hardening: round-4 reviewer findings (warning scope + edge tests + README codes)

vvillait88 · claude · vvillait88 · commit 757dedf95032 · 2026-05-08T16:24:13.000-07:00
Tighten the EdDSA SecurityWarning suppression to the exact joserfc message
and class so a future, unrelated EdDSA-vulnerability warning is no longer
swallowed: scope is now `joserfc.errors.SecurityWarning` with literal
regex `^EdDSA is deprecated via RFC 9864$` in both the helper and the
pyproject `filterwarnings`. Add explicit canonicalization tests for NaN,
positive-infinity, and negative-infinity floats (matching node-commerce
parity). Add coverage for `unusable_key` (JWK with `use=enc`),
non-string `signature` field (int / None / list / dict), non-dict JWKS
entries, and JWS protected headers that decode to a JSON array. Extend
the README error-code list with `unusable_key`, `malformed_jwks`, and
`unrecognized_critical_header`.

Co-Authored-By: Claude Opus 4.7 (1M context) &lt;noreply@anthropic.com&gt;
diff --git a/README.md b/README.md
@@ -226,7 +226,7 @@ signed = sign_ucp_profile(profile.to_dict(), signing_key=key.private_key, kid=ke
 jwks = build_jwks_response([key.public_jwk])
 ```
 
-`verify_ucp_profile` enforces the JWS protected header `typ='ucp-profile+jws'`, restricts `alg` to `EdDSA`/`ES256`, requires a `kid`, rejects duplicate kids in the JWKS, and compares the canonical body bytes against the JWS payload to catch swap-after-sign tampering. Failures raise `UCPVerificationError` (a `ValueError` subclass) with a discriminated `code` attribute (`no_signature`/`missing_kid`/`kid_not_found`/`duplicate_kid`/`unsupported_alg`/`wrong_typ`/`signature_invalid`/`body_mismatch`/`malformed_jws`).
+`verify_ucp_profile` enforces the JWS protected header `typ='ucp-profile+jws'`, restricts `alg` to `EdDSA`/`ES256`, requires a `kid`, rejects duplicate kids in the JWKS, and compares the canonical body bytes against the JWS payload to catch swap-after-sign tampering. Failures raise `UCPVerificationError` (a `ValueError` subclass) with a discriminated `code` attribute (`no_signature`/`missing_kid`/`kid_not_found`/`duplicate_kid`/`unsupported_alg`/`wrong_typ`/`signature_invalid`/`body_mismatch`/`malformed_jws`/`malformed_jwks`/`unusable_key`/`unrecognized_critical_header`).
 
 `sign_ucp_profile` rejects profiles containing `float` values: cross-language float canonicalization is not stable, so use decimal strings (e.g. `"9.99"`) for any monetary or fractional fields you put in `extras`.
 
diff --git a/agentscore_commerce/identity/ucp_jwks.py b/agentscore_commerce/identity/ucp_jwks.py
@@ -43,16 +43,21 @@
 
 @contextlib.contextmanager
 def _suppress_joserfc_eddsa_warning() -> Iterator[None]:
-    """Silence joserfc's per-call SecurityWarning for EdDSA.
+    """Silence joserfc's exact RFC 9864 EdDSA SecurityWarning.
 
-    joserfc treats EdDSA as "deprecated via RFC 9864" and emits a
-    SecurityWarning every time we sign or verify. UCP §6 explicitly mandates
-    EdDSA support so we suppress the warning at the call site rather than
-    forcing every consumer to set warnings.filterwarnings globally. CI runs
-    with -W error would otherwise fail noisily on every signing test.
+    UCP §6 requires EdDSA support and joserfc emits a per-call deprecation
+    warning. The filter is pinned to the exact message + class
+    (``joserfc.errors.SecurityWarning``: ``"EdDSA is deprecated via RFC 9864"``)
+    so a future, unrelated EdDSA warning still surfaces normally.
     """
+    from joserfc.errors import SecurityWarning  # type: ignore[import-not-found]
+
     with warnings.catch_warnings():
-        warnings.filterwarnings("ignore", message=r".*EdDSA.*", category=Warning)
+        warnings.filterwarnings(
+            "ignore",
+            message=r"^EdDSA is deprecated via RFC 9864$",
+            category=SecurityWarning,
+        )
         yield
 
 
diff --git a/pyproject.toml b/pyproject.toml
@@ -81,9 +81,10 @@ include = ["agentscore_commerce"]
 asyncio_mode = "auto"
 addopts = "--cov=agentscore_commerce --cov-report=term-missing --cov-fail-under=95"
 # joserfc emits SecurityWarning for EdDSA on every sign/verify (see RFC 9864).
-# UCP §6 explicitly accepts EdDSA so we suppress; the SDK helpers wrap their
-# own joserfc calls with a context-manager filter, but tests that hand-construct
-# joserfc calls directly need the suppression too.
+# UCP §6 explicitly accepts EdDSA so we suppress. SDK helpers wrap their own
+# joserfc calls with a context-manager filter, but tests that hand-construct
+# joserfc calls directly need the suppression too. Scope matches the exact
+# message + class so a future unrelated EdDSA warning still surfaces.
 filterwarnings = [
-    "ignore:.*EdDSA.*:Warning",
+    "ignore:^EdDSA is deprecated via RFC 9864$:joserfc.errors.SecurityWarning",
 ]
diff --git a/tests/test_ucp_jwks.py b/tests/test_ucp_jwks.py
@@ -289,6 +289,24 @@ def test_rejects_float_in_profile(self) -> None:
         with pytest.raises(ValueError, match="rejects float"):
             sign_ucp_profile(profile, signing_key=signer.private_key, kid="k")
 
+    def test_rejects_nan(self) -> None:
+        signer = generate_ucp_signing_key(kid="k")
+        profile = {**_base_profile([signer.public_jwk]), "extras": {"value": float("nan")}}
+        with pytest.raises(ValueError, match="rejects float"):
+            sign_ucp_profile(profile, signing_key=signer.private_key, kid="k")
+
+    def test_rejects_positive_infinity(self) -> None:
+        signer = generate_ucp_signing_key(kid="k")
+        profile = {**_base_profile([signer.public_jwk]), "extras": {"value": float("inf")}}
+        with pytest.raises(ValueError, match="rejects float"):
+            sign_ucp_profile(profile, signing_key=signer.private_key, kid="k")
+
+    def test_rejects_negative_infinity(self) -> None:
+        signer = generate_ucp_signing_key(kid="k")
+        profile = {**_base_profile([signer.public_jwk]), "extras": {"value": float("-inf")}}
+        with pytest.raises(ValueError, match="rejects float"):
+            sign_ucp_profile(profile, signing_key=signer.private_key, kid="k")
+
     def test_accepts_int_and_string(self) -> None:
         signer = generate_ucp_signing_key(kid="k")
         profile = {**_base_profile([signer.public_jwk]), "extras": {"count": 7, "label": "wine"}}
@@ -362,6 +380,47 @@ def test_verify_rejects_non_dict_profile(self) -> None:
             verify_ucp_profile("not a profile", {"keys": []})  # type: ignore[arg-type]
         assert exc.value.code == "no_signature"
 
+    def test_verify_rejects_unusable_key_use_enc(self) -> None:
+        key = generate_ucp_signing_key(kid="k")
+        profile = _base_profile([key.public_jwk])
+        signed = sign_ucp_profile(profile, signing_key=key.private_key, kid="k")
+        enc_jwk = {**key.public_jwk, "use": "enc"}
+        with pytest.raises(UCPVerificationError) as exc:
+            verify_ucp_profile(signed, build_jwks_response([enc_jwk]))
+        assert exc.value.code == "unusable_key"
+
+    @pytest.mark.parametrize("bad_sig", [42, None, [], {}])
+    def test_verify_rejects_non_string_signature(self, bad_sig: object) -> None:
+        key = generate_ucp_signing_key(kid="k")
+        profile = _base_profile([key.public_jwk])
+        tampered = {**profile, "signature": bad_sig}
+        with pytest.raises(UCPVerificationError) as exc:
+            verify_ucp_profile(tampered, build_jwks_response([key.public_jwk]))
+        assert exc.value.code == "no_signature"
+
+    @pytest.mark.parametrize("bad_entry", [None, "string"])
+    def test_verify_rejects_non_dict_jwks_entry(self, bad_entry: object) -> None:
+        key = generate_ucp_signing_key(kid="k")
+        profile = _base_profile([key.public_jwk])
+        signed = sign_ucp_profile(profile, signing_key=key.private_key, kid="k")
+        with pytest.raises(UCPVerificationError) as exc:
+            verify_ucp_profile(signed, {"keys": [bad_entry]})
+        assert exc.value.code == "kid_not_found"
+
+    def test_verify_rejects_protected_header_decoding_to_json_array(self) -> None:
+        import base64
+
+        key = generate_ucp_signing_key(kid="k")
+        profile = _base_profile([key.public_jwk])
+        header_array_b64 = (
+            base64.urlsafe_b64encode(__import__("json").dumps(["EdDSA", "kid"]).encode()).rstrip(b"=").decode()
+        )
+        bogus_jws = f"{header_array_b64}.payload.sig"
+        signed = {**profile, "signature": bogus_jws}
+        with pytest.raises(UCPVerificationError) as exc:
+            verify_ucp_profile(signed, build_jwks_response([key.public_jwk]))
+        assert exc.value.code == "malformed_jws"
+
     def test_verify_wraps_unrecognized_critical_header(self) -> None:
         import base64
 
