Commit 2f34bb77 authored by Simo Sorce's avatar Simo Sorce

Fix storage of heades in the internal object

The Unprotected headers are stored as an unencode JSON string
in a JWS object.
Verify shouldn't try to json_decode() the unprotected headers
and the deserialization function shouldn't try to store a json
encoded object.
Signed-off-by: default avatarSimo Sorce <>

Fixes #17
parent 1688a8fe
......@@ -364,10 +364,9 @@ class JWS(object):
raise InvalidJWSSignature('Invalid Protected header')
# merge heders, and verify there are no duplicates
if header:
h = json_decode(header)
if not isinstance(h, dict):
if not isinstance(header, dict):
raise InvalidJWSSignature('Invalid Unprotected header')
p = self._merge_headers(p, h)
p = self._merge_headers(p, header)
# verify critical headers
# TODO: allow caller to specify list of headers it understands
if 'crit' in p:
......@@ -464,7 +463,7 @@ class JWS(object):
p = base64url_decode(str(s['protected']))
os['protected'] = p.decode('utf-8')
if 'header' in s:
os['header'] = json_encode(s['header'])
os['header'] = s['header']
o['signature'] = base64url_decode(str(djws['signature']))
......@@ -472,7 +471,7 @@ class JWS(object):
p = base64url_decode(str(djws['protected']))
o['protected'] = p.decode('utf-8')
if 'header' in djws:
o['header'] = json_encode(djws['header'])
o['header'] = djws['header']
except ValueError:
c = raw_jws.split('.')
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment