def test_serialize_rsa_pub_key():
rsakey = RSAKey(
pub_key=import_public_rsa_key_from_file(full_path("rsa.pub")))
assert rsakey.d == ""
d_rsakey = rsakey.serialize(private=True)
restored_key = RSAKey(**d_rsakey)
assert restored_key == rsakey
def test_kspec():
_ckey = import_rsa_key_from_cert_file(CERT)
_key = RSAKey()
_key.load_key(_ckey)
jwk = _key.serialize()
assert jwk["kty"] == "RSA"
assert jwk["e"] == JWK_0["keys"][0]["e"]
assert jwk["n"] == JWK_0["keys"][0]["n"]
assert not _key.has_private_key()
def test_serialize_rsa_priv_key():
rsakey = RSAKey(
priv_key=import_private_rsa_key_from_file(full_path("rsa.key")))
assert rsakey.d
d_rsakey = rsakey.serialize(private=True)
restored_key = RSAKey(**d_rsakey)
assert restored_key == rsakey
assert rsakey.has_private_key()
assert restored_key.has_private_key()
def pem_to_jwk_dict(pem_data: str):
"""Read PEM certificate and return JWK dictionary"""
public_key = import_public_key_from_pem_data(pem_data)
if isinstance(public_key, rsa.RSAPublicKey):
jwk = RSAKey().load_key(public_key)
elif isinstance(public_key, ec.EllipticCurvePublicKey):
jwk = ECKey().load_key(public_key)
else:
raise ValueError("Unknown key type")
jwk_dict = jwk.serialize()
cert = x509.load_pem_x509_certificate(pem_data.encode(), default_backend())
fp = cert.fingerprint(hashes.SHA256())
jwk_dict["kid"] = b64e(fp[:8]).decode()
jwk_dict["x5t#S256"] = b64e(fp).decode()
jwk_dict["x5a"] = {
"subject": cert.subject.rfc4514_string(),
"issuer": cert.issuer.rfc4514_string(),
"serial": cert.serial_number,
}
return jwk_dict