diff options
Diffstat (limited to 'gn_auth/__init__.py')
-rw-r--r-- | gn_auth/__init__.py | 23 |
1 files changed, 13 insertions, 10 deletions
diff --git a/gn_auth/__init__.py b/gn_auth/__init__.py index 5218673..f7e2620 100644 --- a/gn_auth/__init__.py +++ b/gn_auth/__init__.py @@ -25,8 +25,7 @@ def check_mandatory_settings(app: Flask) -> None: undefined = tuple( setting for setting in ( "SECRET_KEY", "SQL_URI", "AUTH_DB", "AUTH_MIGRATIONS", - "OAUTH2_SCOPE", "SSL_KEY_PAIR_PRIVATE_KEY", - "SSL_KEY_PAIR_PUBLIC_KEY") + "OAUTH2_SCOPE", "SSL_PRIVATE_KEY", "CLIENTS_SSL_PUBLIC_KEYS_DIR") if not ((setting in app.config) and bool(app.config[setting]))) if len(undefined) > 0: raise ConfigurationError( @@ -61,14 +60,18 @@ def load_secrets_conf(app: Flask) -> None: app.config.from_pyfile(secretsfile) -def parse_ssl_key_pair(app): - def __parse_key__(keypathconfig: str, configkey: Optional[str]): - configkey = configkey or keypathconfig - with open(app.config[keypathconfig]) as _sslkey: - app.config[configkey] = JsonWebKey.import_key(_sslkey.read()) +def parse_ssl_public_keys(app): + def __parse_key__(keypath: Path) -> JsonWebKey: + with open(keypath) as _sslkey: + return JsonWebKey.import_key(_sslkey.read()) - __parse_key__("SSL_KEY_PAIR_PUBLIC_KEY", "JWT_PUBLIC_KEY") - __parse_key__("SSL_KEY_PAIR_PRIVATE_KEY", "JWT_PRIVATE_KEY") + key_storage_dir = app.config["CLIENTS_SSL_PUBLIC_KEYS_DIR"] + app.config["SSL_PUBLIC_KEYS"] = { + _key.as_dict()["kid"]: _key for _key in ( + __parse_key__(Path(key_storage_dir).joinpath(key)) + for key in os.listdir(key_storage_dir))} + + app.config["SSL_PRIVATE_KEY"] = __parse_key__(app.config["SSL_PRIVATE_KEY"]) def create_app(config: Optional[dict] = None) -> Flask: """Create and return a new flask application.""" @@ -85,7 +88,7 @@ def create_app(config: Optional[dict] = None) -> Flask: override_settings_with_envvars(app) load_secrets_conf(app) - parse_ssl_key_pair(app) + parse_ssl_public_keys(app) # ====== END: Setup configuration ====== check_mandatory_settings(app) |