Throw if key is an PKCS1 PEM-encoded public key

2017-06-21 15:49:41 -04:00 · 2017-06-21 15:49:41 -04:00 · 37926ea0dd
parent e4c67b1abf
commit 37926ea0dd
3 changed files with 13 additions and 0 deletions
--- a/jwt/algorithms.py
+++ b/jwt/algorithms.py
@ -142,6 +142,7 @@ class HMACAlgorithm(Algorithm):
        invalid_strings = [
            b'-----BEGIN PUBLIC KEY-----',
            b'-----BEGIN CERTIFICATE-----',
+            b'-----BEGIN RSA PUBLIC KEY-----',
            b'ssh-rsa'
        ]

--- a/tests/keys/testkey_pkcs1.pub.pem
+++ b/tests/keys/testkey_pkcs1.pub.pem
@ -0,0 +1,5 @@
+-----BEGIN RSA PUBLIC KEY-----
+MIGHAoGBAOV/0Vl/5VdHcYpnILYzBGWo5JQVzo9wBkbxzjAStcAnTwvv1ZJTMXs6
+fjz91f9hiMM4Z/5qNTE/EHlDWxVdj1pyRaQulZPUs0r9qJ02ogRRGLG3jjrzzbzF
+yj/pdNBwym0UJYC/Jmn/kMLwGiWI2nfa9vM5SovqZiAy2FD7eOtVAgED
+-----END RSA PUBLIC KEY-----
--- a/tests/test_algorithms.py
+++ b/tests/test_algorithms.py
@ -97,6 +97,13 @@ class TestAlgorithms:
            with open(key_path('testkey2_rsa.pub.pem'), 'r') as keyfile:
                algo.prepare_key(keyfile.read())

+    def test_hmac_should_throw_exception_if_key_is_pkcs1_pem_public(self):
+        algo = HMACAlgorithm(HMACAlgorithm.SHA256)
+
+        with pytest.raises(InvalidKeyError):
+            with open(key_path('testkey_pkcs1.pub.pem'), 'r') as keyfile:
+                algo.prepare_key(keyfile.read())
+
    def test_hmac_jwk_should_parse_and_verify(self):
        algo = HMACAlgorithm(HMACAlgorithm.SHA256)