Merge pull request #109 from mark-adams/algo-validation-fixes

Added some fixes related to algorithm and key choice

1 files changed, 19 insertions, 1 deletions

diff --git a/jwt/algorithms.py b/jwt/algorithms.py
index bd3595a..b22a1d9 100644
--- a/jwt/algorithms.py
+++ b/jwt/algorithms.py
@@ -2,6 +2,7 @@ import hashlib
 import hmac
 
 from .compat import constant_time_compare, string_types, text_type
+from .exceptions import InvalidKeyError
 
 try:
     from cryptography.hazmat.primitives import interfaces, hashes
@@ -68,7 +69,13 @@ class NoneAlgorithm(Algorithm):
     operations are required.
     """
     def prepare_key(self, key):
-        return None
+        if key == '':
+            key = None
+
+        if key is not None:
+            raise InvalidKeyError('When alg = "none", key value must be None.')
+
+        return key
 
     def sign(self, msg, key):
         return b''
@@ -96,6 +103,17 @@ class HMACAlgorithm(Algorithm):
         if isinstance(key, text_type):
             key = key.encode('utf-8')
 
+        invalid_strings = [
+            b'-----BEGIN PUBLIC KEY-----',
+            b'-----BEGIN CERTIFICATE-----',
+            b'ssh-rsa'
+        ]
+
+        if any([string_value in key for string_value in invalid_strings]):
+            raise InvalidKeyError(
+                'The specified key is an assymetric key or x509 certificate and'
+                ' should not be used as an HMAC secret.')
+
         return key
 
     def sign(self, msg, key):