replaced try/except with get

peppelinux · peppelinux · commit 441fec6de9cd · 2020-02-24T11:13:06.000+01:00
diff --git a/src/cryptojwt/key_jar.py b/src/cryptojwt/key_jar.py
@@ -36,29 +36,21 @@ class KeyJar(object):
     """ A keyjar contains a number of KeyBundles sorted by owner/issuer """
 
     def __init__(self, ca_certs=None, verify_ssl=True, keybundle_cls=KeyBundle,
-                 remove_after=3600, httpc=None, httpc_params=None):
+                 remove_after=3600, httpc=None):
         """
         KeyJar init function
 
         :param ca_certs: CA certificates, to be used for HTTPS
         :param verify_ssl: Attempting SSL certificate verification
-        :param keybundle_cls: The KeyBundle class
-        :param remove_after: How long keys marked as inactive will remain in the key Jar.
-        :param httpc: A HTTP client to use. Default is Requests request.
-        :param httpc_params: HTTP request parameters
         :return: Keyjar instance
         """
         self.spec2key = {}
         self.issuer_keys = {}
         self.ca_certs = ca_certs
+        self.verify_ssl = verify_ssl
         self.keybundle_cls = keybundle_cls
         self.remove_after = remove_after
         self.httpc = httpc or request
-        self.httpc_params = httpc_params or {}
-        # Now part of httpc_params
-        # self.verify_ssl = verify_ssl
-        if not self.httpc_params: # backward compatibility
-            self.httpc_params["verify"] = verify_ssl
 
     def __repr__(self):
         issuers = list(self.issuer_keys.keys())
@@ -81,13 +73,11 @@ def add_url(self, issuer, url, **kwargs):
             raise KeyError("No url given")
 
         if "/localhost:" in url or "/localhost/" in url:
-            _params = self.httpc_params.copy()
-            _params['verify'] = False
-            kb = self.keybundle_cls(source=url, httpc=self.httpc,
-                                    httpc_params=_params, **kwargs)
+            kb = self.keybundle_cls(source=url, verify_ssl=False,
+                                    httpc=self.httpc, **kwargs)
         else:
-            kb = self.keybundle_cls(source=url, httpc=self.httpc,
-                                    httpc_params=self.httpc_params, **kwargs)
+            kb = self.keybundle_cls(source=url, verify_ssl=self.verify_ssl,
+                                    httpc=self.httpc, **kwargs)
 
         kb.update()
         self.add_kb(issuer, kb)
@@ -114,7 +104,9 @@ def add_symmetric(self, issuer, key, usage=None):
         else:
             for use in usage:
                 self.issuer_keys[issuer].append(
-                    self.keybundle_cls([{"kty": "oct", "key": key, "use": use}]))
+                    self.keybundle_cls([{"kty": "oct",
+                                         "key": key,
+                                         "use": use}]))
 
     def add_kb(self, issuer, kb):
         """
@@ -420,10 +412,10 @@ def import_jwks(self, jwks, issuer):
         else:
             try:
                 self.issuer_keys[issuer].append(
-                    self.keybundle_cls(_keys, httpc=self.httpc, httpc_params=self.httpc_params))
+                    self.keybundle_cls(_keys, verify_ssl=self.verify_ssl))
             except KeyError:
                 self.issuer_keys[issuer] = [self.keybundle_cls(
-                    _keys, httpc=self.httpc, httpc_params=self.httpc_params)]
+                    _keys, verify_ssl=self.verify_ssl)]
 
     def import_jwks_as_json(self, jwks, issuer):
         """
@@ -466,7 +458,7 @@ def remove_outdated(self, when=0):
         Outdated keys are keys that has been marked as inactive at a time that
         is longer ago then some set number of seconds (when). If when=0 the
         the base time is set to now.
-        The number of seconds are carried in the remove_after parameter in the
+        The number of seconds a carried in the remove_after parameter in the
         key jar.
 
         :param when: To facilitate testing
@@ -493,7 +485,8 @@ def _add_key(self, keys, issuer, use, key_type='', kid='',
             issuer, key_summary(self, issuer)))
 
         if kid:
-            for _key in self.get(key_use=use, owner=issuer, kid=kid, key_type=key_type):
+            for _key in self.get(key_use=use, owner=issuer, kid=kid,
+                                 key_type=key_type):
                 if _key and _key not in keys:
                     keys.append(_key)
             return keys
@@ -578,37 +571,18 @@ def get_jwt_verify_keys(self, jwt, **kwargs):
         :param kwargs: Other key word arguments
         :return: list of usable keys
         """
+        allow_missing_kid = kwargs.get('allow_missing_kid', False)
 
-        try:
-            allow_missing_kid = kwargs['allow_missing_kid']
-        except KeyError:
-            allow_missing_kid = False
-
-        try:
+        _key_type = ''
+        if jwt.headers.get('alg'):
             _key_type = jws_alg2keytype(jwt.headers['alg'])
-        except KeyError:
-            _key_type = ''
 
-        try:
-            _kid = jwt.headers['kid']
-        except KeyError:
-            logger.info('Missing kid')
-            _kid = ''
-
-        try:
-            nki = kwargs['no_kid_issuer']
-        except KeyError:
-            nki = {}
+        _kid = jwt.headers.get('kid', "")
+        nki = kwargs.get('no_kid_issuer', {})
 
         _payload = jwt.payload()
 
-        try:
-            _iss = _payload['iss']
-        except KeyError:
-            try:
-                _iss = kwargs['iss']
-            except KeyError:
-                _iss = ''
+        _iss = _payload.get('iss') or kwargs.get('iss') or ""
 
         if _iss:
             # First extend the key jar iff allowed
@@ -644,8 +618,7 @@ def copy(self):
         for issuer in self.owners():
             kj[issuer] = [kb.copy() for kb in self[issuer]]
 
-        kj.httpc_params = self.httpc_params
-        kj.httpc = self.httpc
+        kj.verify_ssl = self.verify_ssl
         return kj
 
 
@@ -672,8 +645,8 @@ def build_keyjar(key_conf, kid_template="", keyjar=None, owner=''):
         The type of key. Presently only 'rsa', 'oct' and 'ec' supported.
 
     key
-        A name of a file where a key can be found. Works with PEM encoded
-        RSA and EC private keys.
+        A name of a file where a key can be found. Only works with PEM encoded
+        RSA keys
 
     use
         What the key should be used for
@@ -838,7 +811,7 @@ def init_key_jar(public_path='', private_path='', key_defs='', owner='',
                         update_key_bundle(_kb, _diff)
                         _kj.issuer_keys[owner] = [_kb]
                         jwks = _kj.export_jwks(issuer=owner)
-                        fp = open(public_path, 'w')
+                        fp = open(private_path, 'w')
                         fp.write(json.dumps(jwks))
                         fp.close()
         else:
