Skip to content

Add option ignore_invalid_keys to KeyBundle #69

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Oct 7, 2020
Merged

Add option ignore_invalid_keys to KeyBundle #69

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
53a3565
Add option accept_invalid_keys to KeyBundle
jschlyter Sep 23, 2020
013d278
rename accept_invalid_keys to ignore_invalid_keys
jschlyter Oct 2, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 11 additions & 0 deletions src/cryptojwt/key_bundle.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -162,6 +162,7 @@ def __init__(
keytype="RSA",
keyusage=None,
kid="",
ignore_invalid_keys=True,
httpc=None,
httpc_params=None,
):
Expand All @@ -181,6 +182,7 @@ def __init__(
presently 'rsa' and 'ec' are supported.
:param keyusage: What the key loaded from file should be used for.
Only applicable for DER files
:param ignore_invalid_keys: Ignore invalid keys
:param httpc: A HTTP client function
:param httpc_params: Additional parameters to pass to the HTTP client
function
Expand All @@ -202,6 +204,7 @@ def __init__(
self.last_updated = 0
self.last_remote = None # HTTP Date of last remote update
self.last_local = None # UNIX timestamp of last local update
self.ignore_invalid_keys = ignore_invalid_keys

if httpc:
self.httpc = httpc
Expand Down Expand Up @@ -274,6 +277,8 @@ def do_keys(self, keys):
elif inst["kty"].upper() in K2C:
inst["kty"] = inst["kty"].upper()
else:
if not self.ignore_invalid_keys:
raise UnknownKeyType(inst)
LOGGER.warning("While loading keys, unknown key type: %s", inst["kty"])
continue

Expand All @@ -290,12 +295,18 @@ def do_keys(self, keys):
try:
_key = K2C[_typ](use=_use, **inst)
except KeyError:
if not self.ignore_invalid_keys:
raise UnknownKeyType(inst)
_error = "UnknownKeyType: {}".format(_typ)
continue
except (UnsupportedECurve, UnsupportedAlgorithm) as err:
if not self.ignore_invalid_keys:
raise err
_error = str(err)
break
except JWKException as err:
if not self.ignore_invalid_keys:
raise err
LOGGER.warning("While loading keys: %s", err)
_error = str(err)
else:
Expand Down
12 changes: 12 additions & 0 deletions tests/test_03_key_bundle.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@
import responses
from cryptography.hazmat.primitives.asymmetric import rsa

from cryptojwt.exception import UnknownKeyType
from cryptojwt.jwk.ec import ECKey
from cryptojwt.jwk.ec import new_ec_key
from cryptojwt.jwk.hmac import SYMKey
Expand Down Expand Up @@ -1067,3 +1068,14 @@ def test_ignore_errors_period():
kb.source = source_good
res = kb.do_remote()
assert res == True


def test_ignore_invalid_keys():
rsa_key_dict = new_rsa_key().serialize()
rsa_key_dict["kty"] = "b0rken"

kb = KeyBundle(keys={"keys": [rsa_key_dict]}, ignore_invalid_keys=True)
assert len(kb) == 0

with pytest.raises(UnknownKeyType):
KeyBundle(keys={"keys": [rsa_key_dict]}, ignore_invalid_keys=False)