def make_request_object(request_args, jwk):
keys = KEYS()
jws = JWS(request_args)
if jwk:
keys.load_jwks(json.dumps(dict(keys=[jwk])))
return jws.sign_compact(keys)
def test_load_jwk():
keylist0 = KEYS()
keylist0.wrap_add(pem_cert2rsa(CERT))
jwk = keylist0.dump_jwks()
keylist1 = KEYS()
keylist1.load_jwks(jwk)
print(keylist1)
assert len(keylist1) == 1
key = keylist1["rsa"][0]
assert key.kty == 'RSA'
assert isinstance(key.key, RsaKey)
def test_load_jwk():
keylist0 = KEYS()
keylist0.wrap_add(pem_cert2rsa(CERT))
jwk = keylist0.dump_jwks()
keylist1 = KEYS()
keylist1.load_jwks(jwk)
print(keylist1)
assert len(keylist1) == 1
key = keylist1["rsa"][0]
assert key.kty == 'RSA'
assert isinstance(key.key, _RSAobj)
def _get_signing_jwk_key_set(jwt_issuer):
"""
Returns a JWK Keyset containing all active keys that are configured
for verifying signatures.
"""
key_set = KEYS()
# asymmetric keys
signing_jwk_set = settings.JWT_AUTH.get('JWT_PUBLIC_SIGNING_JWK_SET')
if signing_jwk_set:
key_set.load_jwks(signing_jwk_set)
# symmetric key
key_set.add({'key': jwt_issuer['SECRET_KEY'], 'kty': 'oct'})
return key_set
def _get_signing_jwk_key_set(jwt_issuer):
"""
Returns a JWK Keyset containing all active keys that are configured
for verifying signatures.
"""
key_set = KEYS()
# asymmetric keys
signing_jwk_set = settings.JWT_AUTH.get('JWT_PUBLIC_SIGNING_JWK_SET')
if signing_jwk_set:
key_set.load_jwks(signing_jwk_set)
# symmetric key
key_set.add({'key': jwt_issuer['SECRET_KEY'], 'kty': 'oct'})
return key_set
def _decode_jwt(verify_expiration):
"""
Helper method to decode a JWT with the ability to
verify the expiration of said token
"""
keys = KEYS()
if should_be_asymmetric_key:
keys.load_jwks(settings.JWT_AUTH['JWT_PUBLIC_SIGNING_JWK_SET'])
else:
keys.add({'key': secret_key, 'kty': 'oct'})
_ = JWS().verify_compact(access_token.encode('utf-8'), keys)
return jwt.decode(
access_token,
secret_key,
algorithms=[settings.JWT_AUTH['JWT_ALGORITHM']],
audience=audience,
issuer=issuer,
verify_expiration=verify_expiration,
options={'verify_signature': False},
)
def _decode_jwt(verify_expiration):
"""
Helper method to decode a JWT with the ability to
verify the expiration of said token
"""
keys = KEYS()
if should_be_asymmetric_key:
keys.load_jwks(settings.JWT_AUTH['JWT_PUBLIC_SIGNING_JWK_SET'])
else:
keys.add({'key': secret_key, 'kty': 'oct'})
_ = JWS().verify_compact(access_token.encode('utf-8'), keys)
return jwt.decode(
access_token,
secret_key,
algorithms=[settings.JWT_AUTH['JWT_ALGORITHM']],
audience=audience,
issuer=issuer,
verify_expiration=verify_expiration,
options={'verify_signature': False},
)
def load_keys(self):
# load the jwk set.
jwks = KEYS()
jwks.load_jwks(self.get_jwks_data())
return jwks
_kid = args.kid
keys = []
if args.rsa_file:
keys.append(
RSAKey(key=import_rsa_key_from_file(args.rsa_file), kid=_kid))
if args.hmac_key:
keys.append(SYMKey(key=args.hmac_key))
if args.jwk:
kspec = json.loads(open(args.jwk).read())
keys.append(keyrep(kspec))
if args.jwks:
_k = KEYS()
_k.load_jwks(open(args.jwks).read())
keys.extend(_k._keys)
if args.jwks_url:
_k = KEYS()
_k.load_from_url(args.jwks_url, False)
keys.extend(_k._keys)
if not keys:
exit(-1)
if args.msg_file:
message = open(args.msg_file).read().strip("\n")
elif args.message == "-":
message = sys.stdin.read()
else:
_kid = args.kid
keys = []
if args.rsa_file:
keys.append(RSAKey(key=import_rsa_key_from_file(args.rsa_file),
kid=_kid))
if args.hmac_key:
keys.append(SYMKey(key=args.hmac_key))
if args.jwk:
kspec = json.loads(open(args.jwk).read())
keys.append(keyrep(kspec))
if args.jwks:
_k = KEYS()
_k.load_jwks(open(args.jwks).read())
keys.extend(_k._keys)
if not keys:
exit(-1)
if args.msg_file:
message = open(args.msg_file).read().strip("\n")
elif args.message == "-":
message = sys.stdin.read()
else:
message = args.message
if args.sign:
_msg = sign(message, keys, args.alg)
if args.encrypt:
def jwks(self) -> KEYS: # type: ignore
keys = KEYS()
keys.load_jwks(self.jwks_data())
return keys
def jwks(self):
keys = KEYS()
keys.load_jwks(self.jwks_data())
return keys
def load_keys(self):
# load the jwk set.
jwks = KEYS()
jwks.load_jwks(self.get_jwks_data())
self.lastSuccessfulJWKSFetch = datetime.now().timestamp()
return jwks