Removed JWKS since KeyBundle does everything that JWKS did and more.

Author: rohe

doc/keyhandling.rst

@@ -234,7 +234,7 @@ The file now should contain 2 keys::
     >>> len(_keys)
     3
 
-???
+What ???
 The key that was removed has not disappeared from the key bundle, but it is
 marked as *inactive*. Which means that it should not be used for signing and
 encryption but can be used for decryption and signature verification. ::
@@ -248,6 +248,8 @@ encryption but can be used for decryption and signature verification. ::
 Key Jar
 -------
 
+A key jar keeps keys sorted by owner/issuer. The keys in a key jar are all
+part of key bundles.
 
 
 .. _cryptography: https://cryptography.io/en/latest/

src/cryptojwt/jwk/jwks.py

@@ -2,9 +2,9 @@
 import logging
 
 import requests
+from cryptojwt.key_bundle import KeyBundle
 
 from .jwk.jwk import key_from_jwk_dict
-from .jwk.jwks import JWKS
 from .jwk.rsa import import_rsa_key
 from .jwk.rsa import load_x509_cert
 from .jwk.rsa import RSAKey
@@ -79,8 +79,7 @@ def __init__(self, msg=None, with_digest=False, httpc=None, **kwargs):
                     _pub_key = import_rsa_key(_val)
                     self._jwk = RSAKey(_pub_key)
                 elif key == "jku":
-                    self._jwks = JWKS(httpc=self.httpc)
-                    self._jwks.load_from_url(_val)
+                    self._jwks = KeyBundle(source=_val, httpc=self.httpc)
                     self._dict['jku'] = _val
                 elif "x5u" in self:
                     try:
@@ -141,7 +140,7 @@ def _get_keys(self):
         _keys = []
         if self._jwk:
             _keys.append(self._jwk)
-        if self._jwks:
+        if self._jwks is not None:
             _keys.extend(self._jwks.keys())
         return _keys
 

src/cryptojwt/jwx.py

@@ -107,7 +107,8 @@ def ec_init(spec):
 
 class KeyBundle(object):
     def __init__(self, keys=None, source="", cache_time=300, verify_ssl=True,
-                 fileformat="jwks", keytype="RSA", keyusage=None, kid=''):
+                 fileformat="jwks", keytype="RSA", keyusage=None, kid='',
+                 httpc=None):
         """
         Contains a set of keys that have a common origin.
         The sources can be serveral:
@@ -125,6 +126,7 @@ def __init__(self, keys=None, source="", cache_time=300, verify_ssl=True,
             presently only 'rsa' is supported.
         :param keyusage: What the key loaded from file should be used for.
             Only applicable for DER files
+        :param httpc: A HTTP client function
         """
 
         self._keys = []
@@ -139,11 +141,18 @@ def __init__(self, keys=None, source="", cache_time=300, verify_ssl=True,
         self.keyusage = keyusage
         self.imp_jwks = None
         self.last_updated = 0
+        if httpc:
+            self.httpc = httpc
+        else:
+            self.httpc = requests.request
 
         if keys:
             self.source = None
             if isinstance(keys, dict):
-                self.do_keys([keys])
+                if 'keys' in keys:
+                    self.do_keys(keys['keys'])
+                else:
+                    self.do_keys([keys])
             else:
                 self.do_keys(keys)
         else:
@@ -254,7 +263,7 @@ def do_remote(self):
 
         try:
             logging.debug('KeyBundle fetch keys from: {}'.format(self.source))
-            r = requests.get(self.source, **args)
+            r = self.httpc('GET', self.source, **args)
         except Exception as err:
             logger.error(err)
             raise UpdateFailed(
@@ -547,6 +556,9 @@ def copy(self):
 
         return kb
 
+    def __iter__(self):
+        return self._keys.__iter__()
+
 
 def keybundle_from_local_file(filename, typ, usage):
     """

src/cryptojwt/key_bundle.py

@@ -97,15 +97,14 @@ def add_symmetric(self, issuer, key, usage=None):
         if issuer not in self.issuer_keys:
             self.issuer_keys[issuer] = []
 
-        _key = b64e(as_bytes(key))
         if usage is None:
             self.issuer_keys[issuer].append(
-                self.keybundle_cls([{"kty": "oct", "k": _key}]))
+                self.keybundle_cls([{"kty": "oct", "key": key}]))
         else:
             for use in usage:
                 self.issuer_keys[issuer].append(
                     self.keybundle_cls([{"kty": "oct",
-                                         "k": _key,
+                                         "key": key,
                                          "use": use}]))
 
     def add_kb(self, issuer, kb):
@@ -188,7 +187,10 @@ def get(self, key_use, key_type="", owner="", kid=None, **kwargs):
         lst = []
         for bundle in _kj:
             if key_type:
-                _bkeys = bundle.get(key_type)
+                if key_use in ['ver', 'dec']:
+                    _bkeys = bundle.get(key_type, only_active=False)
+                else:
+                    _bkeys = bundle.get(key_type)
             else:
                 _bkeys = bundle.keys()
             for key in _bkeys:
@@ -283,6 +285,12 @@ def __contains__(self, item):
             return False
 
     def __getitem__(self, owner):
+        """
+        Get all the key bundles that belong to an entity.
+
+        :param owner: The entity ID
+        :return: A possibly empty list of key bundles
+        """
         try:
             return self.issuer_keys[owner]
         except KeyError:
@@ -344,9 +352,8 @@ def load_keys(self, issuer, jwks_uri='', jwks=None, replace=False):
             self.add_url(issuer, jwks_uri)
         elif jwks:
             # jwks should only be considered if no jwks_uri is present
-            _keys = jwks["keys"]
-            self.issuer_keys[issuer].append(
-                self.keybundle_cls(_keys, verify_ssl=self.verify_ssl))
+            _keys = jwks['keys']
+            self.issuer_keys[issuer].append(self.keybundle_cls(_keys))
 
     def find(self, source, issuer):
         """