Coverage for src / ai_lls_lib / key_management.py: 100%

1"""Managed API key generation and validation utilities. 

2 

3Supports multi-API-key management for insurance agent customers 

4who need more than one API key to integrate with multiple services. 

5 

6Key format: 

7 Legacy: lls_<40 hex chars> 

8 Managed: lls_mk_<40 hex chars> 

9""" 

10 

11import hashlib 

12import secrets 

13 

14MIN_EXPIRATION_DAYS = 1 

15MAX_EXPIRATION_DAYS = 730 

16 

17MANAGED_KEY_PREFIX = "lls_mk_" 

18KEY_ID_PREFIX = "mk_" 

19 

20 

21def generate_key_id() -> str: 

22 """Generate a unique key ID with mk_ prefix. 

23 

24 Returns a key ID in the format ``mk_<24 hex chars>`` using 96-bit 

25 entropy via :func:`secrets.token_hex`. 

26 """ 

27 return f"{KEY_ID_PREFIX}{secrets.token_hex(12)}" 

28 

29 

30def generate_managed_key() -> str: 

31 """Generate a new managed API key. 

32 

33 Returns a key in the format ``lls_mk_<40 hex chars>`` using 160-bit 

34 entropy via :func:`secrets.token_hex`. 

35 """ 

36 return f"{MANAGED_KEY_PREFIX}{secrets.token_hex(20)}" 

37 

38 

39def compute_key_hash(key: str) -> str: 

40 """Compute the SHA-256 hash of an API key. 

41 

42 Args: 

43 key: The full API key string. 

44 

45 Returns: 

46 Hex digest of the SHA-256 hash. 

47 """ 

48 return hashlib.sha256(key.encode()).hexdigest() 

49 

50 

51def validate_expiration_days(days: int) -> bool: 

52 """Validate that an expiration period is within the allowed range. 

53 

54 Args: 

55 days: Number of days until key expiration. 

56 

57 Returns: 

58 ``True`` if *days* is between 1 and 730 inclusive, ``False`` otherwise. 

59 """ 

60 return MIN_EXPIRATION_DAYS <= days <= MAX_EXPIRATION_DAYS