Checking for public and private key not to be null in RS256Algorithm (#…

…208)
jwt-dotnet · Jun 24, 2019 · 16ef475 · 16ef475
1 parent 050b24b
commit 16ef475
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 10 deletions.
diff --git a/src/JWT/Algorithms/RS256Algorithm.cs b/src/JWT/Algorithms/RS256Algorithm.cs
@@ -1,4 +1,5 @@
-using System.Security.Cryptography;
+using System;
+using System.Security.Cryptography;
 using System.Security.Cryptography.X509Certificates;
 
 namespace JWT.Algorithms
@@ -18,8 +19,17 @@ public sealed class RS256Algorithm : IJwtAlgorithm
         /// <param name="privateKey">The RSA key for signing the data.</param>
         public RS256Algorithm(RSACryptoServiceProvider publicKey, RSA privateKey)
         {
-            _publicKey = publicKey;
-            _privateKey = privateKey;
+            _publicKey = publicKey ?? throw new InvalidOperationException("Private key is null");
+            _privateKey = privateKey ?? throw new InvalidOperationException("Public key is null");
+        }
+
+        /// <summary>
+        /// Creates an instance using the provided pair of public and private keys.
+        /// </summary>
+        /// <param name="publicKey">The RSA service provider for verifying the data.</param>
+        public RS256Algorithm(RSACryptoServiceProvider publicKey)
+        {
+            _publicKey = publicKey ?? throw new InvalidOperationException("Private key is null");
         }
 
         /// <summary>
@@ -52,14 +62,14 @@ public byte[] Sign(byte[] bytesToSign) =>
         /// <summary>
         /// Verifies provided byte array with provided signature.
         /// </summary>
+        /// <remarks>
+        /// 2.16.840.1.101.3.4.2.1 is the object id for the sha256NoSign algorithm.
+        /// See https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-gpnap/a48b02b2-2a10-4eb0-bed4-1807a6d2f5ad for further details.
+        /// </remarks>
         /// <param name="bytesToSign">The data to verify</param>
         /// <param name="signature">The signature to verify with</param>
-        public bool Verify(byte[] bytesToSign, byte[] signature)
-        {
-            // 2.16.840.1.101.3.4.2.1 is the object id for the sha256NoSign algorithm.
-            // See https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-gpnap/a48b02b2-2a10-4eb0-bed4-1807a6d2f5ad for further details.
-            return _publicKey.VerifyData(bytesToSign, "2.16.840.1.101.3.4.2.1", signature);
-        }
+        public bool Verify(byte[] bytesToSign, byte[] signature) =>
+            _publicKey.VerifyData(bytesToSign, "2.16.840.1.101.3.4.2.1", signature);
 
         private static RSA GetPrivateKey(X509Certificate2 cert)
         {

diff --git a/src/JWT/JWT.csproj b/src/JWT/JWT.csproj
@@ -18,7 +18,7 @@
     <PackageProjectUrl>https://github.com/jwt-dotnet/jwt</PackageProjectUrl>
     <Authors>Alexander Batishchev, John Sheehan, Michael Lehenbauer</Authors>
     <PackageLicenseUrl>https://creativecommons.org/publicdomain/zero/1.0/</PackageLicenseUrl>
-    <Version>5.2.0</Version>
+    <Version>5.2.1</Version>
     <PackageTags>jwt json</PackageTags>
     <FileVersion>5.0.0.0</FileVersion>
     <AssemblyVersion>5.0.0.0</AssemblyVersion>