Consider a JWSKeySelector that supports multiple algorithms

It would be nice to have an implementation of JWSKeySelector that supported multiple algorithms from the same family, like

Map&lt;JWSAlgorithm, JWSKeySelector&lt;&gt;&gt; jwsKeySelectors = // ... only algos from the same JWSAlgorithm.Family
new MappedJWSKeySelector(jwsKeySelectors)

or perhaps something more controlled like

new JWSFamilyVerificationKeySelector(jwsAlgFamily, jwkSource)

Since the algorithm is included in the signature and because there are no known pre-image attacks for SHA-2, this would meet the criteria indicated in RFC 7515:

There are several ways for an application to mitigate algorithm substitution attacks:

   o  Use only digital signature algorithms that are not vulnerable to
      substitution attacks.  Substitution attacks are only feasible if
      an attacker can compute pre-images for a hash function accepted by
      the recipient.  All JWA-defined signature algorithms use SHA-2
      hashes, for which there are no known pre-image attacks, as of the
      time of this writing.

   o  Require that the "alg" Header Parameter be carried in the JWS
      Protected Header. (This is always the case when using the JWS
      Compact Serialization...)

I’d certainly want to confirm that the algorithms are in the same family.

If you are agreed, I’d be happy to provide a PR.

Comments (4)