Allow to pass through pem loading unsafe option

This has some significant performance impact and is ok to use with trusted keys. Signed-off-by: Simo Sorce <simo@redhat.com>
latchset · Apr 18, 2024 · 875b057 · 875b057
1 parent 90bce18
commit 875b057
Showing 1 changed file with 11 additions and 3 deletions.
diff --git a/jwcrypto/jwk.py b/jwcrypto/jwk.py
@@ -339,6 +339,7 @@ def __init__(self, **kwargs):
         super(JWK, self).__init__()
         self._cache_pub_k = None
         self._cache_pri_k = None
+        self.unsafe_skip_rsa_key_validation = False
 
         if 'generate' in kwargs:
             self.generate_key(**kwargs)
@@ -838,7 +839,8 @@ def _rsa_pub(self):
     def _rsa_pri(self):
         k = self._cache_pri_k
         if k is None:
-            k = self._rsa_pri_n().private_key(default_backend())
+            k = self._rsa_pri_n().private_key(default_backend(),
+                unsafe_skip_rsa_key_validation=self.unsafe_skip_rsa_key_validation)
             self._cache_pri_k = k
         return k
 
@@ -994,7 +996,8 @@ def import_from_pem(self, data, password=None, kid=None):
 
         try:
             key = serialization.load_pem_private_key(
-                data, password=password, backend=default_backend())
+                data, password=password, backend=default_backend(),
+                unsafe_skip_rsa_key_validation=self.unsafe_skip_rsa_key_validation)
         except ValueError as e:
             if password is not None:
                 raise e
@@ -1060,17 +1063,22 @@ def from_pyca(cls, key):
         return obj
 
     @classmethod
-    def from_pem(cls, data, password=None):
+    def from_pem(cls, data, password=None,
+                 unsafe_skip_rsa_key_validation=False):
         """Creates a key from PKCS#8 formatted data loaded from a PEM file.
            See the function `import_from_pem` for details.
 
         :param data(bytes): The data contained in a PEM file.
         :param password(bytes): An optional password to unwrap the key.
+        :param unsafe_skip_rsa_key_validation(bool): This significantly
+        speeds up loading RSA keys, but is _unsafe_ unless you are certain
+        the key is valid. Passed directly to the relevant cryptography API.
 
         :return: A JWK object.
         :rtype: JWK
         """
         obj = cls()
+        obj.unsafe_skip_rsa_key_validation=unsafe_skip_rsa_key_validation
         obj.import_from_pem(data, password)
         return obj