connect2id / Nimbus-JOSE-JWT / issues / #33 - Make sure that algorithm matches key type — Bitbucket

Issue #33 on hold

Justin Richer created an issue 2013-03-25

The signing/encryption algorithms published in a JWK really do need to match the content, so we should make sure that they are matched in the JWK constructors.

Oct -> HS256, HS384, HS512 RSA -> RS256, RS384, RS512 EC -> ES256, ES384, ES512

Similar checks for encryption algs, I think?

Comments (3)

Vladimir Dzhuvinov
Makes sense, but how are we going to check and handle non-std (custom) alg arguments?
- 2013-03-25T19:29:15+00:00
Justin Richer reporter
Not sure we can or want to. Or at the very least, push a warning out, though I don't think the library assumes any kind of logging system.
- 2013-03-25T19:32:18+00:00
Vladimir Dzhuvinov
- changed status to on hold
One potential solution is to define additional JWK constructors that check the algorithm, one against the std algorithm list, another against a checker interface (for custom alg cases).
```
JWK(..., Algorithm alg, boolean strict, ...)
JWK(..., Algorithm alg, AlgorithmValidator validator, ...)
```
I suggest we put this issue on hold for now and come back to it if we see genuine need for such checking in future.
- 2013-03-26T07:46:33+00:00
Log in to comment

Assignee: –

Type: bug

Priority: major

Status: on hold

Component: –

Milestone: –

Votes: 0

Watchers: 1

Jira Software: the preferred issue tracker for Bitbucket. Join the team!