From 17a93d806f04e87f5bc2cb5063daeed7a500704d Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Tue, 24 Mar 2015 10:33:47 -0400
Subject: Better validate that both alg and enc are present

JOSE headers must include the "alg" and "enc" options in order to be
able to actually process and encrypted token.
Return appropriate messages if either is missing.
---
 jwcrypto/tests.py | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'jwcrypto/tests.py')

diff --git a/jwcrypto/tests.py b/jwcrypto/tests.py
index 40fbbbc..cff4f95 100644
--- a/jwcrypto/tests.py
+++ b/jwcrypto/tests.py
@@ -654,6 +654,18 @@ class ConformanceTests(unittest.TestCase):
         enc.add_recipient(jwk.JWK(kty='oct', k=base64url_encode('A'*16)),
                           '{"alg":"A128KW","enc":"A128GCM"}')
 
+    def test_jwe_no_alg_in_jose_headers(self):
+        enc = jwe.JWE(plaintext='plain')
+        self.assertRaises(jwe.InvalidJWEData, enc.add_recipient,
+                          jwk.JWK(kty='oct', k=base64url_encode('A'*16)),
+                          '{"enc":"A128GCM"}')
+
+    def test_jwe_no_enc_in_jose_headers(self):
+        enc = jwe.JWE(plaintext='plain')
+        self.assertRaises(jwe.InvalidJWEData, enc.add_recipient,
+                          jwk.JWK(kty='oct', k=base64url_encode('A'*16)),
+                          '{"alg":"A128KW"}')
+
     def test_aes_128(self):
         enc = jwe.JWE(plaintext='plain')
         key128 = jwk.JWK(kty='oct', k=base64url_encode('A' * (128 / 8)))
-- 
cgit