search

openid-certification / oidctest

THE CERTIFICATION TEST SUITE HAS BEEN MIGRATED TO A NEW SERVICE https://www.certificatinon.openid.net
Other
50 stars 15 forks source link

jwkest.ecc.ECCException: Unknown curve #225

Open panva opened 4 years ago

panva commented 4 years ago

Similar to #54 the suite fails to parse the JWKS keys when an unknown curve is present. In this case it's a known kty (EC) but an unknown crv.

Given that the known curve list is not finite but can be extended through IANA registry, the suite needs to ignore curves it's not ready for.

Error:

********************************************************************************

Something went wrong! If you know or suspect you know why, then try to
fix it. If you have no idea, then please tell us at certification@oidf.org
and we will help you figure it out.

********************************************************************************

Traceback (most recent call last):
  File "/usr/local/lib/python3.6/dist-packages/otest-0.8.0-py3.6.egg/otest/aus/tool.py", line 96, in run_flow
    resp = _oper()
  File "/usr/local/lib/python3.6/dist-packages/otest-0.8.0-py3.6.egg/otest/operation.py", line 105, in __call__
    res = self.run(*args, **kwargs)
  File "/usr/local/lib/python3.6/dist-packages/oidctest-0.9.1-py3.6.egg/oidctest/op/oper.py", line 259, in run
    res = self._run()
  File "/usr/local/lib/python3.6/dist-packages/oidctest-0.9.1-py3.6.egg/oidctest/op/oper.py", line 289, in _run
    request_args=self.req_args, **self.op_args)
  File "/usr/local/lib/python3.6/dist-packages/otest-0.8.0-py3.6.egg/otest/operation.py", line 171, in catch_exception_and_error
    res = func(**kwargs)
  File "/usr/local/lib/python3.6/dist-packages/oic-1.2.0-py3.6.egg/oic/oic/__init__.py", line 684, in do_access_token_request
    **kwargs
  File "/usr/local/lib/python3.6/dist-packages/oic-1.2.0-py3.6.egg/oic/oauth2/__init__.py", line 889, in do_access_token_request
    **kwargs
  File "/usr/local/lib/python3.6/dist-packages/oic-1.2.0-py3.6.egg/oic/oauth2/__init__.py", line 774, in request_and_return
    return self.parse_request_response(resp, response, body_type, state, **kwargs)
  File "/usr/local/lib/python3.6/dist-packages/oic-1.2.0-py3.6.egg/oic/oauth2/__init__.py", line 716, in parse_request_response
    response, reqresp.text, body_type, state, **kwargs
  File "/usr/local/lib/python3.6/dist-packages/oic-1.2.0-py3.6.egg/oic/oauth2/__init__.py", line 637, in parse_response
    verf = resp.verify(**kwargs)
  File "/usr/local/lib/python3.6/dist-packages/oic-1.2.0-py3.6.egg/oic/oic/message.py", line 354, in verify
    self["id_token"] = verify_id_token(self, **kwargs)
  File "/usr/local/lib/python3.6/dist-packages/oic-1.2.0-py3.6.egg/oic/oic/message.py", line 310, in verify_id_token
    idt = IdToken().from_jwt(_jws, **args)
  File "/usr/local/lib/python3.6/dist-packages/oic-1.2.0-py3.6.egg/oic/oauth2/message.py", line 662, in from_jwt
    keyjar, key, jso, _header, _jw, **kwargs
  File "/usr/local/lib/python3.6/dist-packages/oic-1.2.0-py3.6.egg/oic/oauth2/message.py", line 552, in get_verify_keys
    _key = keyjar.get_key_by_kid(_kid, _iss)
  File "/usr/local/lib/python3.6/dist-packages/oic-1.2.0-py3.6.egg/oic/utils/keyio.py", line 643, in get_key_by_kid
    _key = kb.get_key_with_kid(kid)
  File "/usr/local/lib/python3.6/dist-packages/oic-1.2.0-py3.6.egg/oic/utils/keyio.py", line 361, in get_key_with_kid
    self.update()
  File "/usr/local/lib/python3.6/dist-packages/oic-1.2.0-py3.6.egg/oic/utils/keyio.py", line 290, in update
    res = self.do_remote()
  File "/usr/local/lib/python3.6/dist-packages/oic-1.2.0-py3.6.egg/oic/utils/keyio.py", line 219, in do_remote
    self.do_keys(self.imp_jwks["keys"])
  File "/usr/local/lib/python3.6/dist-packages/oic-1.2.0-py3.6.egg/oic/utils/keyio.py", line 144, in do_keys
    _key = K2C[_typ](**inst)
  File "/usr/local/lib/python3.6/dist-packages/pyjwkest-1.4.2-py3.6.egg/jwkest/jwk.py", line 583, in __init__
    self.deserialize()
  File "/usr/local/lib/python3.6/dist-packages/pyjwkest-1.4.2-py3.6.egg/jwkest/jwk.py", line 606, in deserialize
    self.curve = NISTEllipticCurve.by_name(self.crv)
  File "/usr/local/lib/python3.6/dist-packages/pyjwkest-1.4.2-py3.6.egg/jwkest/ecc.py", line 41, in by_name
    raise ECCException("Unknown curve {0}".format(name))
jwkest.ecc.ECCException: Unknown curve secp256k1

JWKS in question

{
"keys": [
{
"e": "AQAB",
"n": "xwQ72P9z9OYshiQ-ntDYaPnnfwG6u9JAdLMZ5o0dmjlcyrvwQRdoFIKPnO65Q8mh6F_LDSxjxa2Yzo_wdjhbPZLjfUJXgCzm54cClXzT5twzo7lzoAfaJlkTsoZc2HFWqmcri0BuzmTFLZx2Q7wYBm0pXHmQKF0V-C1O6NWfd4mfBhbM-I1tHYSpAMgarSm22WDMDx-WWI7TEzy2QhaBVaENW9BKaKkJklocAZCxk18WhR0fckIGiWiSM5FcU1PY2jfGsTmX505Ub7P5Dz75Ygqrutd5tFrcqyPAtPTFDk8X1InxkkUwpP3nFU5o50DGhwQolGYKPGtQ-ZtmbOfcWQ",
"kty": "RSA",
"kid": "r1LkbBo3925Rb2ZFFrKyU3MVex9T2817Kx0vbi6i_Kc",
"use": "sig"
},
{
"e": "AQAB",
"n": "mXauIvyeUFA74P2vcmgAWSCMw6CP6-MJ6EvFuRARfLLJEi49AzQvJl_4pwDvLkZcCqS7OqPE1ufNyDH6oQPEc7JuukHMY02EgwqHjJ6GG6FQqJuiWlKB_l-7c9y9r4bh4r58xdZc6T5dFVSNT2VcIVoSjq9VmzwpaTKCUyVeZYHZhnLfWMm9rKU5WSz75siG-_jbudItsfhEwA59kvi4So2IV9TxHwW50i4IcTB1gXwG1olNgiX3-Mq1Iw5VGPzMo2hQXI3q1y-ZjhSwhvG5dje9J8htBEWdVYk4f6cv19IE9gEx7T-2vIVw5FCpAmmfFuRebec49c7zjfr0EyTI4w",
"kty": "RSA",
"kid": "w5kPRdJWODnYjihMgqs0tHkKk-e5OxU4DnSCZDkF_h0",
"use": "enc"
},
{
"crv": "P-256",
"x": "FWZ9rSkLt6Dx9E3pxLybhdM6xgR5obGsj5_pqmnz5J4",
"y": "_n8G69C-A2Xl4xUW2lF0i8ZGZnk_KPYrhv4GbTGu5G4",
"kty": "EC",
"kid": "MFZeG102dQiqbANoaMlW_Jmf7fOZmtRsHt77JFhTpF0",
"use": "sig"
},
{
"crv": "P-256",
"x": "Eb3RtGgBGOEz33yu46aha_RU6pyBaYNlu6SawlWGGHQ",
"y": "tUncttzF6Ud4Abfn1N2A1Rz2MBbJSdI0zuKS28BNb-U",
"kty": "EC",
"kid": "mlSUkq-ELqZiWl9zs9ZKkbcjIvgajGgnXfPWUZn9lEc",
"use": "enc"
},
{
"crv": "secp256k1",
"x": "zJGal5PW-uZs80sOy3fqSRI57Ipz8X-xWrWrzRcMwmU",
"y": "W3iCyuCnFHfJhVrLpFgRmaVd2ok4c-d0KTxeykQxKe4",
"kty": "EC",
"kid": "L7vUx_v7gXtEg7kpIXO_d7aHjZdFDDNl2GOxPHTBkoY",
"use": "sig"
},
{
"crv": "P-384",
"x": "P1npwyTJ2p20D9_r2u31DU7tfDEufaVcSJJcDOuO6QyqrXvjyMvf8e5xv3XxE39l",
"y": "tmq2S12MVdKUQTmd0AxVEOji1ihR_vZAhTLKojD2XW_2EJH7ydiaz2oxrnkC0mvI",
"kty": "EC",
"kid": "rqHXKVLLF2RxqFgXWfEZE578gM-IhelOjugVfb_BMZ4",
"use": "sig"
},
{
"crv": "P-384",
"x": "UhkqvxbxMCGtkg_-6W0gqkr21fgY3LSaNbquU7CYEDwBwGCd6iK6Bu5PVUxraulY",
"y": "CXrg3mxUkN5D4bPfiLfnD1jMYGSDxn2Zeh-8_OOstX21WNZJ9_i-iFZR3pIXyH0z",
"kty": "EC",
"kid": "rV1Hjt_79O_m1oJ7Jz0QgKHDa2iwb8p4kvMU0L99wjg",
"use": "enc"
},
{
"crv": "P-521",
"x": "AIjEl5H8w2Rf_iqIP8WT7v5-FlBlBGYy5sMJs1XOxWz4RRARIEOemEY45g10sEPzZ4qe7oyjCUDK5FY1WwjRvgHK",
"y": "AaKN94cn1ApvvfpOWO9VpJm-lLzOUR8XxOrKYfPqcLs0zEqSPiGdWA5CoNL5ck1q-CXD09ysQSmNkzFGaig2Mnop",
"kty": "EC",
"kid": "RG_hu6lggazoCOu2wsrn3icSvhAXuGyL55f2GAaH2NA",
"use": "sig"
},
{
"crv": "P-521",
"x": "AXFcu6lqcxoyFUU14xTw0I5cfCR2q0jqOXwU_EKjA5mIxUpue58IIrfrIh4IauV3co2SziD6Uf1SWe8l11Y4-BoJ",
"y": "AREzsMJu3VveUPMaJ2QWmjucwzZH4FqufXzS2IW-MGqViyDNTg2BgX-2VCJvdTo0zbhvRvBC1ghJNrVnH5M92JQ6",
"kty": "EC",
"kid": "MPcTmIIPYRnLt9s_TdBrpV27HcNVDi9aZpB0eJvAxzE",
"use": "enc"
},
{
"crv": "Ed25519",
"x": "lDkysGJKRmJeUp8ncTyGraHPHHiIfdxSajxGm7Srla8",
"kty": "OKP",
"kid": "CLjPrbijCB2z9dScRNpM1mSGOQVOIByTmd18Ft2eiAQ",
"use": "sig"
},
{
"crv": "Ed448",
"x": "BG1zKFg6A_Rzix4pA08oYN5xHqhKIiREXZ59NZoA8p3xhgjh-tm8nc-6udtiL5ZNhWDbnRSq4jQA",
"kty": "OKP",
"kid": "kU2PiegZOPUKcsJATItJArz18oWWfEH-Ma52K_8nGaE",
"use": "sig"
},
{
"crv": "X25519",
"x": "YKEoKF4I0yDj47ACrcYSvuIzSc7GavP1_1PMK6V6NxE",
"kty": "OKP",
"kid": "T7uM_TJMKlPvczn2LoSfh3bIYdjORQ4JVFF5HsYy4Ak",
"use": "enc"
},
{
"crv": "X448",
"x": "AYO1VQfnOTxeNlUSzfwyt-zM0pxNlz7d8VgAt0L4fUsLy9gqCJic6jfl2Rz5eS3tGYewnXICqIs",
"kty": "OKP",
"kid": "QSRRIBh286rZjiAX_mCSvJy3TwqvXQN6qYmMFzpX994",
"use": "enc"
}
]
}