Skip to content
This repository has been archived by the owner on Sep 1, 2020. It is now read-only.

jwkest.ecc.ECCException: Unknown curve #225

Open
panva opened this issue May 7, 2020 · 0 comments
Open

jwkest.ecc.ECCException: Unknown curve #225

panva opened this issue May 7, 2020 · 0 comments

Comments

@panva
Copy link
Collaborator

panva commented May 7, 2020
edited
Loading

Similar to #54 the suite fails to parse the JWKS keys when an unknown curve is present. In this case it's a known kty (EC) but an unknown crv.

Given that the known curve list is not finite but can be extended through IANA registry, the suite needs to ignore curves it's not ready for.

Error:

********************************************************************************

Something went wrong! If you know or suspect you know why, then try to
fix it. If you have no idea, then please tell us at [email protected]
and we will help you figure it out.

********************************************************************************


Traceback (most recent call last):
  File "/usr/local/lib/python3.6/dist-packages/otest-0.8.0-py3.6.egg/otest/aus/tool.py", line 96, in run_flow
    resp = _oper()
  File "/usr/local/lib/python3.6/dist-packages/otest-0.8.0-py3.6.egg/otest/operation.py", line 105, in __call__
    res = self.run(*args, **kwargs)
  File "/usr/local/lib/python3.6/dist-packages/oidctest-0.9.1-py3.6.egg/oidctest/op/oper.py", line 259, in run
    res = self._run()
  File "/usr/local/lib/python3.6/dist-packages/oidctest-0.9.1-py3.6.egg/oidctest/op/oper.py", line 289, in _run
    request_args=self.req_args, **self.op_args)
  File "/usr/local/lib/python3.6/dist-packages/otest-0.8.0-py3.6.egg/otest/operation.py", line 171, in catch_exception_and_error
    res = func(**kwargs)
  File "/usr/local/lib/python3.6/dist-packages/oic-1.2.0-py3.6.egg/oic/oic/__init__.py", line 684, in do_access_token_request
    **kwargs
  File "/usr/local/lib/python3.6/dist-packages/oic-1.2.0-py3.6.egg/oic/oauth2/__init__.py", line 889, in do_access_token_request
    **kwargs
  File "/usr/local/lib/python3.6/dist-packages/oic-1.2.0-py3.6.egg/oic/oauth2/__init__.py", line 774, in request_and_return
    return self.parse_request_response(resp, response, body_type, state, **kwargs)
  File "/usr/local/lib/python3.6/dist-packages/oic-1.2.0-py3.6.egg/oic/oauth2/__init__.py", line 716, in parse_request_response
    response, reqresp.text, body_type, state, **kwargs
  File "/usr/local/lib/python3.6/dist-packages/oic-1.2.0-py3.6.egg/oic/oauth2/__init__.py", line 637, in parse_response
    verf = resp.verify(**kwargs)
  File "/usr/local/lib/python3.6/dist-packages/oic-1.2.0-py3.6.egg/oic/oic/message.py", line 354, in verify
    self["id_token"] = verify_id_token(self, **kwargs)
  File "/usr/local/lib/python3.6/dist-packages/oic-1.2.0-py3.6.egg/oic/oic/message.py", line 310, in verify_id_token
    idt = IdToken().from_jwt(_jws, **args)
  File "/usr/local/lib/python3.6/dist-packages/oic-1.2.0-py3.6.egg/oic/oauth2/message.py", line 662, in from_jwt
    keyjar, key, jso, _header, _jw, **kwargs
  File "/usr/local/lib/python3.6/dist-packages/oic-1.2.0-py3.6.egg/oic/oauth2/message.py", line 552, in get_verify_keys
    _key = keyjar.get_key_by_kid(_kid, _iss)
  File "/usr/local/lib/python3.6/dist-packages/oic-1.2.0-py3.6.egg/oic/utils/keyio.py", line 643, in get_key_by_kid
    _key = kb.get_key_with_kid(kid)
  File "/usr/local/lib/python3.6/dist-packages/oic-1.2.0-py3.6.egg/oic/utils/keyio.py", line 361, in get_key_with_kid
    self.update()
  File "/usr/local/lib/python3.6/dist-packages/oic-1.2.0-py3.6.egg/oic/utils/keyio.py", line 290, in update
    res = self.do_remote()
  File "/usr/local/lib/python3.6/dist-packages/oic-1.2.0-py3.6.egg/oic/utils/keyio.py", line 219, in do_remote
    self.do_keys(self.imp_jwks["keys"])
  File "/usr/local/lib/python3.6/dist-packages/oic-1.2.0-py3.6.egg/oic/utils/keyio.py", line 144, in do_keys
    _key = K2C[_typ](**inst)
  File "/usr/local/lib/python3.6/dist-packages/pyjwkest-1.4.2-py3.6.egg/jwkest/jwk.py", line 583, in __init__
    self.deserialize()
  File "/usr/local/lib/python3.6/dist-packages/pyjwkest-1.4.2-py3.6.egg/jwkest/jwk.py", line 606, in deserialize
    self.curve = NISTEllipticCurve.by_name(self.crv)
  File "/usr/local/lib/python3.6/dist-packages/pyjwkest-1.4.2-py3.6.egg/jwkest/ecc.py", line 41, in by_name
    raise ECCException("Unknown curve {0}".format(name))
jwkest.ecc.ECCException: Unknown curve secp256k1

JWKS in question

{
"keys": [
{
"e": "AQAB",
"n": "xwQ72P9z9OYshiQ-ntDYaPnnfwG6u9JAdLMZ5o0dmjlcyrvwQRdoFIKPnO65Q8mh6F_LDSxjxa2Yzo_wdjhbPZLjfUJXgCzm54cClXzT5twzo7lzoAfaJlkTsoZc2HFWqmcri0BuzmTFLZx2Q7wYBm0pXHmQKF0V-C1O6NWfd4mfBhbM-I1tHYSpAMgarSm22WDMDx-WWI7TEzy2QhaBVaENW9BKaKkJklocAZCxk18WhR0fckIGiWiSM5FcU1PY2jfGsTmX505Ub7P5Dz75Ygqrutd5tFrcqyPAtPTFDk8X1InxkkUwpP3nFU5o50DGhwQolGYKPGtQ-ZtmbOfcWQ",
"kty": "RSA",
"kid": "r1LkbBo3925Rb2ZFFrKyU3MVex9T2817Kx0vbi6i_Kc",
"use": "sig"
},
{
"e": "AQAB",
"n": "mXauIvyeUFA74P2vcmgAWSCMw6CP6-MJ6EvFuRARfLLJEi49AzQvJl_4pwDvLkZcCqS7OqPE1ufNyDH6oQPEc7JuukHMY02EgwqHjJ6GG6FQqJuiWlKB_l-7c9y9r4bh4r58xdZc6T5dFVSNT2VcIVoSjq9VmzwpaTKCUyVeZYHZhnLfWMm9rKU5WSz75siG-_jbudItsfhEwA59kvi4So2IV9TxHwW50i4IcTB1gXwG1olNgiX3-Mq1Iw5VGPzMo2hQXI3q1y-ZjhSwhvG5dje9J8htBEWdVYk4f6cv19IE9gEx7T-2vIVw5FCpAmmfFuRebec49c7zjfr0EyTI4w",
"kty": "RSA",
"kid": "w5kPRdJWODnYjihMgqs0tHkKk-e5OxU4DnSCZDkF_h0",
"use": "enc"
},
{
"crv": "P-256",
"x": "FWZ9rSkLt6Dx9E3pxLybhdM6xgR5obGsj5_pqmnz5J4",
"y": "_n8G69C-A2Xl4xUW2lF0i8ZGZnk_KPYrhv4GbTGu5G4",
"kty": "EC",
"kid": "MFZeG102dQiqbANoaMlW_Jmf7fOZmtRsHt77JFhTpF0",
"use": "sig"
},
{
"crv": "P-256",
"x": "Eb3RtGgBGOEz33yu46aha_RU6pyBaYNlu6SawlWGGHQ",
"y": "tUncttzF6Ud4Abfn1N2A1Rz2MBbJSdI0zuKS28BNb-U",
"kty": "EC",
"kid": "mlSUkq-ELqZiWl9zs9ZKkbcjIvgajGgnXfPWUZn9lEc",
"use": "enc"
},
{
"crv": "secp256k1",
"x": "zJGal5PW-uZs80sOy3fqSRI57Ipz8X-xWrWrzRcMwmU",
"y": "W3iCyuCnFHfJhVrLpFgRmaVd2ok4c-d0KTxeykQxKe4",
"kty": "EC",
"kid": "L7vUx_v7gXtEg7kpIXO_d7aHjZdFDDNl2GOxPHTBkoY",
"use": "sig"
},
{
"crv": "P-384",
"x": "P1npwyTJ2p20D9_r2u31DU7tfDEufaVcSJJcDOuO6QyqrXvjyMvf8e5xv3XxE39l",
"y": "tmq2S12MVdKUQTmd0AxVEOji1ihR_vZAhTLKojD2XW_2EJH7ydiaz2oxrnkC0mvI",
"kty": "EC",
"kid": "rqHXKVLLF2RxqFgXWfEZE578gM-IhelOjugVfb_BMZ4",
"use": "sig"
},
{
"crv": "P-384",
"x": "UhkqvxbxMCGtkg_-6W0gqkr21fgY3LSaNbquU7CYEDwBwGCd6iK6Bu5PVUxraulY",
"y": "CXrg3mxUkN5D4bPfiLfnD1jMYGSDxn2Zeh-8_OOstX21WNZJ9_i-iFZR3pIXyH0z",
"kty": "EC",
"kid": "rV1Hjt_79O_m1oJ7Jz0QgKHDa2iwb8p4kvMU0L99wjg",
"use": "enc"
},
{
"crv": "P-521",
"x": "AIjEl5H8w2Rf_iqIP8WT7v5-FlBlBGYy5sMJs1XOxWz4RRARIEOemEY45g10sEPzZ4qe7oyjCUDK5FY1WwjRvgHK",
"y": "AaKN94cn1ApvvfpOWO9VpJm-lLzOUR8XxOrKYfPqcLs0zEqSPiGdWA5CoNL5ck1q-CXD09ysQSmNkzFGaig2Mnop",
"kty": "EC",
"kid": "RG_hu6lggazoCOu2wsrn3icSvhAXuGyL55f2GAaH2NA",
"use": "sig"
},
{
"crv": "P-521",
"x": "AXFcu6lqcxoyFUU14xTw0I5cfCR2q0jqOXwU_EKjA5mIxUpue58IIrfrIh4IauV3co2SziD6Uf1SWe8l11Y4-BoJ",
"y": "AREzsMJu3VveUPMaJ2QWmjucwzZH4FqufXzS2IW-MGqViyDNTg2BgX-2VCJvdTo0zbhvRvBC1ghJNrVnH5M92JQ6",
"kty": "EC",
"kid": "MPcTmIIPYRnLt9s_TdBrpV27HcNVDi9aZpB0eJvAxzE",
"use": "enc"
},
{
"crv": "Ed25519",
"x": "lDkysGJKRmJeUp8ncTyGraHPHHiIfdxSajxGm7Srla8",
"kty": "OKP",
"kid": "CLjPrbijCB2z9dScRNpM1mSGOQVOIByTmd18Ft2eiAQ",
"use": "sig"
},
{
"crv": "Ed448",
"x": "BG1zKFg6A_Rzix4pA08oYN5xHqhKIiREXZ59NZoA8p3xhgjh-tm8nc-6udtiL5ZNhWDbnRSq4jQA",
"kty": "OKP",
"kid": "kU2PiegZOPUKcsJATItJArz18oWWfEH-Ma52K_8nGaE",
"use": "sig"
},
{
"crv": "X25519",
"x": "YKEoKF4I0yDj47ACrcYSvuIzSc7GavP1_1PMK6V6NxE",
"kty": "OKP",
"kid": "T7uM_TJMKlPvczn2LoSfh3bIYdjORQ4JVFF5HsYy4Ak",
"use": "enc"
},
{
"crv": "X448",
"x": "AYO1VQfnOTxeNlUSzfwyt-zM0pxNlz7d8VgAt0L4fUsLy9gqCJic6jfl2Rz5eS3tGYewnXICqIs",
"kty": "OKP",
"kid": "QSRRIBh286rZjiAX_mCSvJy3TwqvXQN6qYmMFzpX994",
"use": "enc"
}
]
}
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@panva