def __call__(self): keyjar = self.conv.entity.keyjar self.conv.entity.original_keyjar = keyjar.copy() # invalidate the old key old_key_spec = self.op_args["old_key"] old_key = keyjar.keys_by_alg_and_usage('', old_key_spec['alg'], old_key_spec['use'])[0] old_key.inactive_since = time.time() # setup new key key_spec = self.op_args["new_key"] typ = key_spec["type"].upper() if typ == "RSA": kb = KeyBundle(keytype=typ, keyusage=key_spec["use"]) kb.append(RSAKey(use=key_spec["use"][0]).load_key( RSA.generate(key_spec["bits"]))) elif typ == "EC": kb = ec_init(key_spec) else: raise Unknown('keytype: {}'.format(typ)) # add new key to keyjar with list(kb.keys())[0].kid = self.op_args["new_kid"] keyjar.add_kb("", kb) # make jwks and update file keys = [] for kb in keyjar[""]: keys.extend( [k.to_dict() for k in list(kb.keys()) if not k.inactive_since]) jwks = dict(keys=keys) with open(self.op_args["jwks_path"], "w") as f: f.write(json.dumps(jwks))
def __call__(self): keyjar = self.conv.entity.keyjar self.conv.entity.original_keyjar = keyjar.copy() # invalidate the old key old_kid = self.op_args["old_kid"] old_key = keyjar.get_key_by_kid(old_kid) old_key.inactive_since = time.time() # setup new key key_spec = self.op_args["new_key"] typ = key_spec["type"].upper() if typ == "RSA": kb = KeyBundle(keytype=typ, keyusage=key_spec["use"]) kb.append(RSAKey(use=key_spec["use"]).load_key( RSA.generate(key_spec["bits"]))) elif typ == "EC": kb = ec_init(key_spec) else: raise Exception('Wrong key type') # add new key to keyjar with list(kb.keys())[0].kid = self.op_args["new_kid"] keyjar.add_kb("", kb) # make jwks and update file keys = [] for kb in keyjar[""]: keys.extend( [k.to_dict() for k in list(kb.keys()) if not k.inactive_since]) jwks = dict(keys=keys) with open(self.op_args["jwks_path"], "w") as f: f.write(json.dumps(jwks))
def rotate_jwks(self): # type: () -> None """Replace the current JWKS with a fresh one.""" self.jwks = KeyJar() kb = KeyBundle(keyusage=["enc", "sig"]) kb.append(RSAKey(key=RSA.generate(1024), kid=self._create_kid())) self.jwks.add_kb("", kb)
def _create_symmetric_key(issuer, key): provider_keys = KeyJar() key = SYMKey(use='sig', k=key) kb = KeyBundle(keytype='oct') kb.append(key) provider_keys[issuer] = [kb] return provider_keys
def keybundle_from_local_file(filename, typ, usage, kid): if typ.upper() == "RSA": kb = KeyBundle() k = RSAKey(kid=kid) k.load(filename) k.use = usage[0] kb.append(k) for use in usage[1:]: _k = RSAKey(kid=kid + "1") _k.use = use _k.load_key(k.key) kb.append(_k) elif typ.lower() == "jwk": kb = KeyBundle(source=filename, fileformat="jwk", keyusage=usage) else: raise UnknownKeyType("Unsupported key type") return kb