From ac6905ba76f04653a1e3812c4c161ca58c111cc2 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Thu, 18 Apr 2024 17:12:36 -0400 Subject: [PATCH] Allow to pass through pem loading unsafe option This has some significant performance impact and is ok to use with trusted keys. Signed-off-by: Simo Sorce --- jwcrypto/jwk.py | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/jwcrypto/jwk.py b/jwcrypto/jwk.py index fe8598e..6f63656 100644 --- a/jwcrypto/jwk.py +++ b/jwcrypto/jwk.py @@ -982,7 +982,8 @@ def import_from_pyca(self, key): else: raise InvalidJWKValue('Unknown key object %r' % key) - def import_from_pem(self, data, password=None, kid=None): + def import_from_pem(self, data, password=None, kid=None, + unsafe_skip_rsa_key_validation=False): """Imports a key from data loaded from a PEM file. The key may be encrypted with a password. Private keys (PKCS#8 format), public keys, and X509 certificate's @@ -990,11 +991,15 @@ def import_from_pem(self, data, password=None, kid=None): :param data(bytes): The data contained in a PEM file. :param password(bytes): An optional password to unwrap the key. + :param unsafe_skip_rsa_key_validation(bool): This significantly + speeds up loading RSA keys, but is _unsafe_ unless you are certain + the key is valid. Passed directly to the relevant cryptography API. """ try: key = serialization.load_pem_private_key( - data, password=password, backend=default_backend()) + data, password=password, backend=default_backend(), + unsafe_skip_rsa_key_validation=unsafe_skip_rsa_key_validation) except ValueError as e: if password is not None: raise e