From b82ea2307f35b690f32db209ae9c76dcfb90f909 Mon Sep 17 00:00:00 2001 From: Reece Russell Date: Fri, 23 Sep 2022 13:38:39 +0100 Subject: [PATCH 1/2] feat: updated get keys to only fetch without name --- Rusty.Jwt.Abstractions/Keys/IKeyRing.cs | 4 +++- Rusty.Jwt.Tests/Keys/KeyRingTests.cs | 15 +++++++++++++++ Rusty.Jwt/Keys/KeyRing.cs | 3 ++- 3 files changed, 20 insertions(+), 2 deletions(-) diff --git a/Rusty.Jwt.Abstractions/Keys/IKeyRing.cs b/Rusty.Jwt.Abstractions/Keys/IKeyRing.cs index 4dd2127..443a012 100644 --- a/Rusty.Jwt.Abstractions/Keys/IKeyRing.cs +++ b/Rusty.Jwt.Abstractions/Keys/IKeyRing.cs @@ -15,7 +15,9 @@ public interface IKeyRing ISigningKey GetSigningKey(string name); /// - /// Used to get a key to verify data and a signature. + /// Used to get a key to verify data and a signature. Only fetches keys without + /// a name, this is so that explicitly defined keys are only used for their + /// intended purpose. /// /// The signing algorithm of key to get. /// The hashing algorithm of key to get. diff --git a/Rusty.Jwt.Tests/Keys/KeyRingTests.cs b/Rusty.Jwt.Tests/Keys/KeyRingTests.cs index ca34e18..3a312b2 100644 --- a/Rusty.Jwt.Tests/Keys/KeyRingTests.cs +++ b/Rusty.Jwt.Tests/Keys/KeyRingTests.cs @@ -83,6 +83,7 @@ public void GetSigningKey_WhereKeyIsNotFound_ThrowsKeyNotFound() [Fact] public void GetVerificationKey_WhereKeyRingHasKeys_ReturnsAggregateKey() { + // Matching HashAlgorithm, Matching SigningAlgorithm var key1 = new Mock(); key1.Setup(x => x.Algorithm).Returns(SigningKeyAlgorithm.Hmac); key1.Setup(x => x.HashAlgorithm).Returns(HashAlgorithm.SHA256); @@ -91,6 +92,7 @@ public void GetVerificationKey_WhereKeyRingHasKeys_ReturnsAggregateKey() keyDefinition1.SetupGet(x => x.Mode).Returns(SigningKeyMode.SignAndVerify); keyDefinition1.SetupGet(x => x.Key).Returns(key1.Object); + // Matching HashAlgorithm, Mismatching SigningAlgorithm var key2 = new Mock(); key2.Setup(x => x.Algorithm).Returns(SigningKeyAlgorithm.Rsa); key2.Setup(x => x.HashAlgorithm).Returns(HashAlgorithm.SHA256); @@ -99,6 +101,7 @@ public void GetVerificationKey_WhereKeyRingHasKeys_ReturnsAggregateKey() keyDefinition2.SetupGet(x => x.Mode).Returns(SigningKeyMode.SignAndVerify); keyDefinition2.SetupGet(x => x.Key).Returns(key2.Object); + // Mismatching HashAlgorithm, Mismatching SigningAlgorithm var key3 = new Mock(); key3.Setup(x => x.Algorithm).Returns(SigningKeyAlgorithm.Rsa); key3.Setup(x => x.HashAlgorithm).Returns(HashAlgorithm.SHA384); @@ -106,10 +109,22 @@ public void GetVerificationKey_WhereKeyRingHasKeys_ReturnsAggregateKey() var keyDefinition3 = new Mock(); keyDefinition3.SetupGet(x => x.Mode).Returns(SigningKeyMode.SignAndVerify); keyDefinition3.SetupGet(x => x.Key).Returns(key3.Object); + + // Matching HashAlgorithm, Matching SigningAlgorithm, Has a name + var key4 = new Mock(); + key4.Setup(x => x.Algorithm).Returns(SigningKeyAlgorithm.Hmac); + key4.Setup(x => x.HashAlgorithm).Returns(HashAlgorithm.SHA256); + + var keyDefinition4 = new Mock(); + keyDefinition4.SetupGet(x => x.Mode).Returns(SigningKeyMode.SignAndVerify); + keyDefinition4.SetupGet(x => x.Key).Returns(key4.Object); + keyDefinition4.SetupGet(x => x.Name).Returns("test-key"); // cause to ignore var services = new ServiceCollection(); services.AddTransient(_ => keyDefinition1.Object); services.AddTransient(_ => keyDefinition2.Object); + services.AddTransient(_ => keyDefinition3.Object); + services.AddTransient(_ => keyDefinition4.Object); var keyRing = new KeyRing(services.BuildServiceProvider()); var key = keyRing.GetVerificationKey(SigningKeyAlgorithm.Hmac, HashAlgorithm.SHA256); diff --git a/Rusty.Jwt/Keys/KeyRing.cs b/Rusty.Jwt/Keys/KeyRing.cs index f7fe01c..559f263 100644 --- a/Rusty.Jwt/Keys/KeyRing.cs +++ b/Rusty.Jwt/Keys/KeyRing.cs @@ -36,7 +36,8 @@ public ISigningKey GetSigningKey(string name) public IVerificationKey GetVerificationKey(SigningKeyAlgorithm algorithm, HashAlgorithm hashAlgorithm) { var keys = _keys.Where(x => x.Key.Algorithm == algorithm && - x.Key.HashAlgorithm == hashAlgorithm) + x.Key.HashAlgorithm == hashAlgorithm && + x.Name == null) .Select(x => x.Key); return new AggregateVerificationKey(keys); From b391f4f65b75b77eb92e66493772f79e39c0f2bd Mon Sep 17 00:00:00 2001 From: Reece Russell Date: Fri, 23 Sep 2022 13:39:34 +0100 Subject: [PATCH 2/2] chore: updated package versions --- Rusty.Jwt.Abstractions/Rusty.Jwt.Abstractions.csproj | 2 +- Rusty.Jwt/Rusty.Jwt.csproj | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Rusty.Jwt.Abstractions/Rusty.Jwt.Abstractions.csproj b/Rusty.Jwt.Abstractions/Rusty.Jwt.Abstractions.csproj index b1df8df..4005dcf 100644 --- a/Rusty.Jwt.Abstractions/Rusty.Jwt.Abstractions.csproj +++ b/Rusty.Jwt.Abstractions/Rusty.Jwt.Abstractions.csproj @@ -13,7 +13,7 @@ https://github.com/reecerussell/rusty-jwt.git git jwt - 1.0.1 + 1.0.2 diff --git a/Rusty.Jwt/Rusty.Jwt.csproj b/Rusty.Jwt/Rusty.Jwt.csproj index 1a0880a..ddf98da 100644 --- a/Rusty.Jwt/Rusty.Jwt.csproj +++ b/Rusty.Jwt/Rusty.Jwt.csproj @@ -12,7 +12,7 @@ jwt https://github.com/reecerussell/rusty-jwt/blob/master/LICENSE 10 - 1.0.2 + 1.0.3