Move key addition to separate method so it can be used after init

pvarki · Feb 8, 2024 · 1cecf0e · 1cecf0e
1 parent 12233e1
commit 1cecf0e
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 3 deletions.
diff --git a/src/multikeyjwt/jwt/verifier.py b/src/multikeyjwt/jwt/verifier.py
@@ -42,14 +42,17 @@ def __post_init__(self) -> None:
                     continue
                 if not fpth.name.endswith(".pub"):
                     continue
-                LOGGER.debug("Loading key {}".format(fpth))
-                with fpth.open("rb") as fpntr:
-                    self.pubkeys.append(serialization.load_pem_public_key(fpntr.read(), backend=default_backend()))
+                self.load_key(fpth)
         else:
             LOGGER.info("Loading key {}".format(self.pubkeypath))
             with self.pubkeypath.open("rb") as fpntr:
                 self.pubkeys = [serialization.load_pem_public_key(fpntr.read(), backend=default_backend())]
 
+    def load_key(self, fpth: Path) -> None:
+        """Load given file into public keys"""
+        LOGGER.debug("Loading key {}".format(fpth))
+        self.pubkeys.append(serialization.load_pem_public_key(fpth.read_bytes(), backend=default_backend()))
+
     def decode(self, token: str) -> Dict[str, Any]:
         """Decode the token"""
         last_exception = Exception("This should not be raised")

diff --git a/tests/test_issueverify.py b/tests/test_issueverify.py
@@ -5,6 +5,7 @@
 import pytest
 
 from multikeyjwt import Issuer, Verifier
+from .conftest import DATA_PATH
 
 LOGGER = logging.getLogger(__name__)
 
@@ -28,3 +29,14 @@ def test_pc_issued(issuer_pc: Issuer, verifier: Verifier) -> None:
     token = issuer_pc.issue({"boss": "mang"})
     with pytest.raises(pyJWT.exceptions.InvalidSignatureError):
         verifier.decode(token)
+
+
+def test_load_key(issuer_pc: Issuer) -> None:
+    """test verifier key load load after init"""
+    verifier = Verifier(pubkeypath=DATA_PATH)
+    token = issuer_pc.issue({"foo": "bar"})
+    with pytest.raises(pyJWT.exceptions.InvalidSignatureError):
+        verifier.decode(token)
+    verifier.load_key(DATA_PATH / "pc_jwtRS256.p_b")
+    decoded = verifier.decode(token)
+    assert decoded["foo"] == "bar"