From 813defe02b1591c313e3ff1ee08474be237a36d4 Mon Sep 17 00:00:00 2001 From: Jan Stein Date: Tue, 8 May 2018 11:00:14 +0200 Subject: [PATCH 1/2] Fix alg matching in pick_key --- src/cryptojwt/__init__.py | 2 +- src/cryptojwt/jwt.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/cryptojwt/__init__.py b/src/cryptojwt/__init__.py index de4a87aa..93e4074c 100644 --- a/src/cryptojwt/__init__.py +++ b/src/cryptojwt/__init__.py @@ -16,7 +16,7 @@ from binascii import unhexlify -__version__ = '0.3.0' +__version__ = '0.3.1' logger = logging.getLogger(__name__) diff --git a/src/cryptojwt/jwt.py b/src/cryptojwt/jwt.py index 1366985c..c7328f83 100755 --- a/src/cryptojwt/jwt.py +++ b/src/cryptojwt/jwt.py @@ -43,7 +43,7 @@ def pick_key(keys, use, alg='', key_type='', kid=''): continue if key.kty == key_type: - if key.alg == '' or key.alg == alg: + if key.alg == '' or alg == '' or key.alg == alg: if key.kid == '' or kid == '' or key.kid == kid: res.append(key) return res From d33b2001946aa17382c10281c4e74ef9a78e692d Mon Sep 17 00:00:00 2001 From: Jan Stein Date: Tue, 8 May 2018 14:57:07 +0200 Subject: [PATCH 2/2] Added test case that mimics my code --- tests/test_5_jwt.py | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/tests/test_5_jwt.py b/tests/test_5_jwt.py index fb1827e8..6f75e3ec 100755 --- a/tests/test_5_jwt.py +++ b/tests/test_5_jwt.py @@ -95,3 +95,30 @@ def test_jwt_pack_encrypt_no_sign(): info = bob.unpack(_jwt) assert set(info.keys()) == {'iat', 'iss', 'sub', 'aud'} + + +def test_jwt_pack_and_unpack_with_alg(): + alice = JWT(own_keys=ALICE_KEYS, iss=ALICE) + payload = {'sub': 'sub'} + _jwt = alice.pack(payload=payload) + + from cryptojwt.jwk import KEYS + alice_jwks = { + "keys": + [{ + "kty": "RSA", + "alg": "RS256", + "use": "sig", + "kid": "1", + "n": ALICE_PUB_KEYS[0].n, + "e": ALICE_PUB_KEYS[0].e + }] + } + alg_keys = KEYS() + alg_keys.load_dict(alice_jwks) + + bob = JWT(rec_keys={ALICE: alg_keys}) + info = bob.unpack(_jwt) + + assert set(info.keys()) == {'iat', 'iss', 'sub', 'kid', 'aud'} +