diff options
author | Evgeniy Tatarkin <tatarkin.evg@gmail.com> | 2021-12-12 14:49:19 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-12-12 17:49:19 +0600 |
commit | aabeb061348cedaafa1ae2e67371525a30b6b93a (patch) | |
tree | 02520d6aad9e13df46b259e4f5745ea2416b36be /jwt | |
parent | 43d38a0c7070961a166a21b94f968e104de947e2 (diff) | |
download | pyjwt-aabeb061348cedaafa1ae2e67371525a30b6b93a.tar.gz |
Explicit check the key for ECAlgorithm (#713)
* Explicit check the key for ECAlgorithm
* [pre-commit.ci] auto fixes from pre-commit.com hooks
for more information, see https://pre-commit.ci
Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
Diffstat (limited to 'jwt')
-rw-r--r-- | jwt/algorithms.py | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/jwt/algorithms.py b/jwt/algorithms.py index 1f8865a..739df80 100644 --- a/jwt/algorithms.py +++ b/jwt/algorithms.py @@ -417,6 +417,12 @@ if has_crypto: except ValueError: key = load_pem_private_key(key, password=None) + # Explicit check the key to prevent confusing errors from cryptography + if not isinstance(key, (EllipticCurvePrivateKey, EllipticCurvePublicKey)): + raise InvalidKeyError( + "Expecting a EllipticCurvePrivateKey/EllipticCurvePublicKey. Wrong key provided for ECDSA algorithms" + ) + return key def sign(self, msg, key): |