diff options
-rw-r--r-- | gn_auth/auth/authentication/oauth2/server.py | 19 | ||||
-rw-r--r-- | gn_auth/auth/jwks.py | 17 |
2 files changed, 18 insertions, 18 deletions
diff --git a/gn_auth/auth/authentication/oauth2/server.py b/gn_auth/auth/authentication/oauth2/server.py index ba5abe8..7b65c8e 100644 --- a/gn_auth/auth/authentication/oauth2/server.py +++ b/gn_auth/auth/authentication/oauth2/server.py @@ -15,7 +15,7 @@ from authlib.integrations.flask_helpers import create_oauth_request from gn_auth.auth.db import sqlite3 as db from gn_auth.auth.jwks import ( - list_jwks, newest_jwk, jwks_directory, generate_and_save_private_key) + list_jwks, newest_jwk_with_rotation, jwks_directory, generate_and_save_private_key) from .models.oauth2client import client as fetch_client from .models.oauth2token import OAuth2Token, save_token @@ -96,23 +96,6 @@ def create_save_token_func(token_model: type, app: Flask) -> Callable: return __save_token__ -def newest_jwk_with_rotation(jwksdir: Path, keyage: int) -> JsonWebKey: - """ - Retrieve the latests JWK, creating a new one if older than `keyage` days. - """ - def newer_than_days(jwkey): - filestat = os.stat(Path( - jwksdir, f"{jwkey.as_dict()['kid']}.private.pem")) - oldesttimeallowed = (datetime.now() - timedelta(days=keyage)) - if filestat.st_ctime < (oldesttimeallowed.timestamp()): - return Left("JWK is too old!") - return jwkey - - return newest_jwk(jwksdir).then(newer_than_days).either( - lambda _errmsg: generate_and_save_private_key(jwksdir), - lambda key: key) - - def make_jwt_token_generator(app): """Make token generator function.""" def __generator__(# pylint: disable=[too-many-arguments] diff --git a/gn_auth/auth/jwks.py b/gn_auth/auth/jwks.py index 1352b95..810a162 100644 --- a/gn_auth/auth/jwks.py +++ b/gn_auth/auth/jwks.py @@ -67,3 +67,20 @@ def newest_jwk(storagedir: Path) -> Either: if len(existingkeys) > 0: return Right(pem_to_jwk(existingkeys[-1][1])) return Left("No JWKs exist") + + +def newest_jwk_with_rotation(jwksdir: Path, keyage: int) -> JsonWebKey: + """ + Retrieve the latests JWK, creating a new one if older than `keyage` days. + """ + def newer_than_days(jwkey): + filestat = os.stat(Path( + jwksdir, f"{jwkey.as_dict()['kid']}.private.pem")) + oldesttimeallowed = (datetime.now() - timedelta(days=keyage)) + if filestat.st_ctime < (oldesttimeallowed.timestamp()): + return Left("JWK is too old!") + return jwkey + + return newest_jwk(jwksdir).then(newer_than_days).either( + lambda _errmsg: generate_and_save_private_key(jwksdir), + lambda key: key) |