pyeudiw.jwk package

Submodules

pyeudiw.jwk.exceptions module

exception pyeudiw.jwk.exceptions.InvalidJwk[source]: Bases: Exception

exception pyeudiw.jwk.exceptions.InvalidKid[source]: Bases: Exception

exception pyeudiw.jwk.exceptions.KidError[source]: Bases: Exception

exception pyeudiw.jwk.exceptions.KidNotFoundError[source]: Bases: Exception

pyeudiw.jwk.jwks module

pyeudiw.jwk.jwks.find_jwk_by_kid(jwks: list[dict], kid: str, as_dict: bool = True) → dict | JWK[source]

Find the JWK with the indicated kid in the jwks list.

Parameters:

kid (str) – the identifier of the jwk
jwks (list[dict]) – the list of jwks
as_dict (bool) – if True the return type will be a dict, JWK otherwise.

Raises:

InvalidKid – if kid is None.
KidNotFoundError – if kid is not in jwks list.

Returns:

the jwk with the indicated kid or an empty dict if no jwk is found

Return type:

dict | JWK

pyeudiw.jwk.jwks.find_jwk_by_thumbprint(jwks: list[dict], thumbprint: bytes) → dict | None[source]

Find if a jwk with the given thumbprint is part of the given JWKS. Function can be used to select if a public key without a kid (such as a key that is part of a certificate chain) is part of a jwk set.

We assume that SHA-256 is the hash function used to produce the thumbprint.

pyeudiw.jwk.parse module

pyeudiw.jwk.parse.parse_b64der(b64der: str) → JWK[source]: Parse a (public) key from a Base64 encoded DER certificate.

pyeudiw.jwk.parse.parse_certificate(cert: str | bytes) → JWK[source]

Parse a key from a x509 PEM or DER certificate.

Parameters:: cert (str | bytes) – x509 certificate in PEM or DER format
Raises:: InvalidJwk – if the key cannot be parsed from the certificate
Returns:: JWK object
Return type:: JWK

pyeudiw.jwk.parse.parse_pem(pem: str) → JWK[source]

Parse a key from a pem string. This function currently support only the parsing of public RSA key from a pem string.

Parameters:: pem (str) – pem string
Raises:: InvalidJwk – if the key cannot be parsed from the pem string
Returns:: JWK object
Return type:: JWK

pyeudiw.jwk.parse.parse_x5c_keys(x5c: list[str] | list[bytes]) → list[JWK][source]

Parse a the keys from a x5c chain. The first element of the chain will contain the verifying key. See RFC7517 https://datatracker.ietf.org/doc/html/rfc7517#section-4.7

Parameters:: x5c (list[str]) – list of x509 certificates
Raises:: InvalidJwk – if the key cannot be parsed from the x5c chain
Returns:: JWK object
Return type:: JWK

Module contents

class pyeudiw.jwk.JWK(key: dict | None = None, key_type: str = 'EC', hash_func: str = 'SHA-256', ec_crv: str = 'P-256')[source]

Bases: object

The class representing a JWK istance

as_dict() → dict[source]

Returns the JWK in format of dict.

Returns:: The key in form of dict.
Return type:: dict

as_json() → str[source]

Returns the JWK in format of json string.

Returns:: A json string that represents the key.
Return type:: str

as_public_dict() → dict[source]: Returns the public key in format of dict. :returns: The public key in form of dict. :rtype: dict

export_private_pem() → str[source]

Returns the JWK in format of a private pem certificte.

Returns:: A private pem certificate that represents the key.
Return type:: str

export_public_pem() → str[source]

Returns the JWK in format of a public pem certificte.

Returns:: A public pem certificate that represents the key.
Return type:: str