Merge pull request #21 from jschlyter/export_jwks_usage

rohe · web-flow · commit d5b02bb2f536 · 2019-05-28T21:16:45.000+02:00
add usage argument to KeyJar.export_jwks()
diff --git a/src/cryptojwt/key_jar.py b/src/cryptojwt/key_jar.py
@@ -373,7 +373,7 @@ def find(self, source, issuer):
 
         return None
 
-    def export_jwks(self, private=False, issuer=""):
+    def export_jwks(self, private=False, issuer="", usage=None):
         """
         Produces a dictionary that later can be easily mapped into a 
         JSON string representing a JWKS.
@@ -385,7 +385,7 @@ def export_jwks(self, private=False, issuer=""):
         keys = []
         for kb in self.issuer_keys[issuer]:
             keys.extend([k.serialize(private) for k in kb.keys() if
-                         k.inactive_since == 0])
+                         k.inactive_since == 0 and (usage is None or (hasattr(k, 'use') and k.use == usage))])
         return {"keys": keys}
 
     def export_jwks_as_json(self, private=False, issuer=""):
diff --git a/tests/test_04_key_jar.py b/tests/test_04_key_jar.py
@@ -206,6 +206,21 @@ def test_build_keyjar():
     assert len(keyjar.get('enc')) == 1  # 1 for encryption
 
 
+def test_build_keyjar_usage():
+    keys = [
+        {"type": "RSA", "use": ["enc", "sig"]},
+        {"type": "EC", "crv": "P-256", "use": ["sig"]},
+        {"type": "oct", "use": ["enc"]},
+        {"type": "oct", "use": ["enc"]},
+        ]
+
+    keyjar = build_keyjar(keys)
+    jwks_sig = keyjar.export_jwks(usage='sig')
+    jwks_enc = keyjar.export_jwks(usage='enc')
+    assert len(jwks_sig.get('keys')) == 2  # A total of 2 keys with use=sig
+    assert len(jwks_enc.get('keys')) == 3  # A total of 3 keys with use=enc
+
+
 def test_build_keyjar_missing(tmpdir):
     keys = [
         {
