From 812d140c6b5a54f48e4f2af956257246a3837962 Mon Sep 17 00:00:00 2001 From: John Nduli Date: Mon, 12 Aug 2024 12:15:27 +0300 Subject: refactor: move newest_jwk_with_rotation function to jwks.py We have a similar jwk module in gn2 that does similar functionality. Moving the newest_jwk_with_rotation function to the module ensures that there's some consistency between both modules so that when we ever want to remove the duplication (e.g. by creating some python pip package) it's easier. --- gn_auth/auth/authentication/oauth2/server.py | 19 +------------------ gn_auth/auth/jwks.py | 17 +++++++++++++++++ 2 files changed, 18 insertions(+), 18 deletions(-) (limited to 'gn_auth/auth') diff --git a/gn_auth/auth/authentication/oauth2/server.py b/gn_auth/auth/authentication/oauth2/server.py index ba5abe8..7b65c8e 100644 --- a/gn_auth/auth/authentication/oauth2/server.py +++ b/gn_auth/auth/authentication/oauth2/server.py @@ -15,7 +15,7 @@ from authlib.integrations.flask_helpers import create_oauth_request from gn_auth.auth.db import sqlite3 as db from gn_auth.auth.jwks import ( - list_jwks, newest_jwk, jwks_directory, generate_and_save_private_key) + list_jwks, newest_jwk_with_rotation, jwks_directory, generate_and_save_private_key) from .models.oauth2client import client as fetch_client from .models.oauth2token import OAuth2Token, save_token @@ -96,23 +96,6 @@ def create_save_token_func(token_model: type, app: Flask) -> Callable: return __save_token__ -def newest_jwk_with_rotation(jwksdir: Path, keyage: int) -> JsonWebKey: - """ - Retrieve the latests JWK, creating a new one if older than `keyage` days. - """ - def newer_than_days(jwkey): - filestat = os.stat(Path( - jwksdir, f"{jwkey.as_dict()['kid']}.private.pem")) - oldesttimeallowed = (datetime.now() - timedelta(days=keyage)) - if filestat.st_ctime < (oldesttimeallowed.timestamp()): - return Left("JWK is too old!") - return jwkey - - return newest_jwk(jwksdir).then(newer_than_days).either( - lambda _errmsg: generate_and_save_private_key(jwksdir), - lambda key: key) - - def make_jwt_token_generator(app): """Make token generator function.""" def __generator__(# pylint: disable=[too-many-arguments] diff --git a/gn_auth/auth/jwks.py b/gn_auth/auth/jwks.py index 1352b95..810a162 100644 --- a/gn_auth/auth/jwks.py +++ b/gn_auth/auth/jwks.py @@ -67,3 +67,20 @@ def newest_jwk(storagedir: Path) -> Either: if len(existingkeys) > 0: return Right(pem_to_jwk(existingkeys[-1][1])) return Left("No JWKs exist") + + +def newest_jwk_with_rotation(jwksdir: Path, keyage: int) -> JsonWebKey: + """ + Retrieve the latests JWK, creating a new one if older than `keyage` days. + """ + def newer_than_days(jwkey): + filestat = os.stat(Path( + jwksdir, f"{jwkey.as_dict()['kid']}.private.pem")) + oldesttimeallowed = (datetime.now() - timedelta(days=keyage)) + if filestat.st_ctime < (oldesttimeallowed.timestamp()): + return Left("JWK is too old!") + return jwkey + + return newest_jwk(jwksdir).then(newer_than_days).either( + lambda _errmsg: generate_and_save_private_key(jwksdir), + lambda key: key) -- cgit v1.2.3