-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathgetjwks
More file actions
executable file
·68 lines (57 loc) · 2.08 KB
/
getjwks
File metadata and controls
executable file
·68 lines (57 loc) · 2.08 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
#!/usr/bin/python3
#
# Fetches OpenID Connect configuration and JSON Web Key Set (JWKS),
# stores output in out-openid/ and out-jwks/
import argparse
import json
import pathlib
import sys
import requests
import urllib3
urllib3.disable_warnings()
ap = argparse.ArgumentParser()
ap.add_argument("host")
ap.add_argument("-v", "--verbose", action="store_true")
args = ap.parse_args()
headers = {"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) "
"AppleWebKit/537.36 (KHTML, like Gecko) "
"Chrome/132.0.0.0 Safari/537.3"}
ourl = f"https://{args.host}/.well-known/openid-configuration"
try:
openid = requests.get(ourl, verify=False, headers=headers, timeout=10).content
except (requests.exceptions.ConnectionError, requests.exceptions.ContentDecodingError,
requests.exceptions.ReadTimeout, requests.exceptions.TooManyRedirects) as e:
if args.verbose:
print(e)
print(f"Download error: https://{args.host}/.well-known/openid-configuration")
sys.exit(1)
try:
oparsed = json.loads(openid)
except json.decoder.JSONDecodeError:
if args.verbose:
print(f"JSON error: https://{args.host}/.well-known/openid-configuration")
sys.exit(1)
if not isinstance(oparsed, dict) or "jwks_uri" not in oparsed:
# not a valid openid configuration
sys.exit(1)
jurl = oparsed["jwks_uri"]
try:
jwks = requests.get(jurl, verify=False, headers=headers, timeout=10).content
except (requests.exceptions.ConnectionError, requests.exceptions.ContentDecodingError,
requests.exceptions.ReadTimeout, requests.exceptions.TooManyRedirects) as e:
if args.verbose:
print(e)
print(f"Download error: {jurl}")
sys.exit(1)
try:
jparsed = json.loads(jwks)
except json.decoder.JSONDecodeError:
if args.verbose:
print(f"JSON error: {jurl}")
sys.exit(1)
if "keys" not in jparsed and "keys" not in jparsed:
if args.verbose:
print(f"no 'keys' in {jurl}")
sys.exit(1)
pathlib.Path(f"out-openid/{args.host}").write_bytes(openid)
pathlib.Path(f"out-jwks/{args.host}").write_bytes(jwks)