To be able to verify that keys are of a certain length/size.

rohe · rohe · commit 585cc3139884 · 2021-10-19T11:07:53.000+02:00
diff --git a/src/cryptojwt/jwk/__init__.py b/src/cryptojwt/jwk/__init__.py
@@ -178,7 +178,7 @@ def serialize(self, private=False):
 
     def get_key(self, private=False, **kwargs):
         """
-        Get a keys useful for signing and/or encrypting information.
+        Get a key useful for signing and/or encrypting information.
 
         :param private: Private key requested. If false return a public key.
         :return: A key instance. This can be an RSA, EC or other
@@ -290,6 +290,9 @@ def appropriate_for(self, usage, **kwargs):
     def update(self):
         pass
 
+    def key_len(self):
+        raise NotImplemented()
+
 
 def pems_to_x5c(cert_chain):
     """
diff --git a/src/cryptojwt/jwk/ec.py b/src/cryptojwt/jwk/ec.py
@@ -1,5 +1,6 @@
 from cryptography.hazmat.backends import default_backend
 from cryptography.hazmat.primitives.asymmetric import ec
+from cryptojwt.exception import KeyNotFound
 
 from ..exception import DeSerializationNotPossible
 from ..exception import JWKESTException
@@ -254,6 +255,14 @@ def __eq__(self, other):
 
         return False
 
+    def key_len(self):
+        if self.priv_key:
+            return self.priv_key.key_size
+        elif self.pub_key:
+            return self.pub_key.key_size
+        else:
+            raise KeyNotFound()
+
 
 def cmp_keys(a, b, key_type):
     if isinstance(a, key_type):
diff --git a/src/cryptojwt/jwk/hmac.py b/src/cryptojwt/jwk/hmac.py
@@ -1,6 +1,8 @@
 import logging
 import os
 
+from cryptojwt.exception import KeyNotFound
+
 from ..exception import JWKException
 from ..exception import UnsupportedAlgorithm
 from ..exception import WrongUsage
@@ -149,6 +151,12 @@ def __eq__(self, other):
 
         return True
 
+    def key_len(self):
+        if self.key:
+            return len(self.key)
+        else:
+            raise KeyNotFound()
+
 
 def new_sym_key(use="", bytes=24, kid=""):
     _key = SYMKey(use=use, kid=kid, key=as_unicode(os.urandom(bytes)))
diff --git a/src/cryptojwt/jwk/rsa.py b/src/cryptojwt/jwk/rsa.py
@@ -4,6 +4,7 @@
 from cryptography.hazmat.backends import default_backend
 from cryptography.hazmat.primitives import serialization
 from cryptography.hazmat.primitives.asymmetric import rsa
+from cryptojwt.exception import KeyNotFound
 
 from ..exception import DeSerializationNotPossible
 from ..exception import JWKESTException
@@ -470,6 +471,14 @@ def __eq__(self, other):
         else:
             return cmp_private_numbers(pn1, pn2)
 
+    def key_len(self):
+        if self.priv_key:
+            return self.priv_key.key_size
+        elif self.pub_key:
+            return self.pub_key.key_size
+        else:
+            raise KeyNotFound()
+
 
 def new_rsa_key(key_size=2048, kid="", public_exponent=65537, **kwargs):
     """
diff --git a/tests/test_02_jwk.py b/tests/test_02_jwk.py
@@ -115,6 +115,12 @@ def test_dumps():
     assert _eq(list(jwk.keys()), ["kty", "e", "n", "kid"])
 
 
+def test_key_size():
+    _ckey = import_rsa_key_from_cert_file(CERT)
+    jwk = jwk_wrap(_ckey)
+    assert jwk.key_len() == 1024
+
+
 def test_import_rsa_key():
     _ckey = import_private_rsa_key_from_file(full_path(KEY))
     assert isinstance(_ckey, rsa.RSAPrivateKey)
@@ -163,7 +169,7 @@ def test_verify_2():
     _key = RSAKey()
     _key.load_key(import_rsa_key_from_cert_file(CERT))
     assert _key.verify()
-
+    assert _key.key_len() == 1024  # default
 
 def test_cmp_rsa():
     _key1 = RSAKey()
@@ -188,12 +194,13 @@ def test_import_export_eckey():
     _key = ECKey(**ECKEY)
     _key.deserialize()
     assert _eq(list(_key.keys()), ["y", "x", "d", "crv", "kty"])
+    assert _key.key_len() == 521
 
 
 def test_new_ec_key():
     ec_key = new_ec_key("P-256")
     assert isinstance(ec_key, ECKey)
-
+    assert ec_key.key_len() == 256
 
 def test_create_eckey():
     ec = new_ec_key("P-256")
@@ -622,7 +629,7 @@ def test_mint_new_sym_key():
     assert key.use == "sig"
     assert key.kid == "one"
     assert len(key.key) == 24
-
+    assert key.key_len() == 24
 
 def test_dump_load():
     _ckey = import_rsa_key_from_cert_file(CERT)
