Use format specifiers instead of percent format

jschlyter · jschlyter · commit 788c8cb90793 · 2024-06-07T11:47:53.000+02:00
diff --git a/src/cryptojwt/exception.py b/src/cryptojwt/exception.py
@@ -20,7 +20,7 @@ def __init__(self, value, msg):
         self.msg = msg
 
     def __str__(self):
-        return "%s: %r" % (self.msg, self.value)
+        return f"{self.msg}: {self.value!r}"
 
 
 class BadSignature(Invalid):
diff --git a/src/cryptojwt/jwe/jwe.py b/src/cryptojwt/jwe/jwe.py
@@ -199,7 +199,7 @@ def decrypt(self, token=None, keys=None, alg=None, cek=None):
             except (KeyError, DecryptionFailed):
                 pass
             else:
-                logger.debug("Decrypted message using key with kid=%s" % key.kid)
+                logger.debug(f"Decrypted message using key with kid={key.kid}")
                 return msg
 
         raise DecryptionFailed("No available key that could decrypt the message")
diff --git a/src/cryptojwt/jwe/jwe_ec.py b/src/cryptojwt/jwe/jwe_ec.py
@@ -112,7 +112,7 @@ def enc_setup(self, msg, key=None, auth_data=b"", **kwargs):
             try:
                 dk_len = KEY_LEN[self.enc]
             except KeyError as exc:
-                raise ValueError("Unknown key length for algorithm %s" % self.enc) from exc
+                raise ValueError(f"Unknown key length for algorithm {self.enc}") from exc
 
             cek = ecdh_derive_key(_epk, key.pub_key, apu, apv, str(self.enc).encode(), dk_len)
         elif self.alg in ["ECDH-ES+A128KW", "ECDH-ES+A192KW", "ECDH-ES+A256KW"]:
@@ -122,7 +122,7 @@ def enc_setup(self, msg, key=None, auth_data=b"", **kwargs):
             cek = self._generate_key(self.enc, cek=cek)
             encrypted_key = aes_key_wrap(kek, cek)
         else:
-            raise Exception("Unsupported algorithm %s" % self.alg)
+            raise Exception(f"Unsupported algorithm {self.alg}")
 
         return cek, encrypted_key, iv, params, epk
 
@@ -174,7 +174,7 @@ def dec_setup(self, token, key=None, **kwargs):
             kek = ecdh_derive_key(key, epubkey.pub_key, apu, apv, str(_post).encode(), klen)
             self.cek = aes_key_unwrap(kek, token.encrypted_key())
         else:
-            raise Exception("Unsupported algorithm %s" % self.headers["alg"])
+            raise Exception("Unsupported algorithm {}".format(self.headers["alg"]))
 
         return self.cek
 
diff --git a/src/cryptojwt/jwe/jwe_rsa.py b/src/cryptojwt/jwe/jwe_rsa.py
@@ -49,7 +49,7 @@ def encrypt(self, key, iv="", cek="", **kwargs):
             if self["zip"] == "DEF":
                 _msg = zlib.compress(_msg)
             else:
-                raise ParameterError("Zip has unknown value: %s" % self["zip"])
+                raise ParameterError("Zip has unknown value: {}".format(self["zip"]))
 
         kwarg_cek = cek or None
 
@@ -58,7 +58,7 @@ def encrypt(self, key, iv="", cek="", **kwargs):
         cek = self._generate_key(_enc, cek)
         self["cek"] = cek
 
-        logger.debug("cek: %s, iv: %s" % ([c for c in cek], [c for c in iv]))
+        logger.debug(f"cek: {[c for c in cek]}, iv: {[c for c in iv]}")
 
         _encrypt = RSAEncrypter(self.with_digest).encrypt
 
diff --git a/src/cryptojwt/jwe/jwekey.py b/src/cryptojwt/jwe/jwekey.py
@@ -30,7 +30,7 @@ def _generate_key(encalg, cek=""):
             try:
                 _key = get_random_bytes(KEY_LEN_BYTES[encalg])
             except KeyError as exc:
-                raise ValueError("Unsupported encryption algorithm %s" % encalg) from exc
+                raise ValueError(f"Unsupported encryption algorithm {encalg}") from exc
 
         return _key
 
@@ -77,7 +77,7 @@ def _decrypt(enc, key, ctxt, iv, tag, auth_data=b""):
         elif enc in ["A128CBC-HS256", "A192CBC-HS384", "A256CBC-HS512"]:
             aes = AES_CBCEncrypter(key=key)
         else:
-            raise Exception("Unsupported encryption algorithm %s" % enc)
+            raise Exception(f"Unsupported encryption algorithm {enc}")
 
         try:
             return aes.decrypt(ctxt, iv=iv, auth_data=auth_data, tag=tag)
diff --git a/src/cryptojwt/jwe/jwenc.py b/src/cryptojwt/jwe/jwenc.py
@@ -48,7 +48,7 @@ def is_jwe(self):
         if "alg" in self.headers and "enc" in self.headers:
             for typ in ["alg", "enc"]:
                 if self.headers[typ] not in SUPPORTED[typ]:
-                    logger.debug("Not supported %s algorithm: %s" % (typ, self.headers[typ]))
+                    logger.debug(f"Not supported {typ} algorithm: {self.headers[typ]}")
                     return False
         else:
             return False
diff --git a/src/cryptojwt/jwe/utils.py b/src/cryptojwt/jwe/utils.py
@@ -19,7 +19,7 @@ def get_keys_seclen_dgst(key, iv):
     try:
         seclen, hash_method = LENMET[len(key)]
     except KeyError as exc:
-        raise Exception("Invalid CBC+HMAC key length: %s bytes" % len(key)) from exc
+        raise Exception(f"Invalid CBC+HMAC key length: {len(key)} bytes") from exc
 
     # Split the key
     ka = key[:seclen]
diff --git a/src/cryptojwt/jwk/jwk.py b/src/cryptojwt/jwk/jwk.py
@@ -100,7 +100,7 @@ def key_from_jwk_dict(jwk_dict, private=None):
         if _jwk_dict["crv"] in NIST2SEC:
             curve = NIST2SEC[_jwk_dict["crv"]]()
         else:
-            raise UnsupportedAlgorithm("Unknown curve: %s" % (_jwk_dict["crv"]))
+            raise UnsupportedAlgorithm("Unknown curve: {}".format(_jwk_dict["crv"]))
 
         if _jwk_dict.get("d", None) is not None:
             # Ecdsa private key.
diff --git a/src/cryptojwt/jwk/x509.py b/src/cryptojwt/jwk/x509.py
@@ -106,9 +106,9 @@ def load_x509_cert(url, httpc, spec2key, **get_args):
             elif isinstance(public_key, ec.EllipticCurvePublicKey):
                 return {"ec": public_key}
         else:
-            raise Exception("HTTP Get error: %s" % r.status_code)
+            raise Exception(f"HTTP Get error: {r.status_code}")
     except Exception as err:  # not a RSA key
-        logger.warning("Can't load key: %s" % err)
+        logger.warning(f"Can't load key: {err}")
         return []
 
 
diff --git a/src/cryptojwt/jws/jws.py b/src/cryptojwt/jws/jws.py
@@ -93,10 +93,10 @@ def alg_keys(self, keys, use, protected=None):
         else:
             if "kid" in self:
                 raise NoSuitableSigningKeys(
-                    "No key for algorithm: %s and kid: %s" % (_alg, self["kid"])
+                    "No key for algorithm: {} and kid: {}".format(_alg, self["kid"])
                 )
             else:
-                raise NoSuitableSigningKeys("No key for algorithm: %s" % _alg)
+                raise NoSuitableSigningKeys(f"No key for algorithm: {_alg}")
 
         return key, xargs, _alg
 
@@ -137,7 +137,7 @@ def sign_compact(self, keys=None, protected=None, **kwargs):
         else:
             sig = _signer.sign(_input.encode("utf-8"), key.key)
 
-        logger.debug("Signed message using key with kid=%s" % key.kid)
+        logger.debug(f"Signed message using key with kid={key.kid}")
         return ".".join([_input, b64encode_item(sig).decode("utf-8")])
 
     def verify_compact(self, jws=None, keys=None, allow_none=False, sigalg=None):
@@ -209,11 +209,11 @@ def verify_compact_verbose(self, jws=None, keys=None, allow_none=False, sigalg=N
 
         if not _keys:
             if "kid" in self:
-                raise NoSuitableSigningKeys("No key with kid: %s" % (self["kid"]))
+                raise NoSuitableSigningKeys("No key with kid: {}".format(self["kid"]))
             elif "kid" in self.jwt.headers:
-                raise NoSuitableSigningKeys("No key with kid: %s" % (self.jwt.headers["kid"]))
+                raise NoSuitableSigningKeys("No key with kid: {}".format(self.jwt.headers["kid"]))
             else:
-                raise NoSuitableSigningKeys("No key for algorithm: %s" % _alg)
+                raise NoSuitableSigningKeys(f"No key for algorithm: {_alg}")
 
         verifier = SIGNER_ALGS[_alg]
 
@@ -228,7 +228,7 @@ def verify_compact_verbose(self, jws=None, keys=None, allow_none=False, sigalg=N
             except (ValueError, TypeError) as err:
                 logger.warning(f'Exception "{err}" caught')
             else:
-                logger.debug("Verified message using key with kid=%s" % key.kid)
+                logger.debug(f"Verified message using key with kid={key.kid}")
                 self.msg = jwt.payload()
                 self.key = key
                 self._protected_headers = jwt.headers.copy()
@@ -408,7 +408,7 @@ def _is_compact_jws(self, jws):
             jwt.headers["alg"] = "none"
 
         if jwt.headers["alg"] not in SIGNER_ALGS:
-            logger.debug("UnknownSignerAlg: %s" % jwt.headers["alg"])
+            logger.debug("UnknownSignerAlg: {}".format(jwt.headers["alg"]))
             return False
 
         self.jwt = jwt
diff --git a/src/cryptojwt/key_bundle.py b/src/cryptojwt/key_bundle.py
@@ -1007,7 +1007,7 @@ def build_key_bundle(key_conf, kid_template=""):
             if "key" in spec and spec["key"]:
                 if os.path.isfile(spec["key"]):
                     _bundle = KeyBundle(
-                        source="file://%s" % spec["key"],
+                        source="file://{}".format(spec["key"]),
                         fileformat="der",
                         keytype=typ,
                         keyusage=spec["use"],
@@ -1018,7 +1018,7 @@ def build_key_bundle(key_conf, kid_template=""):
             if "key" in spec and spec["key"]:
                 if os.path.isfile(spec["key"]):
                     _bundle = KeyBundle(
-                        source="file://%s" % spec["key"],
+                        source="file://{}".format(spec["key"]),
                         fileformat="der",
                         keytype=typ,
                         keyusage=spec["use"],
@@ -1029,7 +1029,7 @@ def build_key_bundle(key_conf, kid_template=""):
             if "key" in spec and spec["key"]:
                 if os.path.isfile(spec["key"]):
                     _bundle = KeyBundle(
-                        source="file://%s" % spec["key"],
+                        source="file://{}".format(spec["key"]),
                         fileformat="der",
                         keytype=typ,
                         keyusage=spec["use"],
diff --git a/src/cryptojwt/utils.py b/src/cryptojwt/utils.py
@@ -20,11 +20,11 @@
 
 
 def intarr2bin(arr):
-    return unhexlify("".join(["%02x" % byte for byte in arr]))
+    return unhexlify("".join([f"{byte:02x}" for byte in arr]))
 
 
 def intarr2long(arr):
-    return int("".join(["%02x" % byte for byte in arr]), 16)
+    return int("".join([f"{byte:02x}" for byte in arr]), 16)
 
 
 def intarr2str(arr):
@@ -45,7 +45,7 @@ def long_to_base64(n, mlen=0):
         _len = mlen - len(bys)
         if _len:
             bys = [0] * _len + bys
-    data = struct.pack("%sB" % len(bys), *bys)
+    data = struct.pack(f"{len(bys)}B", *bys)
     if not len(data):
         data = b"\x00"
     s = base64.urlsafe_b64encode(data).rstrip(b"=")
@@ -58,7 +58,7 @@ def base64_to_long(data):
 
     # urlsafe_b64decode will happily convert b64encoded data
     _d = base64.urlsafe_b64decode(as_bytes(data) + b"==")
-    return intarr2long(struct.unpack("%sB" % len(_d), _d))
+    return intarr2long(struct.unpack(f"{len(_d)}B", _d))
 
 
 def base64url_to_long(data):
@@ -75,7 +75,7 @@ def base64url_to_long(data):
     # that is no '+' and '/' characters and not trailing "="s.
     if [e for e in [b"+", b"/", b"="] if e in _data]:
         raise ValueError("Not base64url encoded")
-    return intarr2long(struct.unpack("%sB" % len(_d), _d))
+    return intarr2long(struct.unpack(f"{len(_d)}B", _d))
 
 
 # =============================================================================
