hardening(identity): reject crit array with non-string elements per RFC 7515

vvillait88 · claude · vvillait88 · commit 2f598ca56970 · 2026-05-09T06:17:42.000-07:00
RFC 7515 §4.1.11 requires crit array entries to be strings. The previous
shape check accepted arrays like [42] or [42, "valid"] because it only
guarded against non-list and empty-list shapes. Node-commerce already
rejects these with malformed_jws; Python now matches.

Co-Authored-By: Claude Opus 4.7 (1M context) &lt;noreply@anthropic.com&gt;
diff --git a/agentscore_commerce/identity/ucp_jwks.py b/agentscore_commerce/identity/ucp_jwks.py
@@ -409,10 +409,10 @@ def verify_ucp_profile(
     # when it tries to iterate `None`. RFC 7515 §4.1.11 requires a non-empty array.
     if "crit" in header:
         crit = header["crit"]
-        if not isinstance(crit, list) or len(crit) == 0:
+        if not isinstance(crit, list) or len(crit) == 0 or not all(isinstance(c, str) for c in crit):
             raise UCPVerificationError(
                 "malformed_jws",
-                f"JWS protected header crit must be a non-empty array; got {crit!r}.",
+                f"JWS protected header crit must be a non-empty array of strings; got {crit!r}.",
             )
         raise UCPVerificationError(
             "unrecognized_critical_header",
diff --git a/tests/test_ucp_jwks.py b/tests/test_ucp_jwks.py
@@ -631,6 +631,28 @@ def test_verify_crit_string_emits_malformed_jws(self) -> None:
             verify_ucp_profile(signed, build_jwks_response([key.public_jwk]))
         assert exc.value.code == "malformed_jws"
 
+    @pytest.mark.parametrize(
+        "bad_crit",
+        [
+            [42],
+            [None],
+            [{}],
+            [42, "valid"],
+            ["valid", 42],
+        ],
+    )
+    def test_verify_crit_with_non_string_element_emits_malformed_jws(self, bad_crit: object) -> None:
+        """RFC 7515 §4.1.11: crit array entries MUST be strings. Non-string elements
+        (including mixed arrays) are malformed. Cross-language parity with node-commerce,
+        which rejects [42] etc. with malformed_jws."""
+        key = generate_ucp_signing_key(kid="real")
+        profile = _base_profile([key.public_jwk])
+        jws_compact = self._hand_craft_jws_with_crit(key, profile, bad_crit)
+        signed = {**profile, "signature": jws_compact}
+        with pytest.raises(UCPVerificationError) as exc:
+            verify_ucp_profile(signed, build_jwks_response([key.public_jwk]))
+        assert exc.value.code == "malformed_jws"
+
 
 class TestVerifierCanonicalizationTypedErrors:
     """Verifier-side canonicalize must NEVER leak raw ValueError; always UCPVerificationError(body_mismatch)."""
