Metadata-Version: 2.4
Name: key-manager
Version: 0.1.3
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Rust
Classifier: License :: OSI Approved :: MIT License
Classifier: Operating System :: OS Independent
License-File: LICENSE
Summary: A Python-wrapped Rust library for RSA JWT generation and validation
Author: Malaa Technologies <engineeering@malaa.tech>
Author-email: Malaa Technologies <engineering@malaa.tech>
License: MIT
Description-Content-Type: text/markdown; charset=UTF-8; variant=GFM

Here’s the updated README with a focus on the features, including the use of `jsonwebtoken` under the hood and KID rotation support.

---

# **Rust-Based RSA JWT Library**

This library offers a high-performance, Rust-based JWT solution with Python bindings via PyO3. Designed for security and speed, it incorporates advanced features like KID rotation, blocking claims, and TTL enforcement.

---

## **Features**

1. **Powered by `jsonwebtoken`**:
   - The library leverages the [jsonwebtoken](https://docs.rs/jsonwebtoken/latest/jsonwebtoken/) crate, a popular and robust JWT library in Rust.
   - Provides support for industry-standard algorithms (`RS256`, `HS256`, and more).

2. **KID Rotation**:
   - Supports Key ID (KID) rotation, allowing seamless switching between keys without disrupting existing tokens.
   - Keys are managed via `KeyStore`, where each key pair can be registered with a unique `kid`.

3. **Custom Validation Rules**:
   - **Claim Blocking**: Reject tokens containing specific blocked values.
   - **Claim Matching**: Ensure claims match predefined expected values.
   - **TTL Enforcement**: Enforce a time-to-live (TTL) for tokens.

4. **Exception Handling**:
   - Provides detailed Python exceptions for better catching.

5. **High Performance**:
   - Faster token generation and validation compared to PyJWT.

---

## **Installation**

1. Clone the repository:
   ```bash
   git clone <repository-url>
   cd <repository-directory>
   ```

2. Install dependencies:
   ```bash
   pip install maturin
   ```

3. Build and install the Python package:
   ```bash
   maturin develop
   ```

4. Verify installation:
   ```bash
   python -c "import key_manager; print('Installed successfully!')"
   ```

---

## **Quick Start**

### **Example Usage**

```python
import time
from datetime import datetime, timedelta, timezone
from key_manager import KeyManager, KeyStore, TokenValidation, BlockedKeyError, MissingMatchClaimError, ExpiredToken

# Load keys
private_key_path = "path/to/private_key.pem"
public_key_path = "path/to/public_key.pem"

# Prepare claims
exp = datetime.now(timezone.utc) + timedelta(hours=1)
claims = {
    "sub": "user123",
    "custom_claim": "example_value",
    "exp": int(exp.timestamp()),
    "iat": int(time.time()),
}

# Initialize KeyStore and KeyManager
key_store = KeyStore()
key_store.load_keys("default", private_key_path, public_key_path, "RS256", is_default=True)
key_manager = KeyManager(key_store)

# Generate a token
token = key_manager.generate_token_by_kid("default", claims)
print("Generated Token:", token)

# Validate the token with custom rules
validation = TokenValidation()
validation.claims = {"custom_claim": "example_value"}  # Require exact match
validation.block = {"is_admin": ["False"]}  # Block if "is_admin" is False
validation.ttl = 60  # Enforce TTL of 60 seconds

try:
    decoded = key_manager.verify_token_by_kid(token, "default", validation)
    print("Token is valid. Decoded claims:", decoded)
except BlockedKeyError as e:
    print("BlockedKeyError:", e)
except MissingMatchClaimError as e:
    print("MissingMatchClaimError:", e)
except ExpiredToken as e:
    print("ExpiredToken:", e)
except Exception as e:
    print("Validation failed:", e)
```

---

## **Key Rotation**

Key rotation is seamlessly supported:
1. Register multiple keys using `KeyStore.register_keys()` or `KeyStore.load_keys()` methods.
2. Assign a unique `kid` to each key.
3. Specify the desired `kid` during token generation and validation.

---

## **Benchmarking**

The provided test script compares the performance of this library against PyJWT.

### **Run Benchmark**

```bash
python benchmark.py
```

### **Expected Output**

```
Benchmarking PyJWT vs Rust-based RSA JWT

PyJWT:
  Generation time: 0.001234 seconds
  Validation time: 0.001567 seconds

Rust-based RSA JWT:
  Generation time: 0.000789 seconds
  Validation time: 0.000923 seconds

Performance Comparison:
  Token generation: Rust is 1.56x faster than PyJWT
  Token validation: Rust is 1.70x faster than PyJWT
```

---

## **Exception Types**

| Exception Name              | Description                                        |
|-----------------------------|----------------------------------------------------|
| `BlockedKeyError`           | Raised when a token contains blocked claim values. |
| `MissingMatchClaimError`    | Raised when a claim value doesn't match the expected value. |
| `ExpiredToken`              | Raised when the token exceeds the enforced TTL.    |
| `InvalidTokenError`         | Raised for general invalid token errors.           |
| `ExpiredSignatureError`     | Raised when the token has expired.                 |
| `DecodeError`               | Raised for decoding errors.                        |

---

## **Testing**

Save the provided Python script as `benchmark.py` and update paths for your key files.

---

Let me know if further updates are needed!
