.remove(keys[0])
assert len(kb) == 1
def test_get_all():
kb = rsa_init({
'use': ['enc', 'sig'],
'size': 1024,
'name': 'rsa',
'path': 'keys'
})
_sym = SYMKey(**{"kty": "oct", "key": "secret", "use": "enc"})
kb.append(_sym)
assert len(kb.get()) == 3
_k = kb.keys()
assert len(_k) == 3
def test_key_mix():
kb = rsa_init({
'use': ['enc', 'sig'],
'size': 1024,
'name': 'rsa',
'path': 'keys'
})
_sym = SYMKey(**{"kty": "oct", "key": "secret", "use": "enc"})
kb.append(_sym)
assert len(kb) == 3
assert len(kb.get('rsa')) == 2
assert len(kb.get('oct')) == 1
kb.remove(_sym)
assert len(kb) == 2
assert len(kb.get('rsa')) == 2
assert len(kb.get('oct')) == 0
def test_dump_jwks():
kb1 = rsa_init({
'use': ['enc', 'sig'],
'size': 1024,
'name': 'rsa',
'path': 'keys'
})
a = {"kty": "oct", "key": "supersecret", "use": "sig"}
b = {"kty": "oct", "key": "secret", "use": "enc"}
kb2 = KeyBundle([a, b])
dump_jwks([kb1, kb2], 'jwks_combo')
# Now read it
nkb = KeyBundle(source='file://jwks_combo', fileformat='jwks')
assert len(nkb) == 2
# both RSA keys
assert len(nkb.get('rsa')) == 2
def test_rsa_init_under_spec():
kb = rsa_init({'use': ['enc', 'sig'], 'size': 1024})
assert kb
assert len(kb) == 2
assert len(kb.get('rsa')) == 2
def build_keyjar(key_conf, kid_template="", keyjar=None, kidd=None):
"""
Initiates a new :py:class:`oicmsg.oauth2.Message` instance and
populates it with keys according to the key configuration.
Configuration of the type ::
keys = [
{"type": "RSA", "key": "cp_keys/key.pem", "use": ["enc", "sig"]},
{"type": "EC", "crv": "P-256", "use": ["sig"]},
{"type": "EC", "crv": "P-256", "use": ["enc"]}
]
:param key_conf: The key configuration
:param kid_template: A template by which to build the kids
:return: A tuple consisting of a JWKS dictionary, a KeyJar instance
and a representation of which kids that can be used for what.
Note the JWKS contains private key information !!
"""
if keyjar is None:
keyjar = KeyJar()
if kidd is None:
kidd = {"sig": {}, "enc": {}}
kid = 0
jwks = {"keys": []}
for spec in key_conf:
typ = spec["type"].upper()
if typ == "RSA":
if "key" in spec:
error_to_catch = (OSError, IOError,
DeSerializationNotPossible)
try:
kb = KeyBundle(source="file://%s" % spec["key"],
fileformat="der",
keytype=typ, keyusage=spec["use"])
except error_to_catch:
kb = _new_rsa_key(spec)
except Exception:
raise
else:
kb = rsa_init(spec)
elif typ == "EC":
kb = ec_init(spec)
for k in kb.keys():
if kid_template:
k.kid = kid_template % kid
kid += 1
else:
k.add_kid()
kidd[k.use][k.kty] = k.kid
jwks["keys"].extend(
[k.serialize() for k in kb.keys() if k.kty != 'oct'])
keyjar.add_kb("", kb)
return jwks, keyjar, kidd