diff options
| author | Simo Sorce <simo@redhat.com> | 2015-03-24 10:33:47 -0400 |
|---|---|---|
| committer | Simo Sorce <simo@redhat.com> | 2015-03-24 10:33:47 -0400 |
| commit | 17a93d806f04e87f5bc2cb5063daeed7a500704d (patch) | |
| tree | d3d2321b6294a4dcfbafaf68683b0faf306891d3 | |
| parent | 876fdab2f664822952350d00cab48bef9827a5bf (diff) | |
| download | jwcrypto-conformance.tar.gz jwcrypto-conformance.tar.xz jwcrypto-conformance.zip | |
Better validate that both alg and enc are presentconformance
JOSE headers must include the "alg" and "enc" options in order to be
able to actually process and encrypted token.
Return appropriate messages if either is missing.
| -rw-r--r-- | jwcrypto/jwe.py | 14 | ||||
| -rw-r--r-- | jwcrypto/tests.py | 12 |
2 files changed, 24 insertions, 2 deletions
diff --git a/jwcrypto/jwe.py b/jwcrypto/jwe.py index eb48d94..978fc5e 100644 --- a/jwcrypto/jwe.py +++ b/jwcrypto/jwe.py @@ -440,6 +440,17 @@ class JWE(object): jh = self.merge_headers(jh, rh) return jh + def get_alg_enc_from_headers(self, jh): + algname = jh.get('alg', None) + if algname is None: + raise InvalidJWEData('Missing "alg" from headers') + alg = self._jwa(algname) + encname = jh.get('enc', None) + if encname is None: + raise InvalidJWEData('Missing "enc" from headers') + enc = self._jwa(encname) + return alg, enc + def add_recipient(self, key, header=None): """ Encrypt the provided payload with the given key. @@ -455,8 +466,7 @@ class JWE(object): raise ValueError('key is not a JWK object') jh = self.get_jose_header(header) - alg = self._jwa(jh.get('alg', None)) - enc = self._jwa(jh.get('enc', None)) + alg, enc = self.get_alg_enc_from_headers(jh) rec = dict() if header: diff --git a/jwcrypto/tests.py b/jwcrypto/tests.py index 40fbbbc..cff4f95 100644 --- a/jwcrypto/tests.py +++ b/jwcrypto/tests.py @@ -654,6 +654,18 @@ class ConformanceTests(unittest.TestCase): enc.add_recipient(jwk.JWK(kty='oct', k=base64url_encode('A'*16)), '{"alg":"A128KW","enc":"A128GCM"}') + def test_jwe_no_alg_in_jose_headers(self): + enc = jwe.JWE(plaintext='plain') + self.assertRaises(jwe.InvalidJWEData, enc.add_recipient, + jwk.JWK(kty='oct', k=base64url_encode('A'*16)), + '{"enc":"A128GCM"}') + + def test_jwe_no_enc_in_jose_headers(self): + enc = jwe.JWE(plaintext='plain') + self.assertRaises(jwe.InvalidJWEData, enc.add_recipient, + jwk.JWK(kty='oct', k=base64url_encode('A'*16)), + '{"alg":"A128KW"}') + def test_aes_128(self): enc = jwe.JWE(plaintext='plain') key128 = jwk.JWK(kty='oct', k=base64url_encode('A' * (128 / 8))) |