Coverage for polar/kit/jwk.py: 89%

31 statements  

« prev     ^ index     » next       coverage.py v7.10.6, created at 2025-12-05 17:15 +0000

1import argparse 1abc

2import pathlib 1abc

3import sys 1abc

4from typing import Annotated, Any 1abc

5 

6from authlib.jose import JsonWebKey, KeySet 1abc

7from pydantic import PlainValidator 1abc

8 

9 

10def generate_jwks(kid: str, size: int = 2048) -> str: 1abc

11 options = {"kid": kid, "use": "sig"} 1a

12 key = JsonWebKey.generate_key("RSA", size, options, is_private=True) 1a

13 keyset = KeySet(keys=[key]) 1a

14 return keyset.as_json(is_private=True) 1a

15 

16 

17TIP_MESSAGE = ( 1abc

18 "If you're in local development, you can generate a JWKS file " 

19 "by running the following command:\n" 

20 "uv run task generate_dev_jwks" 

21) 

22 

23 

24def _validate_jwks(value: Any) -> KeySet: 1abc

25 path = pathlib.Path(str(value)) 1bc

26 if not path.exists() and not path.is_file(): 26 ↛ 27line 26 didn't jump to line 27 because the condition on line 26 was never true1bc

27 raise ValueError( 

28 f"The provided JWKS path {value} is not a valid file path " 

29 f"or does not exist.\n{TIP_MESSAGE}" 

30 ) 

31 

32 try: 1bc

33 with open(value) as f: 1bc

34 content = f.read().strip() 1bc

35 return JsonWebKey.import_key_set(content) 1bc

36 except ValueError as e: 

37 raise ValueError( 

38 f"The provided JWKS file {value} is not a valid JWKS file.\n{TIP_MESSAGE}" 

39 ) from e 

40 

41 

42JWKSFile = Annotated[KeySet, PlainValidator(_validate_jwks)] 1abc

43 

44if __name__ == "__main__": 1abc

45 parser = argparse.ArgumentParser(description="Generate JWKS") 1a

46 parser.add_argument("kid", type=str, help="Key ID") 1a

47 parser.add_argument( 1a

48 "--size", type=int, default=2048, help="Key size (default: 2048)" 

49 ) 

50 args = parser.parse_args() 1a

51 

52 jwks = generate_jwks(args.kid, args.size) 1a

53 sys.stdout.write(jwks) 1a

54 sys.stdout.write("\n") 1a