@@ -318,16 +318,21 @@ def do_local_jwk(self, filename):
318318 Load a JWKS from a local file
319319
320320 :param filename: Name of the file from which the JWKS should be loaded
321+ :return: True if load was successful or False if file hasn't been modified
321322 """
322- LOGGER .info ("Reading local JWKS from %s" , filename )
323- with open (filename ) as input_file :
324- _info = json .load (input_file )
325- if "keys" in _info :
326- self .do_keys (_info ["keys" ])
323+ if self ._local_update_required ():
324+ LOGGER .info ("Reading local JWKS from %s" , filename )
325+ with open (filename ) as input_file :
326+ _info = json .load (input_file )
327+ if "keys" in _info :
328+ self .do_keys (_info ["keys" ])
329+ else :
330+ self .do_keys ([_info ])
331+ self .last_local = time .time ()
332+ self .time_out = self .last_local + self .cache_time
333+ return True
327334 else :
328- self .do_keys ([_info ])
329- self .last_local = time .time ()
330- self .time_out = self .last_local + self .cache_time
335+ return False
331336
332337 def do_local_der (self , filename , keytype , keyusage = None , kid = "" ):
333338 """
@@ -336,29 +341,34 @@ def do_local_der(self, filename, keytype, keyusage=None, kid=""):
336341 :param filename: Name of the file
337342 :param keytype: Presently 'rsa' and 'ec' supported
338343 :param keyusage: encryption ('enc') or signing ('sig') or both
344+ :return: True if load was successful or False if file hasn't been modified
339345 """
340- LOGGER .info ("Reading local DER from %s" , filename )
341- key_args = {}
342- _kty = keytype .lower ()
343- if _kty in ["rsa" , "ec" ]:
344- key_args ["kty" ] = _kty
345- _key = import_private_key_from_pem_file (filename )
346- key_args ["priv_key" ] = _key
347- key_args ["pub_key" ] = _key .public_key ()
348- else :
349- raise NotImplementedError ("No support for DER decoding of key type {}" .format (_kty ))
346+ if self ._local_update_required ():
347+ LOGGER .info ("Reading local DER from %s" , filename )
348+ key_args = {}
349+ _kty = keytype .lower ()
350+ if _kty in ["rsa" , "ec" ]:
351+ key_args ["kty" ] = _kty
352+ _key = import_private_key_from_pem_file (filename )
353+ key_args ["priv_key" ] = _key
354+ key_args ["pub_key" ] = _key .public_key ()
355+ else :
356+ raise NotImplementedError ("No support for DER decoding of key type {}" .format (_kty ))
350357
351- if not keyusage :
352- key_args ["use" ] = ["enc" , "sig" ]
353- else :
354- key_args ["use" ] = harmonize_usage (keyusage )
358+ if not keyusage :
359+ key_args ["use" ] = ["enc" , "sig" ]
360+ else :
361+ key_args ["use" ] = harmonize_usage (keyusage )
355362
356- if kid :
357- key_args ["kid" ] = kid
363+ if kid :
364+ key_args ["kid" ] = kid
358365
359- self .do_keys ([key_args ])
360- self .last_local = time .time ()
361- self .time_out = self .last_local + self .cache_time
366+ self .do_keys ([key_args ])
367+ self .last_local = time .time ()
368+ self .time_out = self .last_local + self .cache_time
369+ return True
370+ else :
371+ return False
362372
363373 def do_remote (self ):
364374 """
@@ -390,7 +400,10 @@ def do_remote(self):
390400 LOGGER .error (err )
391401 raise UpdateFailed (REMOTE_FAILED .format (self .source , str (err )))
392402
393- if _http_resp .status_code == 200 : # New content
403+ load_successful = _http_resp .status_code == 200
404+ not_modified = _http_resp .status_code == 304
405+
406+ if load_successful :
394407 self .time_out = time .time () + self .cache_time
395408
396409 self .imp_jwks = self ._parse_remote_response (_http_resp )
@@ -408,9 +421,8 @@ def do_remote(self):
408421 if hasattr (_http_resp , "headers" ):
409422 headers = getattr (_http_resp , "headers" )
410423 self .last_remote = headers .get ("last-modified" ) or headers .get ("date" )
411- res = True
412424
413- elif _http_resp . status_code == 304 : # Not modified
425+ elif not_modified :
414426 LOGGER .debug ("%s not modified since %s" , self .source , self .last_remote )
415427 self .time_out = time .time () + self .cache_time
416428 res = False
@@ -426,7 +438,7 @@ def do_remote(self):
426438
427439 self .last_updated = time .time ()
428440 self .ignore_errors_until = None
429- return res
441+ return load_successful
430442
431443 def _parse_remote_response (self , response ):
432444 """
@@ -451,21 +463,19 @@ def _parse_remote_response(self, response):
451463 return None
452464
453465 def _uptodate (self ):
454- res = False
455466 if self .remote or self .local :
456467 if time .time () > self .time_out :
457- if self .local and not self ._local_update_required ():
458- res = True
459- elif self .update ():
460- res = True
461- return res
468+ return self .update ()
469+ return False
462470
463471 def update (self ):
464472 """
465473 Reload the keys if necessary.
466474
467475 This is a forced update, will happen even if cache time has not elapsed.
468476 Replaced keys will be marked as inactive and not removed.
477+
478+ :return: True if update was ok or False if we encountered an error during update.
469479 """
470480 if self .source :
471481 _old_keys = self ._keys # just in case
@@ -476,10 +486,9 @@ def update(self):
476486 try :
477487 if self .local :
478488 if self .fileformat in ["jwks" , "jwk" ]:
479- self .do_local_jwk (self .source )
489+ updated = self .do_local_jwk (self .source )
480490 elif self .fileformat == "der" :
481- self .do_local_der (self .source , self .keytype , self .keyusage )
482- updated = True
491+ updated = self .do_local_der (self .source , self .keytype , self .keyusage )
483492 elif self .remote :
484493 updated = self .do_remote ()
485494 except Exception as err :
0 commit comments