Last active
October 15, 2021 16:46
-
-
Save regisb/ec99266b5a8ae02b216443266ebda1ed to your computer and use it in GitHub Desktop.
useful piece of code to manually generate private/public JWK in edx-platform
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
""" | |
To add the private and public JWK to edx-platform in Juniper, you should do something similar to the following code. | |
First install dependendies with: | |
pip install pycryptodome | |
""" | |
import json | |
from Crypto.PublicKey import RSA | |
def rsa_private_key(bits=2048): | |
""" | |
Export an RSA private key in PEM format. | |
""" | |
key = RSA.generate(bits) | |
return key.export_key().decode() | |
def rsa_import_key(key): | |
""" | |
Import PEM-formatted RSA key and return the corresponding object. | |
""" | |
return RSA.import_key(key.encode()) | |
def long_to_base64(n): | |
""" | |
Borrowed from jwkest.__init__ | |
""" | |
def long2intarr(long_int): | |
_bytes = [] | |
while long_int: | |
long_int, r = divmod(long_int, 256) | |
_bytes.insert(0, r) | |
return _bytes | |
bys = long2intarr(n) | |
data = struct.pack("%sB" % len(bys), *bys) | |
if not data: | |
data = "\x00" | |
s = base64.urlsafe_b64encode(data).rstrip(b"=") | |
return s.decode("ascii") | |
# This key should be stored and never modified. I suggest this should be a setting. | |
JWT_RSA_PRIVATE_KEY = rsa_private_key(2048) | |
jwt_rsa_key = rsa_import_key(JWT_RSA_PRIVATE_KEY) | |
# Modify the edx-platform settings with the following code: | |
JWT_AUTH["JWT_PRIVATE_SIGNING_JWK"] = json.dumps( | |
{ | |
"kid": "openedx", | |
"kty": "RSA", | |
"e": long_to_base64(jwt_rsa_key.e), | |
"d": long_to_base64(jwt_rsa_key.d), | |
"n": long_to_base64(jwt_rsa_key.n), | |
"p": long_to_base64(jwt_rsa_key.p), | |
"q": long_to_base64(jwt_rsa_key.q), | |
} | |
) | |
JWT_AUTH["JWT_PUBLIC_SIGNING_JWK_SET"] = json.dumps( | |
{ | |
"keys": [ | |
{ | |
"kid": "openedx", | |
"kty": "RSA", | |
"e": long_to_base64(jwt_rsa_key.e), | |
"n": long_to_base64(jwt_rsa_key.n), | |
} | |
] | |
} | |
) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I wrote this as an alternative around 2 months ago:
Helps a lot with Ansible.