From 10e6739cdcdf924136efcb5ae51b223c82f010e3 Mon Sep 17 00:00:00 2001
From: Ermakov Evgeniy <31726343+ermakoves@users.noreply.github.com>
Date: Tue, 15 May 2018 12:28:41 +0300
Subject: [PATCH] Retrieve all possible keys (#518)

Fix keyio get method to retrieve all possible keys for given usage.
---
 src/oic/utils/keyio.py |  2 +-
 tests/test_keyio.py    | 16 ++++++++--------
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/src/oic/utils/keyio.py b/src/oic/utils/keyio.py
index b691135bb..79664b6bb 100644
--- a/src/oic/utils/keyio.py
+++ b/src/oic/utils/keyio.py
@@ -548,7 +548,7 @@ def get(self, key_use, key_type="", issuer="", kid=None, **kwargs):
                         break
                     if not key.use or use == key.use:
                         lst.append(key)
-                        break
+                        continue
                     # Verification can be performed by both `sig` and `ver` keys
                     if key_use == 'ver' and key.use in ('sig', 'ver'):
                         lst.append(key)
diff --git a/tests/test_keyio.py b/tests/test_keyio.py
index 243828840..4e4ece21a 100644
--- a/tests/test_keyio.py
+++ b/tests/test_keyio.py
@@ -303,8 +303,8 @@ def test_keyjar_group_keys(self):
             keybundle_from_local_file(RSAKEY, "rsa", ["ver", "sig"]))
 
         verified_keys = ks.verify_keys("http://www.example.org")
-        assert len(verified_keys) == 4
-        assert len([k for k in verified_keys if k.kty == "oct"]) == 2
+        assert len(verified_keys) == 6
+        assert len([k for k in verified_keys if k.kty == "oct"]) == 4
         assert len([k for k in verified_keys if k.kty == "RSA"]) == 2
 
     def test_remove_key(self):
@@ -336,8 +336,8 @@ def test_remove_key(self):
         assert len(keys) == 0
 
         keys = ks.verify_keys("http://www.example.com")
-        assert len(keys) == 1
-        assert len([k for k in keys if k.kty == "oct"]) == 1
+        assert len(keys) == 2
+        assert len([k for k in keys if k.kty == "oct"]) == 2
 
         keys = ks.decrypt_keys("http://www.example.org")
         assert keys == []
@@ -354,11 +354,11 @@ def test_get_by_kid(self):
 
     def test_get_inactive_ver(self):
         ks = KeyJar()
-        ks['http://example.com'] = KeyBundle([{"kty": "oct", "key": "a1b2c3d4", "use": "ver"}])
-        ks['http://example.com'][0]._keys[0].inactive_since = 1
+        ks['http://example.com'] = KeyBundle([{"kty": "oct", "key": "a1b2c3d4", "use": "sig"},
+                                              {"kty": "oct", "key": "a1b2c3d4", "use": "ver"}])
+        ks['http://example.com'][0]._keys[1].inactive_since = 1
         key = ks.get_verify_key(owner='http://example.com')
-
-        assert len(key) == 1
+        assert len(key) == 2
 
     def test_get_inactive_sig(self):
         """get_signing_key cannot return inactive `sig` key."""