Merge pull request #71 from IdentityPython/develop

rohe · web-flow · commit 214d0a8abb01 · 2020-10-07T16:10:37.000+02:00
Prepare for 1.4.0
diff --git a/README.md b/README.md
@@ -5,5 +5,6 @@
 
 An implementation of the JSON cryptographic specs JWS, JWE, JWK, and JWA [RFC 7515-7518] and JSON Web Token (JWT) [RFC 7519]
 
-oidcmsg is the 1st layer in the
-JWTConnect stack (cryptojwt, oidcmsg, oidcservice, oidcrp)
+oidcmsg is the 1st layer in the JWTConnect stack (cryptojwt, oidcmsg, oidcservice, oidcrp).
+
+Please read the [Official Documentation](https://cryptojwt.readthedocs.io/en/latest/) for getting usage examples and further informations.
diff --git a/src/cryptojwt/__init__.py b/src/cryptojwt/__init__.py
@@ -21,7 +21,7 @@
 except ImportError:
     pass
 
-__version__ = "1.3.0"
+__version__ = "1.4.0"
 
 logger = logging.getLogger(__name__)
 
diff --git a/src/cryptojwt/key_bundle.py b/src/cryptojwt/key_bundle.py
@@ -162,6 +162,7 @@ def __init__(
         keytype="RSA",
         keyusage=None,
         kid="",
+        ignore_invalid_keys=True,
         httpc=None,
         httpc_params=None,
     ):
@@ -181,6 +182,7 @@ def __init__(
             presently 'rsa' and 'ec' are supported.
         :param keyusage: What the key loaded from file should be used for.
             Only applicable for DER files
+        :param ignore_invalid_keys: Ignore invalid keys
         :param httpc: A HTTP client function
         :param httpc_params: Additional parameters to pass to the HTTP client
             function
@@ -202,6 +204,7 @@ def __init__(
         self.last_updated = 0
         self.last_remote = None  # HTTP Date of last remote update
         self.last_local = None  # UNIX timestamp of last local update
+        self.ignore_invalid_keys = ignore_invalid_keys
 
         if httpc:
             self.httpc = httpc
@@ -274,6 +277,8 @@ def do_keys(self, keys):
             elif inst["kty"].upper() in K2C:
                 inst["kty"] = inst["kty"].upper()
             else:
+                if not self.ignore_invalid_keys:
+                    raise UnknownKeyType(inst)
                 LOGGER.warning("While loading keys, unknown key type: %s", inst["kty"])
                 continue
 
@@ -290,12 +295,18 @@ def do_keys(self, keys):
                 try:
                     _key = K2C[_typ](use=_use, **inst)
                 except KeyError:
+                    if not self.ignore_invalid_keys:
+                        raise UnknownKeyType(inst)
                     _error = "UnknownKeyType: {}".format(_typ)
                     continue
                 except (UnsupportedECurve, UnsupportedAlgorithm) as err:
+                    if not self.ignore_invalid_keys:
+                        raise err
                     _error = str(err)
                     break
                 except JWKException as err:
+                    if not self.ignore_invalid_keys:
+                        raise err
                     LOGGER.warning("While loading keys: %s", err)
                     _error = str(err)
                 else:
diff --git a/src/cryptojwt/utils.py b/src/cryptojwt/utils.py
@@ -209,12 +209,12 @@ def modsplit(name):
     if ":" in name:
         _part = name.split(":")
         if len(_part) != 2:
-            raise ValueError("Syntax error: {s}")
+            raise ValueError(f"Syntax error: {s}")
         return _part[0], _part[1]
 
     _part = name.split(".")
     if len(_part) < 2:
-        raise ValueError("Syntax error: {s}")
+        raise ValueError(f"Syntax error: {s}")
 
     return ".".join(_part[:-1]), _part[-1]
 
diff --git a/tests/test_03_key_bundle.py b/tests/test_03_key_bundle.py
@@ -10,6 +10,7 @@
 import responses
 from cryptography.hazmat.primitives.asymmetric import rsa
 
+from cryptojwt.exception import UnknownKeyType
 from cryptojwt.jwk.ec import ECKey
 from cryptojwt.jwk.ec import new_ec_key
 from cryptojwt.jwk.hmac import SYMKey
@@ -1067,3 +1068,14 @@ def test_ignore_errors_period():
         kb.source = source_good
         res = kb.do_remote()
         assert res == True
+
+
+def test_ignore_invalid_keys():
+    rsa_key_dict = new_rsa_key().serialize()
+    rsa_key_dict["kty"] = "b0rken"
+
+    kb = KeyBundle(keys={"keys": [rsa_key_dict]}, ignore_invalid_keys=True)
+    assert len(kb) == 0
+
+    with pytest.raises(UnknownKeyType):
+        KeyBundle(keys={"keys": [rsa_key_dict]}, ignore_invalid_keys=False)
