Skip to content

On reload don't store duplicated keys #553

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
rohe merged 4 commits into from
Jun 29, 2018
Merged

On reload don't store duplicated keys #553

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
cd6fbcf
If a key bundle is reloaded care should be taken to not store keys th…
rohe Jun 28, 2018
8708520
If a key bundle is reloaded care should be taken to not store keys th…
rohe Jun 28, 2018
7f3b96f
Not part of the 0.14.0 release
rohe Jun 28, 2018
5c48955
Moved JWKS definitions out of test_keyio.py
rohe Jun 28, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ The format is based on the [KeepAChangeLog] project.
## 0.14.0 [2018-05-15]

### Fixed
- [#553] Made sure a a reload would not lead to duplicated keys in a keybundle.
Copy link
Collaborator

@schlenk schlenk Jun 28, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should not be in the 0.14.0 section.

Open a new section for still unreleased changes on top.

Copy link
Contributor Author

@rohe rohe Jun 28, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Got it

- [#534] Fixed a bug in client_secret_basic authentication
- [#503] Fix error on UserInfo endpoint for removed clients
- [#508] JWT now uses verify keys for JWT verification
Expand Down Expand Up @@ -45,6 +46,7 @@ The format is based on the [KeepAChangeLog] project.
[#532]: https://github.com/OpenIDC/pyoidc/pull/532
[#498]: https://github.com/OpenIDC/pyoidc/issues/498
[#534]: https://github.com/OpenIDC/pyoidc/pull/534
[#553]: https://github.com/OpenIDC/pyoidc/pull/553
Copy link
Collaborator

@schlenk schlenk Jun 28, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

see above, move to new section preparing for 0.15.0


## 0.13.1 [2018-04-06]

Expand Down
7 changes: 4 additions & 3 deletions src/oic/utils/keyio.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -126,9 +126,10 @@ def do_keys(self, keys):
except JWKException as err:
logger.warning('Loading a key failed: %s', err)
else:
self._keys.append(_key)
flag = 1
break
if _key not in self._keys:
self._keys.append(_key)
flag = 1
break
if not flag:
logger.warning('Unknown key type: %s', typ)

Expand Down
25 changes: 25 additions & 0 deletions tests/test_keyio.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -575,3 +575,28 @@ def test_load_spomky_keys():
kj = KeyJar()
kj.import_jwks(JWKS_SPO, '')
assert len(kj.get_issuer_keys('')) == 4


def test_reload():
"""
Emulates what happens if you fetch keys from a remote site and
you get back the same JWKS as the last time.
"""
_jwks = {
"keys": [
{
"alg":"RS256",
"e":"AQAB",
"kty":"RSA",
"n":"wkpyitec6TgFC5G41RF6jBOZghGVyaHL79CzSjjS9VCkWjpGo2hajOsiJ1RnSoat9XDmQAqiqn18rWx4xa4ErdWVqug88pLxMVmnV9tF10uJNgIi_RSsIQz40J9aKrxOotN6Mnq454BpanAxbrbC5hLlp-PIGgmWzUDNwCSfnWBjd0yGwdYKVB6d-SGNfLvdMUhFiYIX0POUnJDNl_j3kLYQ0peYRbunyQzST5nLPOItePCuZ12G5e0Eo1meSF1Md3IkuY8paqKk-vsWrT22X7CUV3HZow06ogRcFMMzvooE7yDqS53I_onsUrqgQ2aUnoo8OaD0eLlEWdaTyeNAIw","use":"sig"
Copy link
Collaborator

@schlenk schlenk Jun 28, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

put the jwks in an extra file or make pylama happy about the overlong lines.

}]}

kb = KeyBundle()
kb.imp_jwks = _jwks
kb.do_keys(kb.imp_jwks['keys'])

assert len(kb) == 1

kb.do_keys(kb.imp_jwks['keys'])

assert len(kb) == 1