New keys should always have a kid.

Author: rohe

src/cryptojwt/jwk/hmac.py

@@ -146,4 +146,7 @@ def __eq__(self, other):
 
 
 def new_sym_key(use='', bytes=24, kid=''):
-    return SYMKey(use=use, kid=kid, key=as_unicode(os.urandom(bytes)))
+    _key = SYMKey(use=use, kid=kid, key=as_unicode(os.urandom(bytes)))
+    if not _key.kid:
+        _key.add_kid()
+    return _key

src/cryptojwt/jwk/jwk.py

@@ -171,6 +171,9 @@ def jwk_wrap(key, use="", kid=""):
     else:
         raise Exception("Unknown key type:key=" + str(type(key)))
 
+    if not kspec.kid:
+        kspec.add_kid()
+
     kspec.serialize()
     return kspec
 

src/cryptojwt/jwk/rsa.py

@@ -527,7 +527,7 @@ def new_rsa_key(key_size=2048, kid='', public_exponent=65537, **kwargs):
                                     backend=default_backend())
 
     _rk = RSAKey(priv_key=_key, kid=kid, **kwargs)
-    if not kid:
+    if not _rk.kid:
         _rk.add_kid()
 
     return _rk

src/cryptojwt/key_bundle.py

@@ -261,6 +261,8 @@ def do_keys(self, keys):
                         LOGGER.warning('While loading keys: %s', err)
                     else:
                         if _key not in self._keys:
+                            if not _key.kid:
+                                _key.add_kid()
                             self._keys.append(_key)
                         flag = 1
                         break
@@ -308,6 +310,8 @@ def do_local_der(self, filename, keytype, keyusage=None, kid=''):
             _key.use = use
             if kid:
                 _key.kid = kid
+            if not _key.kid:
+                _key.add_kid()
             self._keys.append(_key)
 
         self.last_updated = time.time()

tests/test_02_jwk.py

@@ -111,15 +111,15 @@ def test_kspec():
 def test_dumps():
     _ckey = import_rsa_key_from_cert_file(CERT)
     jwk = jwk_wrap(_ckey).serialize()
-    assert _eq(list(jwk.keys()), ["kty", "e", "n"])
+    assert _eq(list(jwk.keys()), ["kty", "e", "n", 'kid'])
 
 
 def test_import_rsa_key():
     _ckey = import_private_rsa_key_from_file(full_path(KEY))
     assert isinstance(_ckey, rsa.RSAPrivateKey)
     djwk = jwk_wrap(_ckey).to_dict()
 
-    assert _eq(djwk.keys(), ["kty", "e", "n", "p", "q", "d"])
+    assert _eq(djwk.keys(), ["kty", "e", "n", "p", "q", "d", "kid"])
     assert djwk[
                "n"] == '5zbNbHIYIkGGJ3RGdRKkYmF4gOorv5eDuUKTVtuu3VvxrpOWvwnFV' \
                        '-NY0LgqkQSMMyVzodJE3SUuwQTUHPXXY5784vnkFqzPRx6bHgPxKz7XfwQjEBTafQTMmOeYI8wFIOIHY5i0RWR-gxDbh_D5TXuUqScOOqR47vSpIbUH-nc'

tests/test_03_key_bundle.py

@@ -219,7 +219,7 @@ def test_with_2_sym_key():
     assert len(kb) == 2
 
     assert kb.get_key_with_kid('kid') is None
-    assert kb.kids() == []
+    assert len(kb.kids()) == 2
 
 
 def test_remove_sym():
@@ -326,7 +326,9 @@ def test_keybundle_from_local_der():
     assert len(kb) == 1
     keys = kb.get('rsa')
     assert len(keys) == 1
-    assert isinstance(keys[0], RSAKey)
+    _key = keys[0]
+    assert isinstance(_key, RSAKey)
+    assert _key.kid
 
 
 def test_ec_keybundle_from_local_der():
@@ -336,7 +338,9 @@ def test_ec_keybundle_from_local_der():
     assert len(kb) == 1
     keys = kb.get('ec')
     assert len(keys) == 1
-    assert isinstance(keys[0], ECKey)
+    _key = keys[0]
+    assert _key.kid
+    assert isinstance(_key, ECKey)
 
 
 def test_keybundle_from_local_der_update():
@@ -346,15 +350,19 @@ def test_keybundle_from_local_der_update():
     assert len(kb) == 1
     keys = kb.get('rsa')
     assert len(keys) == 1
-    assert isinstance(keys[0], RSAKey)
+    _key = keys[0]
+    assert _key.kid
+    assert isinstance(_key, RSAKey)
 
     kb.update()
 
     # Nothing should change
     assert len(kb) == 1
     keys = kb.get('rsa')
     assert len(keys) == 1
-    assert isinstance(keys[0], RSAKey)
+    _key = keys[0]
+    assert _key.kid
+    assert isinstance(_key, RSAKey)
 
 
 def test_creat_jwks_sym():
@@ -363,7 +371,7 @@ def test_creat_jwks_sym():
     _jwks = kb.jwks()
     _loc = json.loads(_jwks)
     assert list(_loc.keys()) == ["keys"]
-    assert set(_loc['keys'][0].keys()) == {'kty', 'use', 'k'}
+    assert set(_loc['keys'][0].keys()) == {'kty', 'use', 'k', 'kid'}
 
 
 def test_keybundle_from_local_jwks_file():