Skip to content

fix(jwk): as_dict, as_pem, as_der export public key by default #100

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
lepture merged 1 commit into from
Jun 2, 2026
Merged

fix(jwk): as_dict, as_pem, as_der export public key by default #100

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 2 additions & 5 deletions src/joserfc/_keys.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -127,16 +127,13 @@ def __eq__(self, other: t.Any) -> bool:
assert isinstance(other, KeySet)
return self.keys == other.keys

def as_dict(self, private: bool | None = None, **params: t.Any) -> KeySetSerialization:
def as_dict(self, private: bool = False, **params: t.Any) -> KeySetSerialization:
keys: list[DictKey] = []

for key in self.keys:
# trigger key to generate kid via thumbprint
key.ensure_kid()
if isinstance(key, OctKey):
keys.append(key.as_dict(**params))
else:
keys.append(key.as_dict(private=private, **params))
keys.append(key.as_dict(private=private, **params))
return {"keys": keys}

def get_by_kid(self, kid: str | None = None, parameters: KeyParameters | None = None) -> Key:
Expand Down
12 changes: 6 additions & 6 deletions src/joserfc/_rfc7517/models.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@ def import_from_bytes(cls, value: bytes, password: t.Any = None) -> t.Any:
def as_bytes(
key: GenericKey,
encoding: t.Literal["PEM", "DER"] | None = None,
private: bool | None = None,
private: bool = False,
password: str | None = None,
) -> bytes:
raise NotImplementedError()
Expand Down Expand Up @@ -177,7 +177,7 @@ def thumbprint_uri(self) -> str:
value = self.thumbprint()
return concat_thumbprint_uri(value, self.thumbprint_digest_method)

def as_dict(self, private: bool | None = None, **params: t.Any) -> DictKey:
def as_dict(self, private: bool = False, **params: t.Any) -> DictKey:
"""Output this key to a JWK format (in dict). By default, it will return
the ``dict_value`` of this key.

Expand All @@ -190,7 +190,7 @@ def as_dict(self, private: bool | None = None, **params: t.Any) -> DictKey:
raise ValueError("This key is not a private key.")

data = self.dict_value.copy()
if private is not False:
if private:
data.update(params)
return data

Expand Down Expand Up @@ -322,15 +322,15 @@ def raw_value(self) -> t.Union[NativePublicKey, NativePrivateKey]:
def as_bytes(
self,
encoding: t.Literal["PEM", "DER"] | None = None,
private: bool | None = None,
private: bool = False,
password: str | None = None,
) -> bytes:
return self.binding.as_bytes(self, encoding, private, password)

def as_pem(self, private: bool | None = None, password: str | None = None) -> bytes:
def as_pem(self, private: bool = False, password: str | None = None) -> bytes:
return self.as_bytes(private=private, password=password)

def as_der(self, private: bool | None = None, password: str | None = None) -> bytes:
def as_der(self, private: bool = False, password: str | None = None) -> bytes:
return self.as_bytes(encoding="DER", private=private, password=password)


Expand Down
5 changes: 1 addition & 4 deletions src/joserfc/_rfc7517/pem.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -134,12 +134,9 @@ def import_from_bytes(cls, value: bytes, password: Any | None = None) -> Any:
def as_bytes(
key: GenericKey,
encoding: Literal["PEM", "DER"] | None = None,
private: bool | None = False,
private: bool = False,
password: Any | None = None,
) -> bytes:
if private is None:
private = key.is_private

if private:
return dump_pem_key(key.private_key, encoding, private, password)
else:
Expand Down
4 changes: 4 additions & 0 deletions src/joserfc/_rfc7518/oct_key.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
import typing as t
from typing import Any
import secrets
import warnings
Expand Down Expand Up @@ -101,3 +102,6 @@ def generate_key(
if auto_kid:
key.ensure_kid()
return key

def as_dict(self, private: bool = False, **params: t.Any) -> DictKey:
return super().as_dict(private=True, **params)
4 changes: 2 additions & 2 deletions tests/jwk/test_ec_key.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -84,14 +84,14 @@ def test_import_invalid_pem_key(self):

def test_output_with_password(self):
key = ECKey.import_key(read_key("ec-p256-private.pem"))
pem = key.as_pem(password="secret")
pem = key.as_pem(private=True, password="secret")
self.assertRaises(TypeError, ECKey.import_key, pem)
key2 = ECKey.import_key(pem, password="secret")
self.assertEqual(key.as_dict(), key2.as_dict())

def test_key_eq(self):
key1 = self.default_key
key2 = ECKey.import_key(key1.as_dict())
key2 = ECKey.import_key(key1.as_dict(private=True))
self.assertEqual(key1, key2)
key3 = ECKey.generate_key()
self.assertNotEqual(key1, key3)
Expand Down
4 changes: 2 additions & 2 deletions tests/jwk/test_jwk_set.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ def test_generate_and_import_key_set(self):
# we will ensure kid when generating the key set
self.assertIsNotNone(key.kid)

jwks1_data = jwks1.as_dict()
jwks1_data = jwks1.as_dict(private=True)
self.assertEqual(list(jwks1_data.keys()), ["keys"])
for d1 in jwks1_data["keys"]:
self.assertIn("d", d1)
Expand Down Expand Up @@ -90,6 +90,6 @@ def test_key_eq_with_same_keys(self):

def test_key_eq_with_new_keys(self):
key_set1 = KeySet.generate_key_set("RSA", 2048)
key_set2 = KeySet([RSAKey.import_key(k.as_dict()) for k in key_set1])
key_set2 = KeySet([RSAKey.import_key(k.as_dict(private=True)) for k in key_set1])
self.assertIsNot(key_set1, key_set2)
self.assertEqual(key_set1, key_set2)
12 changes: 6 additions & 6 deletions tests/jwk/test_okp_key.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,11 +46,11 @@ def test_import_pem_key(self):
private_key: OKPKey = OKPKey.import_key(private_pem)
public_key: OKPKey = OKPKey.import_key(public_pem)

self.assertEqual(private_key.as_pem(), private_pem)
self.assertEqual(private_key.as_pem(private=True), private_pem)
self.assertEqual(private_key.as_pem(private=False), public_pem)
self.assertEqual(public_key.as_pem(), public_pem)

self.assertIn("d", private_key.as_dict())
self.assertIn("d", private_key.as_dict(private=True))
self.assertNotIn("d", public_key.as_dict())

def test_import_invalid_pem_key(self):
Expand Down Expand Up @@ -88,15 +88,15 @@ def test_all_as_methods(self):
key: OKPKey = OKPKey.import_key(private_json)

# as_dict
data = key.as_dict()
data = key.as_dict(private=True)
self.assertIn("d", data)
self.assertEqual(data, private_json)
data = key.as_dict(private=False)
self.assertNotIn("d", data)
self.assertEqual(data, public_json)

# as_pem
data = key.as_pem()
data = key.as_pem(private=True)
self.assertIn(b"PRIVATE", data)
data = key.as_pem(private=False)
self.assertIn(b"PUBLIC", data)
Expand All @@ -107,14 +107,14 @@ def test_all_as_methods(self):

def test_output_with_password(self):
key = OKPKey.import_key(read_key("okp-ed25519-private.json"))
pem = key.as_pem(password="secret")
pem = key.as_pem(private=True, password="secret")
self.assertRaises(TypeError, OKPKey.import_key, pem)
key2 = OKPKey.import_key(pem, password="secret")
self.assertEqual(key.as_pem(), key2.as_pem())

def test_key_eq(self):
key1 = OKPKey.generate_key()
key2 = OKPKey.import_key(key1.as_dict())
key2 = OKPKey.import_key(key1.as_dict(private=True))
self.assertIsNot(key1, key2)
self.assertEqual(key1, key2)
key3 = OKPKey.generate_key()
Expand Down
8 changes: 2 additions & 6 deletions tests/jwk/test_rsa_key.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -101,16 +101,12 @@ def test_output_as_methods(self):
key: RSAKey = RSAKey.import_key(private_pem)

# as_dict
data = key.as_dict()
self.assertIn("d", data)
data = key.as_dict(private=True)
self.assertIn("d", data)
data = key.as_dict(private=False)
self.assertNotIn("d", data)

# as_pem
data = key.as_pem()
self.assertIn(b"PRIVATE", data)
data = key.as_pem(private=True)
self.assertIn(b"PRIVATE", data)
data = key.as_pem(private=False)
Expand Down Expand Up @@ -172,14 +168,14 @@ def test_import_invalid_pem_key(self):
def test_output_with_password(self):
private_pem = read_key("rsa-openssl-private.pem")
key: RSAKey = RSAKey.import_key(private_pem)
pem = key.as_pem(password="secret")
pem = key.as_pem(private=True, password="secret")
self.assertRaises(TypeError, RSAKey.import_key, pem)
key2 = RSAKey.import_key(pem, password="secret")
self.assertEqual(key.as_dict(), key2.as_dict())

def test_key_eq(self):
key1 = self.default_key
key2 = RSAKey.import_key(key1.as_dict())
key2 = RSAKey.import_key(key1.as_dict(private=True))
self.assertIsNot(key1, key2)
self.assertEqual(key1, key2)
key3 = RSAKey.generate_key()
Expand Down