How to use the jwt.exceptions.InvalidKeyError function in jwt
To help you get started, we’ve selected a few jwt examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
namespace-ee / django-rest-framework-sso / tests / test_keys.py View on Github 
def test_empty_keys(self):
with self.assertRaisesMessage(InvalidKeyError, "No keys defined for the given issuer"):
keys.get_key_file_name(keys={}, issuer="test-issuer")def get_key_file_name(keys, issuer, key_id=None):
if not keys.get(issuer):
raise InvalidKeyError("No keys defined for the given issuer")
issuer_keys = keys.get(issuer)
if isinstance(issuer_keys, str):
issuer_keys = [issuer_keys]
if key_id:
issuer_keys = [ik for ik in issuer_keys if key_id in (ik, get_key_id(ik))]
if len(issuer_keys) < 1:
raise InvalidKeyError("No key matches the given key_id")
return issuer_keys[0]def get_key_file_name(keys, issuer, key_id=None):
if not keys.get(issuer):
raise InvalidKeyError("No keys defined for the given issuer")
issuer_keys = keys.get(issuer)
if isinstance(issuer_keys, str):
issuer_keys = [issuer_keys]
if key_id:
issuer_keys = [ik for ik in issuer_keys if key_id in (ik, get_key_id(ik))]
if len(issuer_keys) < 1:
raise InvalidKeyError("No key matches the given key_id")
return issuer_keys[0]dmq1=rsa_crt_dmq1(d, q),
iqmp=rsa_crt_iqmp(p, q),
public_numbers=public_numbers,
)
return numbers.private_key(default_backend())
elif "n" in obj and "e" in obj:
# Public key
numbers = RSAPublicNumbers(
from_base64url_uint(obj["e"]),
from_base64url_uint(obj["n"]),
)
return numbers.public_key(default_backend())
else:
raise InvalidKeyError("Not a public or private key")def from_jwk(jwk):
try:
obj = json.loads(jwk)
except ValueError:
raise InvalidKeyError("Key is not valid JSON")
if obj.get("kty") != "RSA":
raise InvalidKeyError("Not an RSA key")
if "d" in obj and "e" in obj and "n" in obj:
# Private key
if "oth" in obj:
raise InvalidKeyError(
"Unsupported RSA private key: > 2 primes not supported"
)
other_props = ["p", "q", "dp", "dq", "qi"]
props_found = [prop in obj for prop in other_props]
any_props_found = any(props_found)
if any_props_found and not all(props_found):
raise InvalidKeyError(
"RSA key must include all parameters if any are present besides d"
)"dq": force_unicode(to_base64url_uint(numbers.dmq1)),
"qi": force_unicode(to_base64url_uint(numbers.iqmp)),
}
elif getattr(key_obj, "verify", None):
# Public key
numbers = key_obj.public_numbers()
obj = {
"kty": "RSA",
"key_ops": ["verify"],
"n": force_unicode(to_base64url_uint(numbers.n)),
"e": force_unicode(to_base64url_uint(numbers.e)),
}
else:
raise InvalidKeyError("Not a public or private key")
return json.dumps(obj)def from_jwk(jwk):
try:
obj = json.loads(jwk)
except ValueError:
raise InvalidKeyError("Key is not valid JSON")
if obj.get("kty") != "RSA":
raise InvalidKeyError("Not an RSA key")
if "d" in obj and "e" in obj and "n" in obj:
# Private key
if "oth" in obj:
raise InvalidKeyError(
"Unsupported RSA private key: > 2 primes not supported"
)
other_props = ["p", "q", "dp", "dq", "qi"]
props_found = [prop in obj for prop in other_props]
any_props_found = any(props_found)
if any_props_found and not all(props_found):
raise InvalidKeyError(
"RSA key must include all parameters if any are present besides d"
)
public_numbers = RSAPublicNumbers(
from_base64url_uint(obj["e"]),
from_base64url_uint(obj["n"]),
)def prepare_key(self, key):
key = force_bytes(key)
invalid_strings = [
b"-----BEGIN PUBLIC KEY-----",
b"-----BEGIN CERTIFICATE-----",
b"-----BEGIN RSA PUBLIC KEY-----",
b"ssh-rsa",
]
if any([string_value in key for string_value in invalid_strings]):
raise InvalidKeyError(
"The specified key is an asymmetric key or x509 certificate and"
" should not be used as an HMAC secret."
)
return keydef from_jwk(jwk):
obj = json.loads(jwk)
if obj.get("kty") != "oct":
raise InvalidKeyError("Not an HMAC key")
return base64url_decode(obj["k"])
Popular jwt functions
- jwt.algorithms.HMACAlgorithm
- jwt.algorithms.RSAAlgorithm
- jwt.algorithms.RSAAlgorithm.from_jwk
- jwt.contrib.algorithms.pycrypto.RSAAlgorithm
- jwt.decode
- jwt.DecodeError
- jwt.encode
- jwt.exceptions
- jwt.exceptions.DecodeError
- jwt.exceptions.ExpiredSignatureError
- jwt.exceptions.InvalidKeyError
- jwt.exceptions.InvalidTokenError
- jwt.exceptions.MissingRequiredClaimError
- jwt.ExpiredSignature
- jwt.ExpiredSignatureError
- jwt.get_unverified_header
- jwt.InvalidTokenError
- jwt.utils.base64url_decode
- jwt.utils.base64url_encode
- jwt.utils.force_bytes