Skip to content

Commit

Permalink
Allow to pass through pem loading unsafe option
Browse files Browse the repository at this point in the history
This has some significant performance impact and
is ok to use with trusted keys.

Signed-off-by: Simo Sorce <[email protected]>
  • Loading branch information
simo5 committed Apr 19, 2024
1 parent 90bce18 commit 1c866cb
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 2 deletions.
9 changes: 7 additions & 2 deletions jwcrypto/jwk.py
Original file line number Diff line number Diff line change
Expand Up @@ -339,6 +339,7 @@ def __init__(self, **kwargs):
super(JWK, self).__init__()
self._cache_pub_k = None
self._cache_pri_k = None
self.unsafe_skip_rsa_key_validation = False

if 'generate' in kwargs:
self.generate_key(**kwargs)
Expand Down Expand Up @@ -838,7 +839,9 @@ def _rsa_pub(self):
def _rsa_pri(self):
k = self._cache_pri_k
if k is None:
k = self._rsa_pri_n().private_key(default_backend())
u = self.unsafe_skip_rsa_key_validation
k = self._rsa_pri_n().private_key(default_backend(),
unsafe_skip_rsa_key_validation=u)
self._cache_pri_k = k
return k

Expand Down Expand Up @@ -993,8 +996,10 @@ def import_from_pem(self, data, password=None, kid=None):
"""

try:
u = self.unsafe_skip_rsa_key_validation
key = serialization.load_pem_private_key(
data, password=password, backend=default_backend())
data, password=password, backend=default_backend(),
unsafe_skip_rsa_key_validation=u)
except ValueError as e:
if password is not None:
raise e
Expand Down
10 changes: 10 additions & 0 deletions jwcrypto/tests.py
Original file line number Diff line number Diff line change
Expand Up @@ -757,6 +757,16 @@ def test_thumbprint_uri(self):
"urn:ietf:params:oauth:jwk-thumbprint:sha-256:{}".format(
PublicKeys['thumbprints'][1]))

def test_unsafe_rsa(self):
key = jwk.JWK()
key.unsafe_skip_rsa_key_validation = True
key.import_from_pem(RSAPrivatePEM, password=RSAPrivatePassword)
self.assertTrue(key.has_private)
# finally check private works
s = jws.JWS(payload='plaintext')
s.add_signature(key, None, {"alg": "PS256"})
s.serialize()


# RFC 7515 - A.1
A1_protected = \
Expand Down

0 comments on commit 1c866cb

Please sign in to comment.