Add the `SSL_KEY_PAIR_*` configurations

Add paths to the SSL key-pair used for signing and verifying the JWTs.
author: Frederick Muriuki Muriithi 2024-04-18 19:59:06 +0300
committer: Frederick Muriuki Muriithi 2024-04-18 19:59:06 +0300
commit: d9b8b05a460535dfb09168d1958c047255ff0fa2 (patch)
tree: 4a353a501c9b495737304fb4561fc5a649e901a1
parent: c76fa687c5d7648ac5d3493b5b0f32f90452e606 (diff)
download: gn-auth-d9b8b05a460535dfb09168d1958c047255ff0fa2.tar.gz
2 files changed, 18 insertions, 1 deletions
diff --git a/gn_auth/__init__.py b/gn_auth/__init__.py
index 62ff99d..5218673 100644
--- a/gn_auth/__init__.py
+++ b/gn_auth/__init__.py
@@ -7,6 +7,7 @@ from typing import Optional
 
 from flask import Flask
 from flask_cors import CORS
+from authlib.jose import JsonWebKey
 
 from gn_auth.misc_views import misc
 from gn_auth.auth.views import oauth2
@@ -24,7 +25,8 @@ def check_mandatory_settings(app: Flask) -> None:
     undefined = tuple(
         setting for setting in (
             "SECRET_KEY", "SQL_URI", "AUTH_DB", "AUTH_MIGRATIONS",
-            "OAUTH2_SCOPE")
+            "OAUTH2_SCOPE", "SSL_KEY_PAIR_PRIVATE_KEY",
+            "SSL_KEY_PAIR_PUBLIC_KEY")
         if not ((setting in app.config) and bool(app.config[setting])))
     if len(undefined) > 0:
         raise ConfigurationError(
@@ -58,6 +60,16 @@ def load_secrets_conf(app: Flask) -> None:
                 "You must provide a path to an existing secrets file.")
         app.config.from_pyfile(secretsfile)
 
+
+def parse_ssl_key_pair(app):
+    def __parse_key__(keypathconfig: str, configkey: Optional[str]):
+        configkey = configkey or keypathconfig
+        with open(app.config[keypathconfig]) as _sslkey:
+            app.config[configkey] = JsonWebKey.import_key(_sslkey.read())
+
+    __parse_key__("SSL_KEY_PAIR_PUBLIC_KEY", "JWT_PUBLIC_KEY")
+    __parse_key__("SSL_KEY_PAIR_PRIVATE_KEY", "JWT_PRIVATE_KEY")
+
 def create_app(config: Optional[dict] = None) -> Flask:
     """Create and return a new flask application."""
     app = Flask(__name__)
@@ -73,6 +85,7 @@ def create_app(config: Optional[dict] = None) -> Flask:
     override_settings_with_envvars(app)
 
     load_secrets_conf(app)
+    parse_ssl_key_pair(app)
     # ====== END: Setup configuration ======
 
     check_mandatory_settings(app)
diff --git a/gn_auth/settings.py b/gn_auth/settings.py
index feb80e3..59f3eec 100644
--- a/gn_auth/settings.py
+++ b/gn_auth/settings.py
@@ -28,3 +28,7 @@ CORS_HEADERS = [
     "Authorization",
     "Access-Control-Allow-Credentials"
 ]
+
+# OpenSSL Key-Pair
+SSL_KEY_PAIR_PRIVATE_KEY = ""
+SSL_KEY_PAIR_PUBLIC_KEY = ""
author	Frederick Muriuki Muriithi	2024-04-18 19:59:06 +0300
committer	Frederick Muriuki Muriithi	2024-04-18 19:59:06 +0300
commit	d9b8b05a460535dfb09168d1958c047255ff0fa2 (patch)
tree	4a353a501c9b495737304fb4561fc5a649e901a1
parent	c76fa687c5d7648ac5d3493b5b0f32f90452e606 (diff)
download	gn-auth-d9b8b05a460535dfb09168d1958c047255ff0fa2.tar.gz