Allow to pass through pem loading unsafe option

jwcrypto/jwk.py

@@ -339,6 +339,7 @@ def __init__(self, **kwargs):
         super(JWK, self).__init__()
         self._cache_pub_k = None
         self._cache_pri_k = None
+        self.unsafe_skip_rsa_key_validation = False
 
         if 'generate' in kwargs:
             self.generate_key(**kwargs)
@@ -838,7 +839,9 @@ def _rsa_pub(self):
     def _rsa_pri(self):
         k = self._cache_pri_k
         if k is None:
-            k = self._rsa_pri_n().private_key(default_backend())
+            u = self.unsafe_skip_rsa_key_validation
+            k = self._rsa_pri_n().private_key(default_backend(),
+                                              unsafe_skip_rsa_key_validation=u)
             self._cache_pri_k = k
         return k
 
@@ -993,8 +996,10 @@ def import_from_pem(self, data, password=None, kid=None):
         """
 
         try:
+            u = self.unsafe_skip_rsa_key_validation
             key = serialization.load_pem_private_key(
-                data, password=password, backend=default_backend())
+                data, password=password, backend=default_backend(),
+                unsafe_skip_rsa_key_validation=u)
         except ValueError as e:
             if password is not None:
                 raise e

jwcrypto/tests.py

@@ -757,6 +757,16 @@ def test_thumbprint_uri(self):
             "urn:ietf:params:oauth:jwk-thumbprint:sha-256:{}".format(
                 PublicKeys['thumbprints'][1]))
 
+    def test_unsafe_rsa(self):
+        key = jwk.JWK()
+        key.unsafe_skip_rsa_key_validation = True
+        key.import_from_pem(RSAPrivatePEM, password=RSAPrivatePassword)
+        self.assertTrue(key.has_private)
+        # finally check private works
+        s = jws.JWS(payload='plaintext')
+        s.add_signature(key, None, {"alg": "PS256"})
+        s.serialize()
+
 
 # RFC 7515 - A.1
 A1_protected = \