diff options
Diffstat (limited to 'jwt/algorithms.py')
| -rw-r--r-- | jwt/algorithms.py | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/jwt/algorithms.py b/jwt/algorithms.py index bd3595a..bae715e 100644 --- a/jwt/algorithms.py +++ b/jwt/algorithms.py @@ -2,6 +2,7 @@ import hashlib import hmac from .compat import constant_time_compare, string_types, text_type +from .exceptions import InvalidAlgorithmError try: from cryptography.hazmat.primitives import interfaces, hashes @@ -96,6 +97,12 @@ class HMACAlgorithm(Algorithm): if isinstance(key, text_type): key = key.encode('utf-8') + if (b'-----BEGIN PUBLIC KEY-----' in key + or b'-----BEGIN CERTIFICATE-----' in key): + raise InvalidAlgorithmError( + 'The specified key is an assymetric key or x509 certificate and' + ' should not be used as an HMAC secret.') + return key def sign(self, msg, key): |