def __call__(self):
keyjar = self.conv.entity.keyjar
self.conv.entity.original_keyjar = keyjar.copy()
# invalidate the old key
old_key_spec = self.op_args["old_key"]
old_key = keyjar.keys_by_alg_and_usage('', old_key_spec['alg'],
old_key_spec['use'])[0]
old_key.inactive_since = time.time()
# setup new key
key_spec = self.op_args["new_key"]
typ = key_spec["type"].upper()
if typ == "RSA":
kb = KeyBundle(keytype=typ, keyusage=key_spec["use"])
kb.append(RSAKey(use=key_spec["use"][0]).load_key(
RSA.generate(key_spec["bits"])))
elif typ == "EC":
kb = ec_init(key_spec)
else:
raise Unknown('keytype: {}'.format(typ))
# add new key to keyjar with
list(kb.keys())[0].kid = self.op_args["new_kid"]
keyjar.add_kb("", kb)
# make jwks and update file
keys = []
for kb in keyjar[""]:
keys.extend(
[k.to_dict() for k in list(kb.keys()) if not k.inactive_since])
jwks = dict(keys=keys)
with open(self.op_args["jwks_path"], "w") as f:
f.write(json.dumps(jwks))
def __call__(self):
keyjar = self.conv.entity.keyjar
self.conv.entity.original_keyjar = keyjar.copy()
# invalidate the old key
old_kid = self.op_args["old_kid"]
old_key = keyjar.get_key_by_kid(old_kid)
old_key.inactive_since = time.time()
# setup new key
key_spec = self.op_args["new_key"]
typ = key_spec["type"].upper()
if typ == "RSA":
kb = KeyBundle(keytype=typ, keyusage=key_spec["use"])
kb.append(RSAKey(use=key_spec["use"]).load_key(
RSA.generate(key_spec["bits"])))
elif typ == "EC":
kb = ec_init(key_spec)
else:
raise Exception('Wrong key type')
# add new key to keyjar with
list(kb.keys())[0].kid = self.op_args["new_kid"]
keyjar.add_kb("", kb)
# make jwks and update file
keys = []
for kb in keyjar[""]:
keys.extend(
[k.to_dict() for k in list(kb.keys()) if not k.inactive_since])
jwks = dict(keys=keys)
with open(self.op_args["jwks_path"], "w") as f:
f.write(json.dumps(jwks))
def rotate_jwks(self):
# type: () -> None
"""Replace the current JWKS with a fresh one."""
self.jwks = KeyJar()
kb = KeyBundle(keyusage=["enc", "sig"])
kb.append(RSAKey(key=RSA.generate(1024), kid=self._create_kid()))
self.jwks.add_kb("", kb)
def _create_symmetric_key(issuer, key):
provider_keys = KeyJar()
key = SYMKey(use='sig', k=key)
kb = KeyBundle(keytype='oct')
kb.append(key)
provider_keys[issuer] = [kb]
return provider_keys
def keybundle_from_local_file(filename, typ, usage, kid):
if typ.upper() == "RSA":
kb = KeyBundle()
k = RSAKey(kid=kid)
k.load(filename)
k.use = usage[0]
kb.append(k)
for use in usage[1:]:
_k = RSAKey(kid=kid + "1")
_k.use = use
_k.load_key(k.key)
kb.append(_k)
elif typ.lower() == "jwk":
kb = KeyBundle(source=filename, fileformat="jwk", keyusage=usage)
else:
raise UnknownKeyType("Unsupported key type")
return kb
def keybundle_from_local_file(filename, typ, usage, kid):
if typ.upper() == "RSA":
kb = KeyBundle()
k = RSAKey(kid=kid)
k.load(filename)
k.use = usage[0]
kb.append(k)
for use in usage[1:]:
_k = RSAKey(kid=kid + "1")
_k.use = use
_k.load_key(k.key)
kb.append(_k)
elif typ.lower() == "jwk":
kb = KeyBundle(source=filename, fileformat="jwk", keyusage=usage)
else:
raise UnknownKeyType("Unsupported key type")
return kb
