skip keys that are not properly defined (#485)

CZ-NIC · Feb 16, 2018 · 2feb099 · 2feb099
1 parent 5a5a767
commit 2feb099
Show file tree

Hide file tree

Showing 3 changed files with 78 additions and 1 deletion.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -39,6 +39,7 @@ The format is based on the [KeepAChangeLog] project.
 - [#352] Fixed broken windows test for ``test_provider_key_setup``. 
 - [#475] ``get_verify_key`` returns inactive ``sig`` keys for verification
 - [#429] An expired token is not possible to use.
+- [#485] Skip import of improperly defined keys
 - [#370] Use oic.oic.Provider.endp instead of dynamic provider.endpoints in examples
 
 ### Security
@@ -62,6 +63,7 @@ The format is based on the [KeepAChangeLog] project.
 [#478]: https://github.com/OpenIDC/pyoidc/issues/478
 [#483]: https://github.com/OpenIDC/pyoidc/pull/483
 [#429]: https://github.com/OpenIDC/pyoidc/issues/424
+[#485]: https://github.com/OpenIDC/pyoidc/pull/485
 [#486]: https://github.com/OpenIDC/pyoidc/issues/486
 [#370]: https://github.com/OpenIDC/pyoidc/issues/370
 [#491]: https://github.com/OpenIDC/pyoidc/pull/491

diff --git a/src/oic/utils/keyio.py b/src/oic/utils/keyio.py
@@ -17,6 +17,7 @@
 from jwkest import jws
 from jwkest.ecc import NISTEllipticCurve
 from jwkest.jwk import ECKey
+from jwkest.jwk import JWKException
 from jwkest.jwk import RSAKey
 from jwkest.jwk import SYMKey
 from jwkest.jwk import rsa_load
@@ -122,12 +123,14 @@ def do_keys(self, keys):
                     _key = K2C[_typ](**inst)
                 except KeyError:
                     continue
+                except JWKException as err:
+                    logger.warning('Loading a key failed: %s', err)
                 else:
                     self._keys.append(_key)
                     flag = 1
                     break
             if not flag:
-                raise_exception(UnknownKeyType, typ)
+                logger.warning('Unknown key type: %s', typ)
 
     def do_local_jwk(self, filename):
         try:

diff --git a/tests/test_keyio.py b/tests/test_keyio.py
@@ -503,3 +503,75 @@ def test_remove_after():
 
     # should not be any overlap between old and new
     assert set(_new).intersection(set(_old)) == set()
+
+
+JWK_UK = {"keys": [
+    {"n": "zkpUgEgXICI54blf6iWiD2RbMDCOO1jV0VSff1MFFnujM4othfMsad7H1kRo50YM5S_X9TdvrpdOfpz5aBaKFhT6Ziv0nhtcekq1eRl8"
+          "mjBlvGKCE5XGk-0LFSDwvqgkJoFYInq7bu0a4JEzKs5AyJY75YlGh879k1Uu2Sv3ZZOunfV1O1Orta-NvS-aG_jN5cstVbCGWE20H0vF"
+          "VrJKNx0Zf-u-aA-syM4uX7wdWgQ-owoEMHge0GmGgzso2lwOYf_4znanLwEuO3p5aabEaFoKNR4K6GjQcjBcYmDEE4CtfRU9AEmhcD1k"
+          "leiTB9TjPWkgDmT9MXsGxBHf3AKT5w",
+     "e": "AQAB",
+     "kty": "RSA",
+     "kid": "rsa1"},
+    {"k": "YTEyZjBlMDgxMGI4YWU4Y2JjZDFiYTFlZTBjYzljNDU3YWM0ZWNiNzhmNmFlYTNkNTY0NzMzYjE",
+     "kty": "buz"},
+]}
+
+
+def test_load_unknown_keytype():
+    kj = KeyJar()
+    kj.import_jwks(JWK_UK, '')
+    assert len(kj.get_issuer_keys('')) == 1
+
+
+JWKS_SPO = {"keys": [
+    {"kid": "BfxfnahEtkRBG3Hojc9XGLGht_5rDBj49Wh3sBDVnzRpulMqYwMRmpizA0aSPT1fhCHYivTiaucWUqFu_GwTqA",
+     "use": "sig",
+     "alg": "ES256",
+     "kty": "EC",
+     "crv": "P-256",
+     "x": "1XXUXq75gOPZ4bEj1o2Z5XKJWSs6LmL6fAOK3vyMzSc",
+     "y": "ac1h_DwyuUxhkrD9oKMJ-b_KuiVvvSARIwT-XoEmDXs"},
+    {"kid": "91pD1H81rXUvrfg9mkngIG-tXjnldykKUVbITDIU1SgJvq91b8clOcJuEHNAq61eIvg8owpEvWcWAtlbV2awyA",
+     "use": "sig",
+     "alg": "ES256",
+     "kty": "EC",
+     "crv": "P-256",
+     "x": "2DfQoLpZS2j3hHEcHDkzV8ISx-RdLt6Opy8YZYVm4AQ",
+     "y": "ycvkFMBIzgsowiaf6500YlG4vaMSK4OF7WVtQpUbEE0"},
+    {"kid": "0sIEl3MUJiCxrqleEBBF-_bZq5uClE84xp-wpt8oOI-WIeNxBjSR4ak_OTOmLdndB0EfDLtC7X1JrnfZILJkxA",
+     "use": "sig",
+     "alg": "RS256",
+     "kty": "RSA",
+     "n": "yG9914Q1j63Os4jX5dBQbUfImGq4zsXJD4R59XNjGJlEt5ek6NoiDl0ucJO3_7_R9e5my2ONTSqZhtzFW6MImnIn8idWYzJzO2EhUPCHTvw_"
+          "2oOGjeYTE2VltIyY_ogIxGwY66G0fVPRRH9tCxnkGOrIvmVgkhCCGkamqeXuWvx9MCHL_gJbZJVwogPSRN_SjA1gDlvsyCdA6__CkgAFcSt1"
+          "sGgiZ_4cQheKexxf1-7l8R91ZYetz53drk2FS3SfuMZuwMM4KbXt6CifNhzh1Ye-5Tr_ZENXdAvuBRDzfy168xnk9m0JBtvul9GoVIqvCVEC"
+          "B4MPUb7zU6FTIcwRAw",
+     "e": "AQAB"},
+    {"kid": "zyDfdEU7pvH0xEROK156ik8G7vLO1MIL9TKyL631kSPtr9tnvs9XOIiq5jafK2hrGr2qqvJdejmoonlGqWWZRA",
+     "use": "sig",
+     "alg": "RS256",
+     "kty": "RSA",
+     "n": "68be-nJp46VLj4Ci1V36IrVGYqkuBfYNyjQTZD_7yRYcERZebowOnwr3w0DoIQpl8iL2X8OXUo7rUW_LMzLxKx2hEmdJfUn4LL2QqA3KPgjY"
+          "z8hZJQPG92O14w9IZ-8bdDUgXrg9216H09yq6ZvJrn5Nwvap3MXgECEzsZ6zQLRKdb_R96KFFgCiI3bEiZKvZJRA7hM2ePyTm15D9En_Wzzf"
+          "n_JLMYgE_DlVpoKR1MsTinfACOlwwdO9U5Dm-5elapovILTyVTgjN75i-wsPU2TqzdHFKA-4hJNiWGrYPiihlAFbA2eUSXuEYFkX43ahoQNp"
+          "eaf0mc17Jt5kp7pM2w",
+     "e": "AQAB"},
+    {"kid": "q-H9y8iuh3BIKZBbK6S0mH_isBlJsk-u6VtZ5rAdBo5fCjjy3LnkrsoK_QWrlKB08j_PcvwpAMfTEDHw5spepw",
+     "use": "sig",
+     "alg": "EdDSA",
+     "kty": "OKP",
+     "crv": "Ed25519",
+     "x": "FnbcUAXZ4ySvrmdXK1MrDuiqlqTXvGdAaE4RWZjmFIQ"},
+    {"kid": "bL33HthM3fWaYkY2_pDzUd7a65FV2R2LHAKCOsye8eNmAPDgRgpHWPYpWFVmeaujUUEXRyDLHN-Up4QH_sFcmw",
+     "use": "sig",
+     "alg": "EdDSA",
+     "kty": "OKP",
+     "crv": "Ed25519",
+     "x": "CS01DGXDBPV9cFmd8tgFu3E7eHn1UcP7N1UCgd_JgZo"}]}
+
+
+def test_load_spomky_keys():
+    kj = KeyJar()
+    kj.import_jwks(JWKS_SPO, '')
+    assert len(kj.get_issuer_keys('')) == 4