letmaik
commented
2 years ago Alternatively, phdr and uhdr could be included in the API docs. However, accessing those directly would mean that the check in get_attr for disallowing parameters appearing in both buckets would not be done. It might be worth though to move this check to decoding time and reject such messages early on. Then, accessing phdr/uhdr directly would be ok.
EDIT: pycose transforms parameter labels into class types for known parameters, and leaves unknown ones as-is. One reason that might speak against exposing phdr/uhdr more widely is that there would be no code in between that could allow access of parameters using both their native types as well as class types. This becomes important when new parameters are added to pycose since existing code might have used get_attr(1234) and shouldn't break suddenly. Accessing phdr[1234] would break if suddenly the key for that parameter is a class type. A way to get around this issue would be if the keys were always the labels themselves instead of class types.
Once #94 is implemented,
get_attr(name)will validate any location requirements for standard header parameters. However, some clients may use unknown header parameters or want to enforce some standard header parameters to be in the protected header when not required by the spec.To support this,
get_attrshould get another argument to enforce location.