lint B904,SIM108

jschlyter · jschlyter · commit cb704241f4f1 · 2024-05-30T14:48:36.000+02:00
diff --git a/src/cryptojwt/jwe/jwe.py b/src/cryptojwt/jwe/jwe.py
@@ -191,10 +191,7 @@ def decrypt(self, token=None, keys=None, alg=None, cek=None):
                 return msg
 
         for key in keys:
-            if isinstance(key, AsymmetricKey):
-                _key = key.private_key()
-            else:
-                _key = key.key
+            _key = key.private_key() if isinstance(key, AsymmetricKey) else key.key
 
             try:
                 msg = decrypter.decrypt(_jwe, _key)
diff --git a/src/cryptojwt/jwe/jwe_ec.py b/src/cryptojwt/jwe/jwe_ec.py
@@ -111,8 +111,8 @@ def enc_setup(self, msg, key=None, auth_data=b"", **kwargs):
         if self.alg == "ECDH-ES":
             try:
                 dk_len = KEY_LEN[self.enc]
-            except KeyError:
-                raise ValueError("Unknown key length for algorithm %s" % self.enc)
+            except KeyError as exc:
+                raise ValueError("Unknown key length for algorithm %s" % self.enc) from exc
 
             cek = ecdh_derive_key(_epk, key.pub_key, apu, apv, str(self.enc).encode(), dk_len)
         elif self.alg in ["ECDH-ES+A128KW", "ECDH-ES+A192KW", "ECDH-ES+A256KW"]:
@@ -153,8 +153,8 @@ def dec_setup(self, token, key=None, **kwargs):
         if self.headers["alg"] == "ECDH-ES":
             try:
                 dk_len = KEY_LEN[self.headers["enc"]]
-            except KeyError:
-                raise Exception("Unknown key length for algorithm")
+            except KeyError as exc:
+                raise Exception("Unknown key length for algorithm") from exc
 
             self.cek = ecdh_derive_key(
                 key,
@@ -211,10 +211,7 @@ def encrypt(self, key=None, iv="", cek="", **kwargs):
         return jwe.pack(parts=[iv, ctxt, tag])
 
     def decrypt(self, token=None, **kwargs):
-        if isinstance(token, JWEnc):
-            jwe = token
-        else:
-            jwe = JWEnc().unpack(token)
+        jwe = token if isinstance(token, JWEnc) else JWEnc().unpack(token)
 
         if not self.cek:
             raise Exception("Content Encryption Key is Not Yet Set")
diff --git a/src/cryptojwt/jwe/jwe_hmac.py b/src/cryptojwt/jwe/jwe_hmac.py
@@ -67,10 +67,7 @@ def decrypt(self, token, key=None, cek=None):
         if not key and not cek:
             raise MissingKey("On of key or cek must be specified")
 
-        if isinstance(token, JWEnc):
-            jwe = token
-        else:
-            jwe = JWEnc().unpack(token)
+        jwe = token if isinstance(token, JWEnc) else JWEnc().unpack(token)
 
         if len(jwe) != 5:
             raise WrongNumberOfParts(len(jwe))
diff --git a/src/cryptojwt/jwe/jwe_rsa.py b/src/cryptojwt/jwe/jwe_rsa.py
@@ -92,10 +92,7 @@ def decrypt(self, token, key, cek=None):
         :param cek: Ephemeral cipher key
         :return: The decrypted message
         """
-        if not isinstance(token, JWEnc):
-            jwe = JWEnc().unpack(token)
-        else:
-            jwe = token
+        jwe = JWEnc().unpack(token) if not isinstance(token, JWEnc) else token
 
         self.jwt = jwe.encrypted_key()
         jek = jwe.encrypted_key()
diff --git a/src/cryptojwt/jwe/jwekey.py b/src/cryptojwt/jwe/jwekey.py
@@ -29,8 +29,8 @@ def _generate_key(encalg, cek=""):
         except KeyError:
             try:
                 _key = get_random_bytes(KEY_LEN_BYTES[encalg])
-            except KeyError:
-                raise ValueError("Unsupported encryption algorithm %s" % encalg)
+            except KeyError as exc:
+                raise ValueError("Unsupported encryption algorithm %s" % encalg) from exc
 
         return _key
 
diff --git a/src/cryptojwt/jwe/utils.py b/src/cryptojwt/jwe/utils.py
@@ -18,8 +18,8 @@ def get_keys_seclen_dgst(key, iv):
     # Select the digest to use based on key length
     try:
         seclen, hash_method = LENMET[len(key)]
-    except KeyError:
-        raise Exception("Invalid CBC+HMAC key length: %s bytes" % len(key))
+    except KeyError as exc:
+        raise Exception("Invalid CBC+HMAC key length: %s bytes" % len(key)) from exc
 
     # Split the key
     ka = key[:seclen]
diff --git a/src/cryptojwt/jwk/asym.py b/src/cryptojwt/jwk/asym.py
@@ -38,8 +38,8 @@ def appropriate_for(self, usage, **kwargs):
         """
         try:
             _use = USE[usage]
-        except KeyError:
-            raise ValueError("Unknown key usage")
+        except KeyError as exc:
+            raise ValueError("Unknown key usage") from exc
         else:
             if usage in ["sign", "decrypt"]:
                 if not self.use or _use == self.use:
diff --git a/src/cryptojwt/jwk/ec.py b/src/cryptojwt/jwk/ec.py
@@ -45,8 +45,8 @@ def ec_construct_public(num):
     """
     try:
         _sec_crv = NIST2SEC[as_unicode(num["crv"])]
-    except KeyError:
-        raise UnsupportedECurve("Unsupported elliptic curve: {}".format(num["crv"]))
+    except KeyError as exc:
+        raise UnsupportedECurve("Unsupported elliptic curve: {}".format(num["crv"])) from exc
 
     ecpn = ec.EllipticCurvePublicNumbers(num["x"], num["y"], _sec_crv())
     return ecpn.public_key()
@@ -152,8 +152,8 @@ def deserialize(self):
                         {"x": _x, "y": _y, "crv": self.crv, "d": _d}
                     )
                     self.pub_key = self.priv_key.public_key()
-            except ValueError as err:
-                raise DeSerializationNotPossible(str(err))
+            except ValueError as exc:
+                raise DeSerializationNotPossible(str(exc)) from exc
         else:
             self.pub_key = ec_construct_public({"x": _x, "y": _y, "crv": self.crv})
 
diff --git a/src/cryptojwt/jwk/hmac.py b/src/cryptojwt/jwk/hmac.py
@@ -81,8 +81,8 @@ def appropriate_for(self, usage, alg="HS256"):
         """
         try:
             _use = USE[usage]
-        except:
-            raise ValueError("Unknown key usage")
+        except Exception as exc:
+            raise ValueError("Unknown key usage") from exc
         else:
             if not self.use or self.use == _use:
                 if _use == "sig":
@@ -106,8 +106,8 @@ def encryption_key(self, alg, **kwargs):
 
         try:
             tsize = ALG2KEYLEN[alg]
-        except KeyError:
-            raise UnsupportedAlgorithm(alg)
+        except KeyError as exc:
+            raise UnsupportedAlgorithm(alg) from exc
 
         if tsize <= 32:
             # SHA256
diff --git a/src/cryptojwt/jwk/okp.py b/src/cryptojwt/jwk/okp.py
@@ -145,16 +145,16 @@ def deserialize(self):
                 if isinstance(self.d, (str, bytes)):
                     try:
                         self.priv_key = OKP_CRV2PRIVATE[self.crv].from_private_bytes(deser(self.d))
-                    except KeyError:
-                        raise UnsupportedOKPCurve(f"Unsupported OKP curve: {self.crv}")
+                    except KeyError as exc:
+                        raise UnsupportedOKPCurve(f"Unsupported OKP curve: {self.crv}") from exc
                     self.pub_key = self.priv_key.public_key()
-            except ValueError as err:
-                raise DeSerializationNotPossible(str(err))
+            except ValueError as exc:
+                raise DeSerializationNotPossible(str(exc)) from exc
         else:
             try:
                 self.pub_key = OKP_CRV2PUBLIC[self.crv].from_public_bytes(_x)
-            except KeyError:
-                raise UnsupportedOKPCurve(f"Unsupported OKP curve: {self.crv}")
+            except KeyError as exc:
+                raise UnsupportedOKPCurve(f"Unsupported OKP curve: {self.crv}") from exc
 
     def _serialize_public(self, key):
         self.x = b64e(
diff --git a/src/cryptojwt/jwk/rsa.py b/src/cryptojwt/jwk/rsa.py
@@ -322,8 +322,8 @@ def deserialize(self):
                     self.pub_key = self.priv_key.public_key()
                 else:
                     self.pub_key = rsa_construct_public(numbers)
-            except ValueError as err:
-                raise DeSerializationNotPossible("%s" % err)
+            except ValueError as exc:
+                raise DeSerializationNotPossible(str(exc)) from exc
 
         if self.x5c:
             _cert_chain = []
diff --git a/src/cryptojwt/jwk/wrap.py b/src/cryptojwt/jwk/wrap.py
@@ -19,8 +19,8 @@ def wrap_key(key: JWK, wrapping_key: JWK, wrap_params: dict = DEFAULT_WRAP_PARAM
     message = json.dumps(key.serialize(private=True)).encode()
     try:
         enc_params = wrap_params[wrapping_key.kty]
-    except KeyError:
-        raise ValueError("Unsupported wrapping key type")
+    except KeyError as exc:
+        raise ValueError("Unsupported wrapping key type") from exc
     _jwe = JWE(msg=message, **enc_params)
     return _jwe.encrypt(keys=[wrapping_key], kid=wrapping_key.kid)
 
diff --git a/src/cryptojwt/jws/dsa.py b/src/cryptojwt/jws/dsa.py
@@ -75,8 +75,8 @@ def verify(self, msg, sig, key):
             (r, s) = self._split_raw_signature(sig)
             asn1sig = encode_dss_signature(r, s)
             key.verify(asn1sig, msg, ec.ECDSA(self.hash_algorithm()))
-        except InvalidSignature as err:
-            raise BadSignature(err)
+        except InvalidSignature as exc:
+            raise BadSignature(exc) from exc
         else:
             return True
 
diff --git a/src/cryptojwt/jws/eddsa.py b/src/cryptojwt/jws/eddsa.py
@@ -62,7 +62,7 @@ def verify(self, msg, sig, key):
 
         try:
             key.verify(sig, msg)
-        except InvalidSignature as err:
-            raise BadSignature(err)
+        except InvalidSignature as exc:
+            raise BadSignature(exc) from exc
         else:
             return True
diff --git a/src/cryptojwt/jws/jws.py b/src/cryptojwt/jws/jws.py
@@ -133,8 +133,8 @@ def sign_compact(self, keys=None, protected=None, **kwargs):
         # All other cases
         try:
             _signer = SIGNER_ALGS[_alg]
-        except KeyError:
-            raise UnknownAlgorithm(_alg)
+        except KeyError as exc:
+            raise UnknownAlgorithm(_alg) from exc
 
         _input = jwt.pack(parts=[self.msg])
 
@@ -211,10 +211,7 @@ def verify_compact_verbose(self, jws=None, keys=None, allow_none=False, sigalg=N
 
         self["alg"] = _alg
 
-        if keys:
-            _keys = self.pick_keys(keys)
-        else:
-            _keys = self.pick_keys(self._get_keys())
+        _keys = self.pick_keys(keys) if keys else self.pick_keys(self._get_keys())
 
         if not _keys:
             if "kid" in self:
@@ -227,10 +224,7 @@ def verify_compact_verbose(self, jws=None, keys=None, allow_none=False, sigalg=N
         verifier = SIGNER_ALGS[_alg]
 
         for key in _keys:
-            if isinstance(key, AsymmetricKey):
-                _key = key.public_key()
-            else:
-                _key = key.key
+            _key = key.public_key() if isinstance(key, AsymmetricKey) else key.key
 
             try:
                 if not verifier.verify(jwt.sign_input(), jwt.signature(), _key):
@@ -310,8 +304,8 @@ def verify_json(self, jws, keys=None, allow_none=False, at_least_one=False):
 
         try:
             _payload = _jwss["payload"]
-        except KeyError:
-            raise FormatError("Missing payload")
+        except KeyError as exc:
+            raise FormatError("Missing payload") from exc
 
         try:
             _signs = _jwss["signatures"]
diff --git a/src/cryptojwt/jws/pss.py b/src/cryptojwt/jws/pss.py
@@ -64,7 +64,7 @@ def verify(self, msg, signature, key):
                 ),
                 self.hash_algorithm(),
             )
-        except InvalidSignature as err:
-            raise BadSignature(err)
+        except InvalidSignature as exc:
+            raise BadSignature(exc) from exc
         else:
             return True
diff --git a/src/cryptojwt/jws/rsa.py b/src/cryptojwt/jws/rsa.py
@@ -42,8 +42,8 @@ def verify(self, msg, signature, key):
             raise TypeError("The public key must be an instance of RSAPublicKey")
         try:
             key.verify(signature, msg, self.padding, self.hash)
-        except InvalidSignature as err:
-            raise BadSignature(str(err))
+        except InvalidSignature as exc:
+            raise BadSignature(str(exc)) from exc
         except AttributeError:
             return False
         else:
diff --git a/src/cryptojwt/jwt.py b/src/cryptojwt/jwt.py
@@ -51,10 +51,7 @@ def pick_key(keys, use, alg="", key_type="", kid=""):
     """
     res = []
     if not key_type:
-        if use == "sig":
-            key_type = jws_alg2keytype(alg)
-        else:
-            key_type = jwe_alg2keytype(alg)
+        key_type = jws_alg2keytype(alg) if use == "sig" else jwe_alg2keytype(alg)
 
     for key in keys:
         if key.use and key.use != use:
@@ -263,11 +260,7 @@ def pack(
             issuer_id = self.iss
 
         if self.sign:
-            if self.alg != "none":
-                _key = self.pack_key(issuer_id, kid)
-                # _args['kid'] = _key.kid
-            else:
-                _key = None
+            _key = self.pack_key(issuer_id, kid) if self.alg != "none" else None
 
             jws_headers = jws_headers or {}
 
diff --git a/src/cryptojwt/jwx.py b/src/cryptojwt/jwx.py
@@ -89,9 +89,9 @@ def __init__(self, msg=None, with_digest=False, httpc=None, **kwargs):
                     try:
                         _spec = load_x509_cert(self["x5u"], self.httpc, {})
                         self._jwk = RSAKey(pub_key=_spec["rsa"]).to_dict()
-                    except Exception:
+                    except Exception as exc:
                         # ca_chain = load_x509_cert_chain(self["x5u"])
-                        raise ValueError("x5u")
+                        raise ValueError("x5u") from exc
                 else:
                     self._dict[key] = _val
                 if key in DEPRECATED and _val in DEPRECATED[key]:
@@ -123,8 +123,8 @@ def __setitem__(self, key, value):
     def __getattr__(self, item):
         try:
             return self._dict[item]
-        except KeyError:
-            raise AttributeError(item)
+        except KeyError as exc:
+            raise AttributeError(item) from exc
 
     def keys(self):
         """Return all keys."""
diff --git a/src/cryptojwt/key_bundle.py b/src/cryptojwt/key_bundle.py
@@ -278,10 +278,7 @@ def __init__(
         if keys:
             self.source = None
             if isinstance(keys, dict):
-                if "keys" in keys:
-                    initial_keys = keys["keys"]
-                else:
-                    initial_keys = [keys]
+                initial_keys = keys["keys"] if "keys" in keys else [keys]
             else:
                 initial_keys = keys
             self._keys = self.jwk_dicts_as_keys(initial_keys)
@@ -373,9 +370,9 @@ def jwk_dicts_as_keys(self, keys):
             for _use in _usage:
                 try:
                     _key = K2C[_typ](use=_use, **inst)
-                except KeyError:
+                except KeyError as exc:
                     if not self.ignore_invalid_keys:
-                        raise UnknownKeyType(inst)
+                        raise UnknownKeyType(inst) from exc
                     _error = f"UnknownKeyType: {_typ}"
                     continue
                 except (UnsupportedECurve, UnsupportedAlgorithm) as err:
@@ -485,7 +482,7 @@ def _do_remote(self, set_keys=True):
             _http_resp = self.httpc("GET", self.source, **httpc_params)
         except Exception as err:
             LOGGER.error(err)
-            raise UpdateFailed(REMOTE_FAILED.format(self.source, str(err)))
+            raise UpdateFailed(REMOTE_FAILED.format(self.source, str(err))) from err
 
         new_keys = None
         load_successful = _http_resp.status_code == 200
@@ -501,10 +498,10 @@ def _do_remote(self, set_keys=True):
             LOGGER.debug("Loaded JWKS: %s from %s", _http_resp.text, self.source)
             try:
                 new_keys = self.jwk_dicts_as_keys(self.imp_jwks["keys"])
-            except KeyError:
+            except KeyError as exc:
                 LOGGER.error("No 'keys' keyword in JWKS")
                 self.ignore_errors_until = time.time() + self.ignore_errors_period
-                raise UpdateFailed(MALFORMED.format(self.source))
+                raise UpdateFailed(MALFORMED.format(self.source)) from exc
 
             if hasattr(_http_resp, "headers"):
                 headers = _http_resp.headers
diff --git a/src/cryptojwt/key_issuer.py b/src/cryptojwt/key_issuer.py
@@ -232,8 +232,8 @@ def import_jwks(self, jwks):
         """
         try:
             _keys = jwks["keys"]
-        except KeyError:
-            raise ValueError("Not a proper JWKS")
+        except KeyError as exc:
+            raise ValueError("Not a proper JWKS") from exc
         else:
             self._bundles.append(
                 self.keybundle_cls(_keys, httpc=self.httpc, httpc_params=self.httpc_params)
@@ -285,10 +285,7 @@ def get(self, key_use, key_type="", kid=None, alg="", **kwargs):
         :return: A possibly empty list of keys
         """
 
-        if key_use in ["dec", "enc"]:
-            use = "enc"
-        else:
-            use = "sig"
+        use = "enc" if key_use in ["dec", "enc"] else "sig"
 
         if not key_type:
             if alg:
diff --git a/src/cryptojwt/key_jar.py b/src/cryptojwt/key_jar.py
diff --git a/src/cryptojwt/simple_jwt.py b/src/cryptojwt/simple_jwt.py
diff --git a/src/cryptojwt/tools/jwtpeek.py b/src/cryptojwt/tools/jwtpeek.py
diff --git a/src/cryptojwt/utils.py b/src/cryptojwt/utils.py
