diff options
| -rw-r--r-- | jwcrypto/jwk.py | 28 | ||||
| -rw-r--r-- | jwcrypto/tests.py | 6 |
2 files changed, 34 insertions, 0 deletions
diff --git a/jwcrypto/jwk.py b/jwcrypto/jwk.py index 95a05a4..c989e06 100644 --- a/jwcrypto/jwk.py +++ b/jwcrypto/jwk.py @@ -156,6 +156,34 @@ class JWK(object): if len(self._key) == 0: raise InvalidJWKValue('No Key Values found') + # check key_ops + if 'key_ops' in self._params: + for ko in self._params['key_ops']: + c = 0 + for cko in self._params['key_ops']: + if ko == cko: + c += 1 + if c != 1: + raise InvalidJWKValue('Duplicate values in "key_ops"') + + # check use/key_ops consistency + if 'use' in self._params and 'key_ops' in self._params: + sigl = ['sign', 'verify'] + encl = ['encrypt', 'decrypt', 'wrapKey', 'unwrapKey', + 'deriveKey', 'deriveBits'] + if self._params['use'] == 'sig': + for op in encl: + if op in self._params['key_ops']: + raise InvalidJWKValue('Incompatible "use" and' + ' "key_ops" values specified at' + ' the same time') + elif self._params['use'] == 'enc': + for op in sigl: + if op in self._params['key_ops']: + raise InvalidJWKValue('Incompatible "use" and' + ' "key_ops" values specified at' + ' the same time') + def export(self): d = dict() d.update(self._params) diff --git a/jwcrypto/tests.py b/jwcrypto/tests.py index 888ad39..13dfeb7 100644 --- a/jwcrypto/tests.py +++ b/jwcrypto/tests.py @@ -642,3 +642,9 @@ class ConformanceTests(unittest.TestCase): key = jwk.JWK(kty='oct', k='secret', unknown='mystery') # pylint: disable=protected-access self.assertEqual('mystery', key._unknown['unknown']) + + def test_key_ops_values(self): + self.assertRaises(jwk.InvalidJWKValue, jwk.JWK, + kty='RSA', n=1, key_ops=['sign'], use='enc') + self.assertRaises(jwk.InvalidJWKValue, jwk.JWK, + kty='RSA', n=1, key_ops=['sign', 'sign']) |