More flexibility for key= argument to jws.verify()

bjmc · bjmc · commit 6ed322d41cbf · 2016-07-18T11:42:22.000+01:00
diff --git a/jose/jws.py b/jose/jws.py
@@ -3,7 +3,7 @@
 import json
 import six
 
-from collections import Mapping
+from collections import Mapping, Iterable
 
 from jose import jwk
 from jose.constants import ALGORITHMS
@@ -213,6 +213,19 @@ def _sig_matches_keys(keys, signing_input, signature, alg):
     return False
 
 
+def _get_keys(key):
+    if 'keys' in key:  # JWK Set per RFC 7517
+        if not isinstance(key, Mapping):  # Caller didn't JSON-decode
+            key = json.loads(key)
+        return key['keys']
+    # Iterable but not text or mapping => list- or tuple-like
+    elif (isinstance(key, Iterable) and
+          not (isinstance(key, six.string_types) or isinstance(key, Mapping))):
+        return key
+    else:  # Scalar value, wrap in list.
+        return [key]
+
+
 def _verify_signature(signing_input, header, signature, key='', algorithms=None):
 
         alg = header.get('alg')
@@ -222,11 +235,7 @@ def _verify_signature(signing_input, header, signature, key='', algorithms=None)
         if algorithms is not None and alg not in algorithms:
             raise JWSError('The specified alg value is not allowed')
 
-        if 'keys' in key:  # JWK Set per RFC 7517
-            keys = key['keys']
-        else:
-            keys = [key]
-
+        keys = _get_keys(key)
         try:
             if not _sig_matches_keys(keys, signing_input, signature, alg):
                 raise JWSSignatureError()
diff --git a/tests/test_jws.py b/tests/test_jws.py
@@ -197,6 +197,36 @@ def jwk_set():
     'WNz7vOIbvIlBR9Jrq5MIqbkkg'
 )
 
+
+class TestGetKeys(object):
+
+    def test_dict(self):
+        assert [{}] == jws._get_keys({})
+
+    def test_custom_object(self):
+        class MyDict(dict):
+            pass
+        mydict = MyDict()
+        assert [mydict] == jws._get_keys(mydict)
+
+    def test_RFC7517_string(self):
+        key = '{"keys": [{}, {}]}'
+        assert [{}, {}] == jws._get_keys(key)
+
+    def test_RFC7517_mapping(self):
+        key = {"keys": [{}, {}]}
+        assert [{}, {}] == jws._get_keys(key)
+
+    def test_string(self):
+        assert ['test'] == jws._get_keys('test')
+
+    def test_tuple(self):
+        assert ('test', 'key') == jws._get_keys(('test', 'key'))
+
+    def test_list(self):
+        assert ['test', 'key'] == jws._get_keys(['test', 'key'])
+
+
 class TestRSA(object):
 
     def test_jwk_set(self, jwk_set):
