From 35180d5d16a5bac608f7353cfebc5e1024ef105f Mon Sep 17 00:00:00 2001
From: Giuseppe De Marco <giuseppe.demarco@unical.it>
Date: Mon, 14 Sep 2020 12:40:20 +0200
Subject: [PATCH 1/5] Official Documentation in README

---
 README.md | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index b346b035..2dd71517 100644
--- a/README.md
+++ b/README.md
@@ -5,5 +5,6 @@
 
 An implementation of the JSON cryptographic specs JWS, JWE, JWK, and JWA [RFC 7515-7518] and JSON Web Token (JWT) [RFC 7519]
 
-oidcmsg is the 1st layer in the
-JWTConnect stack (cryptojwt, oidcmsg, oidcservice, oidcrp)
+oidcmsg is the 1st layer in the JWTConnect stack (cryptojwt, oidcmsg, oidcservice, oidcrp).
+
+Please read the [Official Documentation](https://cryptojwt.readthedocs.io/en/latest/) for getting usage examples and further informations.

From 53a3565e538ef348f84c2534fe3cb36ee9e1ce9f Mon Sep 17 00:00:00 2001
From: Jakob Schlyter <jakob@kirei.se>
Date: Wed, 23 Sep 2020 08:57:49 +0200
Subject: [PATCH 2/5] Add option accept_invalid_keys to KeyBundle

- If set to True (default), silently ignore invalid keys.
- If set to False, raise exception when processing keys.
---
 src/cryptojwt/key_bundle.py | 11 +++++++++++
 tests/test_03_key_bundle.py | 12 ++++++++++++
 2 files changed, 23 insertions(+)

diff --git a/src/cryptojwt/key_bundle.py b/src/cryptojwt/key_bundle.py
index 4a30faf6..5e3dadf4 100755
--- a/src/cryptojwt/key_bundle.py
+++ b/src/cryptojwt/key_bundle.py
@@ -162,6 +162,7 @@ def __init__(
         keytype="RSA",
         keyusage=None,
         kid="",
+        accept_invalid_keys=True,
         httpc=None,
         httpc_params=None,
     ):
@@ -181,6 +182,7 @@ def __init__(
             presently 'rsa' and 'ec' are supported.
         :param keyusage: What the key loaded from file should be used for.
             Only applicable for DER files
+        :param accept_invalid_keys: Accept invalid keys
         :param httpc: A HTTP client function
         :param httpc_params: Additional parameters to pass to the HTTP client
             function
@@ -202,6 +204,7 @@ def __init__(
         self.last_updated = 0
         self.last_remote = None  # HTTP Date of last remote update
         self.last_local = None  # UNIX timestamp of last local update
+        self.accept_invalid_keys = accept_invalid_keys
 
         if httpc:
             self.httpc = httpc
@@ -274,6 +277,8 @@ def do_keys(self, keys):
             elif inst["kty"].upper() in K2C:
                 inst["kty"] = inst["kty"].upper()
             else:
+                if not self.accept_invalid_keys:
+                    raise UnknownKeyType(inst)
                 LOGGER.warning("While loading keys, unknown key type: %s", inst["kty"])
                 continue
 
@@ -290,12 +295,18 @@ def do_keys(self, keys):
                 try:
                     _key = K2C[_typ](use=_use, **inst)
                 except KeyError:
+                    if not self.accept_invalid_keys:
+                        raise UnknownKeyType(inst)
                     _error = "UnknownKeyType: {}".format(_typ)
                     continue
                 except (UnsupportedECurve, UnsupportedAlgorithm) as err:
+                    if not self.accept_invalid_keys:
+                        raise err
                     _error = str(err)
                     break
                 except JWKException as err:
+                    if not self.accept_invalid_keys:
+                        raise err
                     LOGGER.warning("While loading keys: %s", err)
                     _error = str(err)
                 else:
diff --git a/tests/test_03_key_bundle.py b/tests/test_03_key_bundle.py
index 7d120269..683b863f 100755
--- a/tests/test_03_key_bundle.py
+++ b/tests/test_03_key_bundle.py
@@ -10,6 +10,7 @@
 import responses
 from cryptography.hazmat.primitives.asymmetric import rsa
 
+from cryptojwt.exception import UnknownKeyType
 from cryptojwt.jwk.ec import ECKey
 from cryptojwt.jwk.ec import new_ec_key
 from cryptojwt.jwk.hmac import SYMKey
@@ -1067,3 +1068,14 @@ def test_ignore_errors_period():
         kb.source = source_good
         res = kb.do_remote()
         assert res == True
+
+
+def test_accept_invalid_keys():
+    rsa_key_dict = new_rsa_key().serialize()
+    rsa_key_dict["kty"] = "b0rken"
+
+    kb = KeyBundle(keys={"keys": [rsa_key_dict]}, accept_invalid_keys=True)
+    assert len(kb) == 0
+
+    with pytest.raises(UnknownKeyType):
+        KeyBundle(keys={"keys": [rsa_key_dict]}, accept_invalid_keys=False)

From cab73f23d7e8ad9fc863a8614dbd72a61bf3ecd5 Mon Sep 17 00:00:00 2001
From: Jakob Schlyter <jakob@kirei.se>
Date: Tue, 29 Sep 2020 08:22:19 +0200
Subject: [PATCH 3/5] add missing f-string

---
 src/cryptojwt/utils.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/cryptojwt/utils.py b/src/cryptojwt/utils.py
index b0619f74..cf151269 100644
--- a/src/cryptojwt/utils.py
+++ b/src/cryptojwt/utils.py
@@ -209,12 +209,12 @@ def modsplit(name):
     if ":" in name:
         _part = name.split(":")
         if len(_part) != 2:
-            raise ValueError("Syntax error: {s}")
+            raise ValueError(f"Syntax error: {s}")
         return _part[0], _part[1]
 
     _part = name.split(".")
     if len(_part) < 2:
-        raise ValueError("Syntax error: {s}")
+        raise ValueError(f"Syntax error: {s}")
 
     return ".".join(_part[:-1]), _part[-1]
 

From 013d27826b6b57f5e9517e695f396d13cf496401 Mon Sep 17 00:00:00 2001
From: Jakob Schlyter <jakob@kirei.se>
Date: Fri, 2 Oct 2020 10:57:27 +0200
Subject: [PATCH 4/5] rename accept_invalid_keys to ignore_invalid_keys

---
 src/cryptojwt/key_bundle.py | 14 +++++++-------
 tests/test_03_key_bundle.py |  6 +++---
 2 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/src/cryptojwt/key_bundle.py b/src/cryptojwt/key_bundle.py
index 5e3dadf4..c01211c9 100755
--- a/src/cryptojwt/key_bundle.py
+++ b/src/cryptojwt/key_bundle.py
@@ -162,7 +162,7 @@ def __init__(
         keytype="RSA",
         keyusage=None,
         kid="",
-        accept_invalid_keys=True,
+        ignore_invalid_keys=True,
         httpc=None,
         httpc_params=None,
     ):
@@ -182,7 +182,7 @@ def __init__(
             presently 'rsa' and 'ec' are supported.
         :param keyusage: What the key loaded from file should be used for.
             Only applicable for DER files
-        :param accept_invalid_keys: Accept invalid keys
+        :param ignore_invalid_keys: Ignore invalid keys
         :param httpc: A HTTP client function
         :param httpc_params: Additional parameters to pass to the HTTP client
             function
@@ -204,7 +204,7 @@ def __init__(
         self.last_updated = 0
         self.last_remote = None  # HTTP Date of last remote update
         self.last_local = None  # UNIX timestamp of last local update
-        self.accept_invalid_keys = accept_invalid_keys
+        self.ignore_invalid_keys = ignore_invalid_keys
 
         if httpc:
             self.httpc = httpc
@@ -277,7 +277,7 @@ def do_keys(self, keys):
             elif inst["kty"].upper() in K2C:
                 inst["kty"] = inst["kty"].upper()
             else:
-                if not self.accept_invalid_keys:
+                if not self.ignore_invalid_keys:
                     raise UnknownKeyType(inst)
                 LOGGER.warning("While loading keys, unknown key type: %s", inst["kty"])
                 continue
@@ -295,17 +295,17 @@ def do_keys(self, keys):
                 try:
                     _key = K2C[_typ](use=_use, **inst)
                 except KeyError:
-                    if not self.accept_invalid_keys:
+                    if not self.ignore_invalid_keys:
                         raise UnknownKeyType(inst)
                     _error = "UnknownKeyType: {}".format(_typ)
                     continue
                 except (UnsupportedECurve, UnsupportedAlgorithm) as err:
-                    if not self.accept_invalid_keys:
+                    if not self.ignore_invalid_keys:
                         raise err
                     _error = str(err)
                     break
                 except JWKException as err:
-                    if not self.accept_invalid_keys:
+                    if not self.ignore_invalid_keys:
                         raise err
                     LOGGER.warning("While loading keys: %s", err)
                     _error = str(err)
diff --git a/tests/test_03_key_bundle.py b/tests/test_03_key_bundle.py
index 683b863f..bfd4f958 100755
--- a/tests/test_03_key_bundle.py
+++ b/tests/test_03_key_bundle.py
@@ -1070,12 +1070,12 @@ def test_ignore_errors_period():
         assert res == True
 
 
-def test_accept_invalid_keys():
+def test_ignore_invalid_keys():
     rsa_key_dict = new_rsa_key().serialize()
     rsa_key_dict["kty"] = "b0rken"
 
-    kb = KeyBundle(keys={"keys": [rsa_key_dict]}, accept_invalid_keys=True)
+    kb = KeyBundle(keys={"keys": [rsa_key_dict]}, ignore_invalid_keys=True)
     assert len(kb) == 0
 
     with pytest.raises(UnknownKeyType):
-        KeyBundle(keys={"keys": [rsa_key_dict]}, accept_invalid_keys=False)
+        KeyBundle(keys={"keys": [rsa_key_dict]}, ignore_invalid_keys=False)

From 030b1c6e5e884456494d9c073442f661724ccd28 Mon Sep 17 00:00:00 2001
From: Jakob Schlyter <jakob@kirei.se>
Date: Wed, 7 Oct 2020 15:58:47 +0200
Subject: [PATCH 5/5] bump version number

---
 src/cryptojwt/__init__.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/cryptojwt/__init__.py b/src/cryptojwt/__init__.py
index 44444781..afe11db1 100644
--- a/src/cryptojwt/__init__.py
+++ b/src/cryptojwt/__init__.py
@@ -21,7 +21,7 @@
 except ImportError:
     pass
 
-__version__ = "1.3.0"
+__version__ = "1.4.0"
 
 logger = logging.getLogger(__name__)