fix: use UnsupportedAlgorithmError instead of ValueError in JWS/JWE registry

Author: lepture

src/joserfc/errors.py

@@ -60,6 +60,10 @@ class ConflictAlgorithmError(JoseError):
     error = "conflict_algorithm"
 
 
+class UnsupportedAlgorithmError(JoseError):
+    error = "unsupported_algorithm"
+
+
 class MissingEncryptionError(JoseError):
     error = "missing_encryption"
     description = 'Missing "enc" value in header'

src/joserfc/rfc7515/registry.py

@@ -1,6 +1,7 @@
 from __future__ import annotations
 from typing import Dict
 from .model import JWSAlgModel
+from ..errors import UnsupportedAlgorithmError
 from ..registry import (
     JWS_HEADER_REGISTRY,
     Header,
@@ -49,14 +50,14 @@ def get_alg(self, name: str) -> JWSAlgModel:
         :param name: value of the ``alg``, e.g. ``HS256``, ``RS256``
         """
         if name not in self.algorithms:
-            raise ValueError(f'Algorithm of "{name}" is not supported')
+            raise UnsupportedAlgorithmError(f'Algorithm of "{name}" is not supported')
+
         if self.allowed:
-            allowed = self.allowed
+            if name not in self.allowed:
+                raise UnsupportedAlgorithmError(f'Algorithm of "{name}" is not allowed')
         else:
-            allowed = self.recommended
-
-        if name not in allowed:
-            raise ValueError(f'Algorithm of "{name}" is not allowed')
+            if name not in self.recommended:
+                raise UnsupportedAlgorithmError(f'Algorithm of "{name}" is not recommended')
         return self.algorithms[name]
 
     def check_header(self, header: Header) -> None:

src/joserfc/rfc7516/registry.py

@@ -1,6 +1,7 @@
 from __future__ import annotations
 import typing as t
 from .models import JWEAlgModel, JWEEncModel, JWEZipModel
+from ..errors import UnsupportedAlgorithmError
 from ..registry import (
     Header,
     HeaderRegistryDict,
@@ -101,15 +102,14 @@ def get_zip(self, name: str) -> JWEZipModel:
 
     def _check_algorithm(self, name: str, registry: dict[str, t.Any]) -> None:
         if name not in registry:
-            raise ValueError(f'Algorithm of "{name}" is not supported')
+            raise UnsupportedAlgorithmError(f'Algorithm of "{name}" is not supported')
 
         if self.allowed:
-            allowed = self.allowed
+            if name not in self.allowed:
+                raise UnsupportedAlgorithmError(f'Algorithm of "{name}" is not allowed')
         else:
-            allowed = self.recommended
-
-        if name not in allowed:
-            raise ValueError(f'Algorithm of "{name}" is not allowed')
+            if name not in self.recommended:
+                raise UnsupportedAlgorithmError(f'Algorithm of "{name}" is not recommended')
 
 
 default_registry = JWERegistry()

tests/jwe/test_errors.py

@@ -6,6 +6,7 @@
     InvalidKeyTypeError,
     InvalidKeyLengthError,
     DecodeError,
+    UnsupportedAlgorithmError,
 )
 from tests.base import load_key
 
@@ -67,7 +68,7 @@ def test_invalid_alg(self):
         protected = {"alg": "INVALID", "enc": "A128CBC-HS256"}
         key = OctKey.import_key("secret")
         self.assertRaises(
-            ValueError,
+            UnsupportedAlgorithmError,
             jwe.encrypt_compact,
             protected, b"i", key
         )

tests/jwe/test_example.py

@@ -7,6 +7,7 @@
 from joserfc.rfc7516.message import perform_encrypt
 from joserfc.rfc7516.compact import represent_compact
 from joserfc.rfc7516.json import represent_general_json
+from joserfc.errors import UnsupportedAlgorithmError
 from tests.base import load_key
 
 
@@ -209,7 +210,7 @@ def test_A2(self):
         self.assertEqual(represent_compact(obj), to_bytes(expected))
 
         # RSA1_5 is not allowed by default
-        self.assertRaises(ValueError, decrypt_compact, expected, key)
+        self.assertRaises(UnsupportedAlgorithmError, decrypt_compact, expected, key)
         _registry = JWERegistry(algorithms=['RSA1_5', 'A128CBC-HS256'])
         jwe_data = decrypt_compact(expected, key, registry=_registry)
         self.assertEqual(jwe_data.plaintext, plaintext)

tests/jws/test_compact.py

@@ -1,7 +1,12 @@
 from unittest import TestCase
 from joserfc.jws import JWSRegistry, serialize_compact, deserialize_compact
 from joserfc.jwk import OctKey, RSAKey, KeySet
-from joserfc.errors import BadSignatureError, DecodeError, MissingAlgorithmError
+from joserfc.errors import (
+    BadSignatureError,
+    DecodeError,
+    MissingAlgorithmError,
+    UnsupportedAlgorithmError,
+)
 
 
 class TestCompact(TestCase):
@@ -19,10 +24,10 @@ def test_bad_signature_error(self):
         value = b'eyJhbGciOiJIUzI1NiJ9.Zm9v.0pehoi-RMZM1jl-4TP_C4Y6BJ-bcmsuzfDyQpkpJkh0'
         self.assertRaises(BadSignatureError, deserialize_compact, value, key)
 
-    def test_raise_none_supported_alg(self):
+    def test_raise_unsupported_algorithm_error(self):
         key = OctKey.import_key("secret")
-        self.assertRaises(ValueError, serialize_compact, {"alg": "HS512"}, b"foo", key)
-        self.assertRaises(ValueError, serialize_compact, {"alg": "NOT"}, b"foo", key)
+        self.assertRaises(UnsupportedAlgorithmError, serialize_compact, {"alg": "HS512"}, b"foo", key)
+        self.assertRaises(UnsupportedAlgorithmError, serialize_compact, {"alg": "NOT"}, b"foo", key)
 
     def test_invalid_length(self):
         key = OctKey.import_key("secret")