Catch incompatible "use" and "key_ops" usage

Thanks to Jan Rusnacko for pointing out this flaw. Signed-off-by: Simo Sorce <simo@redhat.com>
author: Simo Sorce <simo@redhat.com> 2015-03-18 13:30:16 -0400
committer: Simo Sorce <simo@redhat.com> 2015-03-18 13:43:46 -0400
commit: 3302e14058a7ecbe39c7f403a3b0c4aa66d1f87d (patch)
tree: b16af7c1608e1d6bcecdb4fe7d4c149916ade027
parent: 0435a3e3100b7f998bc1d24eafe6a8967da957b1 (diff)
download: jwcrypto-3302e14058a7ecbe39c7f403a3b0c4aa66d1f87d.tar.gz
jwcrypto-3302e14058a7ecbe39c7f403a3b0c4aa66d1f87d.tar.xz
jwcrypto-3302e14058a7ecbe39c7f403a3b0c4aa66d1f87d.zip
2 files changed, 34 insertions, 0 deletions
diff --git a/jwcrypto/jwk.py b/jwcrypto/jwk.py
index 95a05a4..c989e06 100644
--- a/jwcrypto/jwk.py
+++ b/jwcrypto/jwk.py
@@ -156,6 +156,34 @@ class JWK(object):
         if len(self._key) == 0:
             raise InvalidJWKValue('No Key Values found')
 
+        # check key_ops
+        if 'key_ops' in self._params:
+            for ko in self._params['key_ops']:
+                c = 0
+                for cko in self._params['key_ops']:
+                    if ko == cko:
+                        c += 1
+                if c != 1:
+                    raise InvalidJWKValue('Duplicate values in "key_ops"')
+
+        # check use/key_ops consistency
+        if 'use' in self._params and 'key_ops' in self._params:
+            sigl = ['sign', 'verify']
+            encl = ['encrypt', 'decrypt', 'wrapKey', 'unwrapKey',
+                    'deriveKey', 'deriveBits']
+            if self._params['use'] == 'sig':
+                for op in encl:
+                    if op in self._params['key_ops']:
+                        raise InvalidJWKValue('Incompatible "use" and'
+                                              ' "key_ops" values specified at'
+                                              ' the same time')
+            elif self._params['use'] == 'enc':
+                for op in sigl:
+                    if op in self._params['key_ops']:
+                        raise InvalidJWKValue('Incompatible "use" and'
+                                              ' "key_ops" values specified at'
+                                              ' the same time')
+
     def export(self):
         d = dict()
         d.update(self._params)
diff --git a/jwcrypto/tests.py b/jwcrypto/tests.py
index 888ad39..13dfeb7 100644
--- a/jwcrypto/tests.py
+++ b/jwcrypto/tests.py
@@ -642,3 +642,9 @@ class ConformanceTests(unittest.TestCase):
         key = jwk.JWK(kty='oct', k='secret', unknown='mystery')
         # pylint: disable=protected-access
         self.assertEqual('mystery', key._unknown['unknown'])
+
+    def test_key_ops_values(self):
+        self.assertRaises(jwk.InvalidJWKValue, jwk.JWK,
+                          kty='RSA', n=1, key_ops=['sign'], use='enc')
+        self.assertRaises(jwk.InvalidJWKValue, jwk.JWK,
+                          kty='RSA', n=1, key_ops=['sign', 'sign'])
author	Simo Sorce <simo@redhat.com>	2015-03-18 13:30:16 -0400
committer	Simo Sorce <simo@redhat.com>	2015-03-18 13:43:46 -0400
commit	3302e14058a7ecbe39c7f403a3b0c4aa66d1f87d (patch)
tree	b16af7c1608e1d6bcecdb4fe7d4c149916ade027
parent	0435a3e3100b7f998bc1d24eafe6a8967da957b1 (diff)
download	jwcrypto-3302e14058a7ecbe39c7f403a3b0c4aa66d1f87d.tar.gz jwcrypto-3302e14058a7ecbe39c7f403a3b0c4aa66d1f87d.tar.xz jwcrypto-3302e14058a7ecbe39c7f403a3b0c4aa66d1f87d.zip