Added a check so that asymmetric keys cannot be used as HMAC secrets to fix #105

author: Mark Adams <mark@markadams.me> 2015-03-17 14:47:04 -0500
committer: Mark Adams <madams@atlassian.com> 2015-03-17 14:56:12 -0500
commit: 6a84d73f5a48488d3daf554a69500c3f42bb464d (patch)
tree: 6c5d178e51bb371254b6510407afc7c913a3784b /jwt/algorithms.py
parent: 1e6b6c588d4cee1a1e44c380a79f7dace0ecad67 (diff)
download: pyjwt-6a84d73f5a48488d3daf554a69500c3f42bb464d.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/jwt/algorithms.py b/jwt/algorithms.py
index bd3595a..bae715e 100644
--- a/jwt/algorithms.py
+++ b/jwt/algorithms.py
@@ -2,6 +2,7 @@ import hashlib
 import hmac
 
 from .compat import constant_time_compare, string_types, text_type
+from .exceptions import InvalidAlgorithmError
 
 try:
     from cryptography.hazmat.primitives import interfaces, hashes
@@ -96,6 +97,12 @@ class HMACAlgorithm(Algorithm):
         if isinstance(key, text_type):
             key = key.encode('utf-8')
 
+        if (b'-----BEGIN PUBLIC KEY-----' in key
+            or b'-----BEGIN CERTIFICATE-----' in key):
+            raise InvalidAlgorithmError(
+                'The specified key is an assymetric key or x509 certificate and'
+                ' should not be used as an HMAC secret.')
+
         return key
 
     def sign(self, msg, key):
author	Mark Adams <mark@markadams.me>	2015-03-17 14:47:04 -0500
committer	Mark Adams <madams@atlassian.com>	2015-03-17 14:56:12 -0500
commit	6a84d73f5a48488d3daf554a69500c3f42bb464d (patch)
tree	6c5d178e51bb371254b6510407afc7c913a3784b /jwt/algorithms.py
parent	1e6b6c588d4cee1a1e44c380a79f7dace0ecad67 (diff)
download	pyjwt-6a84d73f5a48488d3daf554a69500c3f42bb464d.tar.gz