Added some useful functionality

rohe · rohe · commit 8166763f9043 · 2018-10-06T18:25:41.000+02:00
diff --git a/doc/keyhandling.rst b/doc/keyhandling.rst
@@ -207,6 +207,44 @@ bundle::
 **Note** that you will get a JWKS representing the public keys unless you
 specify that you want a representation of the private keys.
 
+As an example of the special functionality of
+:py:class:`cryptojwt.key_bundle.KeyBundle` assume you have imported a file
+containing a JWKS with one key into a key bundle and then some time later
+another key is added to the file.
+This is how key bundle deals with that::
+
+    >>> from cryptojwt.key_bundle import KeyBundle
+    >>> kb = KeyBundle(source="file://{}".format(fname), fileformat='jwks')
+    >>> len(kb)
+    1
+
+Now if we add one key to the file and then some time later we ask for the
+keys in the key bundle::
+
+    >>> _keys = kb.keys()
+    >>> len(_keys)
+    2
+
+It turns out the it contains the 2 keys that are in the file.
+If the change is that one key is removed then something else happens.
+Assume we add one key and remove one of the ones that was there before.
+The file now should contain 2 keys::
+
+    >>> _keys = kb.keys()
+    >>> len(_keys)
+    3
+
+???
+The key that was removed has not disappeared from the key bundle, but it is
+marked as *inactive*. Which means that it should not be used for signing and
+encryption but can be used for decryption and signature verification. ::
+
+    >>> len(kb.get('rsa'))
+    1
+    >>> len(kb.get('rsa', only_active=False))
+    2
+
+
 Key Jar
 -------
 
diff --git a/src/cryptojwt/key_bundle.py b/src/cryptojwt/key_bundle.py
@@ -353,7 +353,7 @@ def update(self):
 
         return res
 
-    def get(self, typ=""):
+    def get(self, typ="", only_active=True):
         """
         Return a list of keys. Either all keys or only keys of a specific type
         
@@ -365,9 +365,14 @@ def get(self, typ=""):
         _typs = [typ.lower(), typ.upper()]
 
         if typ:
-            return [k for k in self._keys if k.kty in _typs]
+            _keys = [k for k in self._keys if k.kty in _typs]
         else:
-            return self._keys
+            _keys = self._keys
+
+        if only_active:
+            return [k for k in _keys if not k.inactive_since]
+        else:
+            return _keys
 
     def keys(self):
         """
diff --git a/tests/test_10_key_bundle.py b/tests/test_10_key_bundle.py
@@ -500,3 +500,6 @@ def test_update_mark_inactive():
     # 2 active and 1 inactive
     assert len(kb) == 3
     assert len(kb.active_keys()) == 2
+
+    assert len(kb.get('rsa')) == 1
+    assert len(kb.get('rsa', only_active=False)) == 2
