fix(jwk): improve generate_private_key on binding class

lepture · lepture · commit 2425793190f6 · 2025-12-08T17:24:53.000+09:00
diff --git a/src/joserfc/_rfc7518/rsa_key.py b/src/joserfc/_rfc7518/rsa_key.py
@@ -43,6 +43,14 @@ class RSABinding(CryptographyBinding):
     ssh_type = b"ssh-rsa"
     _cryptography_key_types = (RSAPrivateKey, RSAPublicKey)
 
+    @staticmethod
+    def generate_private_key(size: int) -> RSAPrivateKey:
+        return generate_private_key(
+            public_exponent=65537,
+            key_size=size,
+            backend=default_backend(),
+        )
+
     @staticmethod
     def import_private_key(obj: RSADictKey) -> RSAPrivateKey:
         if "oth" in obj:  # pragma: no cover
@@ -170,17 +178,13 @@ def generate_key(
             key_size = 2048
 
         if key_size % 8 != 0:
-            raise ValueError("Invalid key_size for RSAKey")
+            raise ValueError("A bit size must be a multiple of 8")
 
         if key_size < 2048:
             # https://csrc.nist.gov/publications/detail/sp/800-131a/rev-2/final
             warnings.warn("Key size should be >= 2048 bits", SecurityWarning)
 
-        raw_key = generate_private_key(
-            public_exponent=65537,
-            key_size=key_size,
-            backend=default_backend(),
-        )
+        raw_key = cls.binding.generate_private_key(key_size)
         if private:
             key = cls(raw_key, raw_key, parameters)
         else:
diff --git a/src/joserfc/_rfc8037/okp_key.py b/src/joserfc/_rfc8037/okp_key.py
@@ -63,6 +63,8 @@ class OKPBinding(CryptographyBinding):
 
     @staticmethod
     def generate_private_key(crv: LiteralCurves) -> PrivateOKPKey:
+        if crv not in PRIVATE_KEYS_MAP:
+            raise InvalidKeyCurveError(f"Invalid curve value: '{crv}'")
         crv_key: t.Type[PrivateOKPKey] = PRIVATE_KEYS_MAP[crv]
         return crv_key.generate()
 
@@ -190,12 +192,9 @@ def generate_key(
         :param auto_kid: add ``kid`` automatically
         """
         if crv is None:
-            crv = "Ed25519"
-
-        if crv not in PRIVATE_KEYS_MAP:
-            raise InvalidKeyCurveError(f"Invalid curve value: '{crv}'")
-
-        raw_key = cls.binding.generate_private_key(crv)
+            raw_key = cls.binding.generate_private_key("Ed25519")
+        else:
+            raw_key = cls.binding.generate_private_key(crv)
         if private:
             key = cls(raw_key, raw_key, parameters)
         else:
