Update createToken.py

Origin eclipse/kuksa.val#676
boschglobal · Mar 4, 2024 · be5cc16 · be5cc16
1 parent 495d627
commit be5cc16
Show file tree

Hide file tree

Showing 4 changed files with 31 additions and 18 deletions.
diff --git a/.github/workflows/check_license.yml b/.github/workflows/check_license.yml
@@ -14,7 +14,7 @@ jobs:
     steps:
 
     - name: Checkout code
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
       with:
         # required to grab the history of the PR
         fetch-depth: 0

diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml
@@ -11,11 +11,13 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           # required to grab the history of the PR
           fetch-depth: 0
-      - uses: actions/setup-python@v3
-      - uses: pre-commit/[email protected]
+      - uses: actions/setup-python@v5
+        with:
+          python-version: '3.10'
+      - uses: pre-commit/[email protected]
         with:
           extra_args: --color=always --from-ref ${{ github.event.pull_request.base.sha }} --to-ref ${{ github.event.pull_request.head.sha }}
diff --git a/jwt/README.md b/jwt/README.md
@@ -5,26 +5,22 @@ For more information on token format see [documentation](./authorization.md).
 
 ## Available tokens
 
-
 * `actuate-provide-all.token` - gives access to set target value and actual value for all signals
 * `provide-all.token` - gives access to set actual value for all signals, but not target value
 * `read-all.token` - gives access to read actual and current value for all signals
 * `provide-vehicle-speed.token` - gives access to write and read actual value for Vehicle.Speed. Does not give access to other signals
 * `read-vehicle-speed.token` - gives access to read actual value for Vehicle.Speed. Does not give access to other signals
 
-
 ## Create new tokens
 
 Two helper scripts exist for generating keys and tokens
 
 * [recreateJWTkeyPair.sh](recreateJWTkeyPair.sh) to regenerate the JWT keys used for signing
 * [createToken.py](createToken.py) to create signed tokens, requires `*.json` files as parameters
 
-Note that token generation must take place from the directory containing `createToken.py`
-
 An example is shown below:
 
 ```
 pip install -r requirements.txt
-python -m createToken actuate-provide-all.json 
+python -m createToken actuate-provide-all.json
 ```
diff --git a/jwt/createToken.py b/jwt/createToken.py
@@ -17,21 +17,28 @@
 ########################################################################
 
 import argparse
+import sys
+from os import path
+
 import json
 import jwt
 
-from os import path
+
+def error_exit(msg):
+    print(msg, file=sys.stderr)
+    sys.exit(1)
 
 
-def createJWTToken(input_filename, priv_key):
+def createJWTToken(input_filename, priv_key, output_filename=None):
     print("Reading JWT payload from {}".format(input_filename))
     with open(input_filename, "r") as file:
         payload = json.load(file)
 
     encoded = jwt.encode(payload, priv_key, algorithm="RS256")
 
-    output_filename = input_filename[:-5] if input_filename.endswith(".json") else input_filename
-    output_filename += ".token"
+    if output_filename is None:
+        output_filename = input_filename[:-5] if input_filename.endswith(".json") else input_filename
+        output_filename += ".token"
 
     print("Writing signed access token to {}".format(output_filename))
     with open(output_filename, "w") as output:
@@ -41,17 +48,25 @@ def createJWTToken(input_filename, priv_key):
 def main():
     parser = argparse.ArgumentParser()
     parser.add_argument("files", help="Read JWT payload from these files", nargs="+")
+    script_dir = path.abspath(path.dirname(__file__))
+    default_key_filename = path.join(script_dir, "jwt.key")
+
+    parser.add_argument("--key", help="Private key location", dest="priv_key_filename", default=default_key_filename)
+    parser.add_argument("--output", help="Name of the output file to store token to", dest="output")
     args = parser.parse_args()
 
-    script_dir = path.abspath(path.dirname(__file__))
-    priv_key_filename = path.join(script_dir, "jwt.key")
+    if args.output is not None and len(args.files) > 1:
+        error_exit("""
+        Both --output option and multiple files have been specified.
+        Output filename can be specified for single input file only!
+        """)
 
     print("Reading private key from {}".format("jwt.key"))
-    with open(priv_key_filename, "r") as file:
+    with open(args.priv_key_filename, "r") as file:
         priv_key = file.read()
 
-    for input in args.files:
-        createJWTToken(input, priv_key)
+    for input_file in args.files:
+        createJWTToken(input_file, priv_key, args.output)
 
 
 if __name__ == "__main__":