Skip to content

Commit c038ced

Browse files
roherohe
committed
Change behaviour of init_key_jar. Added one parameter.
1 parent 5f0c0c8 commit c038ced

1 file changed

Lines changed: 41 additions & 29 deletions

File tree

src/cryptojwt/key_jar.py

Lines changed: 41 additions & 29 deletions
Original file line numberDiff line numberDiff line change
@@ -732,7 +732,8 @@ def key_summary(keyjar, issuer):
732732
return ', '.join(key_list)
733733

734734

735-
def init_key_jar(public_path='', private_path='', key_defs='', owner=''):
735+
def init_key_jar(public_path='', private_path='', key_defs='', owner='',
736+
read_only=True):
736737
"""
737738
A number of cases here:
738739
@@ -770,6 +771,9 @@ def init_key_jar(public_path='', private_path='', key_defs='', owner=''):
770771
private keys.
771772
:param key_defs: A definition of what keys should be created if they are
772773
not already available
774+
:param owner: The owner of the keys
775+
:param read_only: This function should not attempt to write anything
776+
to a file system.
773777
:return: An instantiated :py:class;`oidcmsg.key_jar.KeyJar` instance
774778
"""
775779

@@ -782,23 +786,27 @@ def init_key_jar(public_path='', private_path='', key_defs='', owner=''):
782786
_kb = _kj.issuer_keys[owner][0]
783787
_diff = key_diff(_kb, key_defs)
784788
if _diff:
785-
update_key_bundle(_kb, _diff)
786-
_kj.issuer_keys[owner] = [_kb]
787-
jwks = _kj.export_jwks(private=True, issuer=owner)
788-
fp = open(private_path, 'w')
789-
fp.write(json.dumps(jwks))
790-
fp.close()
789+
if read_only:
790+
logger.error('Not allowed to write to disc!')
791+
else:
792+
update_key_bundle(_kb, _diff)
793+
_kj.issuer_keys[owner] = [_kb]
794+
jwks = _kj.export_jwks(private=True, issuer=owner)
795+
fp = open(private_path, 'w')
796+
fp.write(json.dumps(jwks))
797+
fp.close()
791798
else:
792799
_kj = build_keyjar(key_defs, owner=owner)
793-
jwks = _kj.export_jwks(private=True, issuer=owner)
794-
head, tail = os.path.split(private_path)
795-
if head and not os.path.isdir(head):
796-
os.makedirs(head)
797-
fp = open(private_path, 'w')
798-
fp.write(json.dumps(jwks))
799-
fp.close()
800-
801-
if public_path:
800+
if not read_only:
801+
jwks = _kj.export_jwks(private=True, issuer=owner)
802+
head, tail = os.path.split(private_path)
803+
if head and not os.path.isdir(head):
804+
os.makedirs(head)
805+
fp = open(private_path, 'w')
806+
fp.write(json.dumps(jwks))
807+
fp.close()
808+
809+
if public_path and not read_only:
802810
jwks = _kj.export_jwks(issuer=owner) # public part
803811
head, tail = os.path.split(public_path)
804812
if head and not os.path.isdir(head):
@@ -815,21 +823,25 @@ def init_key_jar(public_path='', private_path='', key_defs='', owner=''):
815823
_kb = _kj.issuer_keys[owner][0]
816824
_diff = key_diff(_kb, key_defs)
817825
if _diff:
818-
update_key_bundle(_kb, _diff)
819-
_kj.issuer_keys[owner] = [_kb]
820-
jwks = _kj.export_jwks(issuer=owner)
821-
fp = open(private_path, 'w')
822-
fp.write(json.dumps(jwks))
823-
fp.close()
826+
if read_only:
827+
logger.error('Not allowed to write to disc!')
828+
else:
829+
update_key_bundle(_kb, _diff)
830+
_kj.issuer_keys[owner] = [_kb]
831+
jwks = _kj.export_jwks(issuer=owner)
832+
fp = open(private_path, 'w')
833+
fp.write(json.dumps(jwks))
834+
fp.close()
824835
else:
825836
_kj = build_keyjar(key_defs, owner=owner)
826-
_jwks = _kj.export_jwks(issuer=owner)
827-
head, tail = os.path.split(public_path)
828-
if head and not os.path.isdir(head):
829-
os.makedirs(head)
830-
fp = open(public_path, 'w')
831-
fp.write(json.dumps(_jwks))
832-
fp.close()
837+
if not read_only:
838+
_jwks = _kj.export_jwks(issuer=owner)
839+
head, tail = os.path.split(public_path)
840+
if head and not os.path.isdir(head):
841+
os.makedirs(head)
842+
fp = open(public_path, 'w')
843+
fp.write(json.dumps(_jwks))
844+
fp.close()
833845
else:
834846
_kj = build_keyjar(key_defs, owner=owner)
835847

0 commit comments

Comments
 (0)