diff --git a/README.md b/README.md index b346b035..2dd71517 100644 --- a/README.md +++ b/README.md @@ -5,5 +5,6 @@ An implementation of the JSON cryptographic specs JWS, JWE, JWK, and JWA [RFC 7515-7518] and JSON Web Token (JWT) [RFC 7519] -oidcmsg is the 1st layer in the -JWTConnect stack (cryptojwt, oidcmsg, oidcservice, oidcrp) +oidcmsg is the 1st layer in the JWTConnect stack (cryptojwt, oidcmsg, oidcservice, oidcrp). + +Please read the [Official Documentation](https://cryptojwt.readthedocs.io/en/latest/) for getting usage examples and further informations. diff --git a/src/cryptojwt/__init__.py b/src/cryptojwt/__init__.py index 44444781..afe11db1 100644 --- a/src/cryptojwt/__init__.py +++ b/src/cryptojwt/__init__.py @@ -21,7 +21,7 @@ except ImportError: pass -__version__ = "1.3.0" +__version__ = "1.4.0" logger = logging.getLogger(__name__) diff --git a/src/cryptojwt/key_bundle.py b/src/cryptojwt/key_bundle.py index 4a30faf6..c01211c9 100755 --- a/src/cryptojwt/key_bundle.py +++ b/src/cryptojwt/key_bundle.py @@ -162,6 +162,7 @@ def __init__( keytype="RSA", keyusage=None, kid="", + ignore_invalid_keys=True, httpc=None, httpc_params=None, ): @@ -181,6 +182,7 @@ def __init__( presently 'rsa' and 'ec' are supported. :param keyusage: What the key loaded from file should be used for. Only applicable for DER files + :param ignore_invalid_keys: Ignore invalid keys :param httpc: A HTTP client function :param httpc_params: Additional parameters to pass to the HTTP client function @@ -202,6 +204,7 @@ def __init__( self.last_updated = 0 self.last_remote = None # HTTP Date of last remote update self.last_local = None # UNIX timestamp of last local update + self.ignore_invalid_keys = ignore_invalid_keys if httpc: self.httpc = httpc @@ -274,6 +277,8 @@ def do_keys(self, keys): elif inst["kty"].upper() in K2C: inst["kty"] = inst["kty"].upper() else: + if not self.ignore_invalid_keys: + raise UnknownKeyType(inst) LOGGER.warning("While loading keys, unknown key type: %s", inst["kty"]) continue @@ -290,12 +295,18 @@ def do_keys(self, keys): try: _key = K2C[_typ](use=_use, **inst) except KeyError: + if not self.ignore_invalid_keys: + raise UnknownKeyType(inst) _error = "UnknownKeyType: {}".format(_typ) continue except (UnsupportedECurve, UnsupportedAlgorithm) as err: + if not self.ignore_invalid_keys: + raise err _error = str(err) break except JWKException as err: + if not self.ignore_invalid_keys: + raise err LOGGER.warning("While loading keys: %s", err) _error = str(err) else: diff --git a/src/cryptojwt/utils.py b/src/cryptojwt/utils.py index b0619f74..cf151269 100644 --- a/src/cryptojwt/utils.py +++ b/src/cryptojwt/utils.py @@ -209,12 +209,12 @@ def modsplit(name): if ":" in name: _part = name.split(":") if len(_part) != 2: - raise ValueError("Syntax error: {s}") + raise ValueError(f"Syntax error: {s}") return _part[0], _part[1] _part = name.split(".") if len(_part) < 2: - raise ValueError("Syntax error: {s}") + raise ValueError(f"Syntax error: {s}") return ".".join(_part[:-1]), _part[-1] diff --git a/tests/test_03_key_bundle.py b/tests/test_03_key_bundle.py index 7d120269..bfd4f958 100755 --- a/tests/test_03_key_bundle.py +++ b/tests/test_03_key_bundle.py @@ -10,6 +10,7 @@ import responses from cryptography.hazmat.primitives.asymmetric import rsa +from cryptojwt.exception import UnknownKeyType from cryptojwt.jwk.ec import ECKey from cryptojwt.jwk.ec import new_ec_key from cryptojwt.jwk.hmac import SYMKey @@ -1067,3 +1068,14 @@ def test_ignore_errors_period(): kb.source = source_good res = kb.do_remote() assert res == True + + +def test_ignore_invalid_keys(): + rsa_key_dict = new_rsa_key().serialize() + rsa_key_dict["kty"] = "b0rken" + + kb = KeyBundle(keys={"keys": [rsa_key_dict]}, ignore_invalid_keys=True) + assert len(kb) == 0 + + with pytest.raises(UnknownKeyType): + KeyBundle(keys={"keys": [rsa_key_dict]}, ignore_invalid_keys=False)