Merge pull request #3 from reecerussell/update-key-ring-verification-…

…keys Update key ring verification keys
reecerussell · Sep 23, 2022 · 132c23e · 132c23e
2 parents 4265d0f + b391f4f
commit 132c23e
Show file tree

Hide file tree

Showing 5 changed files with 22 additions and 4 deletions.
diff --git a/Rusty.Jwt.Abstractions/Keys/IKeyRing.cs b/Rusty.Jwt.Abstractions/Keys/IKeyRing.cs
@@ -15,7 +15,9 @@ public interface IKeyRing
     ISigningKey GetSigningKey(string name);
 
     /// <summary>
-    /// Used to get a key to verify data and a signature.
+    /// Used to get a key to verify data and a signature. Only fetches keys without
+    /// a name, this is so that explicitly defined keys are only used for their
+    /// intended purpose.
     /// </summary>
     /// <param name="algorithm">The signing algorithm of key to get.</param>
     /// <param name="hashAlgorithm">The hashing algorithm of key to get.</param>

diff --git a/Rusty.Jwt.Abstractions/Rusty.Jwt.Abstractions.csproj b/Rusty.Jwt.Abstractions/Rusty.Jwt.Abstractions.csproj
@@ -13,7 +13,7 @@
         <RepositoryUrl>https://github.com/reecerussell/rusty-jwt.git</RepositoryUrl>
         <RepositoryType>git</RepositoryType>
         <PackageTags>jwt</PackageTags>
-        <PackageVersion>1.0.1</PackageVersion>
+        <PackageVersion>1.0.2</PackageVersion>
     </PropertyGroup>
 
     <ItemGroup>

diff --git a/Rusty.Jwt.Tests/Keys/KeyRingTests.cs b/Rusty.Jwt.Tests/Keys/KeyRingTests.cs
@@ -83,6 +83,7 @@ public void GetSigningKey_WhereKeyIsNotFound_ThrowsKeyNotFound()
     [Fact]
     public void GetVerificationKey_WhereKeyRingHasKeys_ReturnsAggregateKey()
     {
+        // Matching HashAlgorithm, Matching SigningAlgorithm
         var key1 = new Mock<ISigningKey>();
         key1.Setup(x => x.Algorithm).Returns(SigningKeyAlgorithm.Hmac);
         key1.Setup(x => x.HashAlgorithm).Returns(HashAlgorithm.SHA256);
@@ -91,6 +92,7 @@ public void GetVerificationKey_WhereKeyRingHasKeys_ReturnsAggregateKey()
         keyDefinition1.SetupGet(x => x.Mode).Returns(SigningKeyMode.SignAndVerify);
         keyDefinition1.SetupGet(x => x.Key).Returns(key1.Object);
 
+        // Matching HashAlgorithm, Mismatching SigningAlgorithm
         var key2 = new Mock<ISigningKey>();
         key2.Setup(x => x.Algorithm).Returns(SigningKeyAlgorithm.Rsa);
         key2.Setup(x => x.HashAlgorithm).Returns(HashAlgorithm.SHA256);
@@ -99,17 +101,30 @@ public void GetVerificationKey_WhereKeyRingHasKeys_ReturnsAggregateKey()
         keyDefinition2.SetupGet(x => x.Mode).Returns(SigningKeyMode.SignAndVerify);
         keyDefinition2.SetupGet(x => x.Key).Returns(key2.Object);
 
+        // Mismatching HashAlgorithm, Mismatching SigningAlgorithm
         var key3 = new Mock<ISigningKey>();
         key3.Setup(x => x.Algorithm).Returns(SigningKeyAlgorithm.Rsa);
         key3.Setup(x => x.HashAlgorithm).Returns(HashAlgorithm.SHA384);
 
         var keyDefinition3 = new Mock<ISigningKeyDefinition>();
         keyDefinition3.SetupGet(x => x.Mode).Returns(SigningKeyMode.SignAndVerify);
         keyDefinition3.SetupGet(x => x.Key).Returns(key3.Object);
+
+        // Matching HashAlgorithm, Matching SigningAlgorithm, Has a name
+        var key4 = new Mock<ISigningKey>();
+        key4.Setup(x => x.Algorithm).Returns(SigningKeyAlgorithm.Hmac);
+        key4.Setup(x => x.HashAlgorithm).Returns(HashAlgorithm.SHA256);
+
+        var keyDefinition4 = new Mock<ISigningKeyDefinition>();
+        keyDefinition4.SetupGet(x => x.Mode).Returns(SigningKeyMode.SignAndVerify);
+        keyDefinition4.SetupGet(x => x.Key).Returns(key4.Object);
+        keyDefinition4.SetupGet(x => x.Name).Returns("test-key"); // cause to ignore
 
         var services = new ServiceCollection();
         services.AddTransient(_ => keyDefinition1.Object);
         services.AddTransient(_ => keyDefinition2.Object);
+        services.AddTransient(_ => keyDefinition3.Object);
+        services.AddTransient(_ => keyDefinition4.Object);
 
         var keyRing = new KeyRing(services.BuildServiceProvider());
         var key = keyRing.GetVerificationKey(SigningKeyAlgorithm.Hmac, HashAlgorithm.SHA256);

diff --git a/Rusty.Jwt/Keys/KeyRing.cs b/Rusty.Jwt/Keys/KeyRing.cs
@@ -36,7 +36,8 @@ public ISigningKey GetSigningKey(string name)
     public IVerificationKey GetVerificationKey(SigningKeyAlgorithm algorithm, HashAlgorithm hashAlgorithm)
     {
         var keys = _keys.Where(x => x.Key.Algorithm == algorithm &&
-                                    x.Key.HashAlgorithm == hashAlgorithm)
+                                    x.Key.HashAlgorithm == hashAlgorithm &&
+                                    x.Name == null)
             .Select(x => x.Key);
 
         return new AggregateVerificationKey(keys);

diff --git a/Rusty.Jwt/Rusty.Jwt.csproj b/Rusty.Jwt/Rusty.Jwt.csproj
@@ -12,7 +12,7 @@
         <PackageTags>jwt</PackageTags>
         <PackageLicenseUrl>https://github.com/reecerussell/rusty-jwt/blob/master/LICENSE</PackageLicenseUrl>
         <LangVersion>10</LangVersion>
-        <PackageVersion>1.0.2</PackageVersion>
+        <PackageVersion>1.0.3</PackageVersion>
     </PropertyGroup>
 
     <ItemGroup>