From 56b3a71733d8aa9a8c73ca6bb9c744c56d018628 Mon Sep 17 00:00:00 2001
From: Les Hazlewood <121180+lhazlewood@users.noreply.github.com>
Date: Tue, 14 Aug 2018 11:41:19 -0400
Subject: [PATCH] Ensured JCA Name comparison is not case sensitive per Java
 Security Standard Algorithm Names documentation.  Accompanied with test case
 for regression.

Resolves #381
---
 .../io/jsonwebtoken/SignatureAlgorithm.java   |  6 +++++-
 .../SignatureAlgorithmTest.groovy             | 19 +++++++++++++++++++
 2 files changed, 24 insertions(+), 1 deletion(-)

diff --git a/api/src/main/java/io/jsonwebtoken/SignatureAlgorithm.java b/api/src/main/java/io/jsonwebtoken/SignatureAlgorithm.java
index 4c96b405..fcb3d391 100644
--- a/api/src/main/java/io/jsonwebtoken/SignatureAlgorithm.java
+++ b/api/src/main/java/io/jsonwebtoken/SignatureAlgorithm.java
@@ -349,7 +349,11 @@ public enum SignatureAlgorithm {
             if (alg == null) {
                 throw new InvalidKeyException("The " + keyType(signing) + " key's algorithm cannot be null.");
             }
-            if (!HS256.jcaName.equals(alg) && !HS384.jcaName.equals(alg) && !HS512.jcaName.equals(alg)) {
+
+            // These next checks use equalsIgnoreCase per https://github.com/jwtk/jjwt/issues/381#issuecomment-412912272
+            if (!HS256.jcaName.equalsIgnoreCase(alg) &&
+                !HS384.jcaName.equalsIgnoreCase(alg) &&
+                !HS512.jcaName.equalsIgnoreCase(alg)) {
                 throw new InvalidKeyException("The " + keyType(signing) + " key's algorithm '" + alg +
                     "' does not equal a valid HmacSHA* algorithm name and cannot be used with " + name() + ".");
             }
diff --git a/api/src/test/groovy/io/jsonwebtoken/SignatureAlgorithmTest.groovy b/api/src/test/groovy/io/jsonwebtoken/SignatureAlgorithmTest.groovy
index 50543414..57f4e0a1 100644
--- a/api/src/test/groovy/io/jsonwebtoken/SignatureAlgorithmTest.groovy
+++ b/api/src/test/groovy/io/jsonwebtoken/SignatureAlgorithmTest.groovy
@@ -372,6 +372,25 @@ class SignatureAlgorithmTest {
         }
     }
 
+    @Test // https://github.com/jwtk/jjwt/issues/381
+    void testAssertValidHmacSigningKeyCaseInsensitiveJcaName() {
+
+        for (SignatureAlgorithm alg : SignatureAlgorithm.values().findAll { it.isHmac() }) {
+
+            SecretKey key = createMock(SecretKey)
+            int numBits = alg.minKeyLength
+            int numBytes = numBits / 8 as int
+            expect(key.getEncoded()).andReturn(new byte[numBytes])
+            expect(key.getAlgorithm()).andReturn(alg.jcaName.toUpperCase()) // <-- upper case, non standard JCA name
+
+            replay key
+
+            alg.assertValidSigningKey(key)
+
+            verify key
+        }
+    }
+
     @Test
     void testAssertValidHmacSigningKeyUnsupportedAlgorithm() {