createToken.py: Allow specification of the JWT key file and output file

Current version of the script assumes that jwt key file is located in the same directory as the script itself and token is written into the same directory as json specification. This is not convinient for binary distribution with key files placed under /etc and script under bin or libexec dirs. Allowing specification of key file and output files location fixes this and application token can be generated with [1] while keeping backward compatibility and existing behaviour (single argument to specify json policy definition) [1] /usr/libexec/kuksa-createToken.py /usr/share/kuksa-val/jwt/all-read-write.json --key /etc/pki/kuksa/jwt.key --output /etc/xdg/AGL/%i/%i.token
eclipse · Sep 27, 2023 · b870544 · b870544
1 parent 6bf73e1
commit b870544
Showing 1 changed file with 12 additions and 9 deletions.
diff --git a/kuksa_certificates/jwt/createToken.py b/kuksa_certificates/jwt/createToken.py
@@ -23,15 +23,16 @@
 from os import path
 
 
-def createJWTToken(input_filename, priv_key):
+def createJWTToken(input_filename, priv_key, output_filename=None):
     print("Reading JWT payload from {}".format(input_filename))
     with open(input_filename, "r") as file:
         payload = json.load(file)
 
     encoded = jwt.encode(payload, priv_key, algorithm="RS256")
-
-    output_filename = input_filename[:-5] if input_filename.endswith(".json") else input_filename
-    output_filename += ".token"
+
+    if output_filename is None:
+        output_filename = input_filename[:-5] if input_filename.endswith(".json") else input_filename
+        output_filename += ".token"
 
     print("Writing signed access token to {}".format(output_filename))
     with open(output_filename, "w") as output:
@@ -41,17 +42,19 @@ def createJWTToken(input_filename, priv_key):
 def main():
     parser = argparse.ArgumentParser()
     parser.add_argument("files", help="Read JWT payload from these files", nargs="+")
-    args = parser.parse_args()
-
     script_dir = path.abspath(path.dirname(__file__))
-    priv_key_filename = path.join(script_dir, "jwt.key")
+    default_key_filename = path.join(script_dir, "jwt.key")
+
+    parser.add_argument("--key", help="Private key location", dest="priv_key_filename", default=default_key_filename)
+    parser.add_argument("--output", help="Name of the output file to store token to", dest="output")
+    args = parser.parse_args()
 
     print("Reading private key from {}".format("jwt.key"))
-    with open(priv_key_filename, "r") as file:
+    with open(args.priv_key_filename, "r") as file:
         priv_key = file.read()
 
     for input in args.files:
-        createJWTToken(input, priv_key)
+        createJWTToken(input, priv_key, args.output)
 
 
 if __name__ == "__main__":