Allow to pass through pem loading unsafe option

This has some significant performance impact and is ok to use with trusted keys. Signed-off-by: Simo Sorce <simo@redhat.com>
latchset · Apr 18, 2024 · ac6905b · ac6905b
1 parent 90bce18
commit ac6905b
Showing 1 changed file with 7 additions and 2 deletions.
diff --git a/jwcrypto/jwk.py b/jwcrypto/jwk.py
@@ -982,19 +982,24 @@ def import_from_pyca(self, key):
         else:
             raise InvalidJWKValue('Unknown key object %r' % key)
 
-    def import_from_pem(self, data, password=None, kid=None):
+    def import_from_pem(self, data, password=None, kid=None,
+                        unsafe_skip_rsa_key_validation=False):
         """Imports a key from data loaded from a PEM file.
         The key may be encrypted with a password.
         Private keys (PKCS#8 format), public keys, and X509 certificate's
         public keys can be imported with this interface.
 
         :param data(bytes): The data contained in a PEM file.
         :param password(bytes): An optional password to unwrap the key.
+        :param unsafe_skip_rsa_key_validation(bool): This significantly
+        speeds up loading RSA keys, but is _unsafe_ unless you are certain
+        the key is valid. Passed directly to the relevant cryptography API.
         """
 
         try:
             key = serialization.load_pem_private_key(
-                data, password=password, backend=default_backend())
+                data, password=password, backend=default_backend(),
+                unsafe_skip_rsa_key_validation=unsafe_skip_rsa_key_validation)
         except ValueError as e:
             if password is not None:
                 raise e