Adding test vectors using key_ops and incorrect use fields.

There are a few more failing test vectors:
jose4j verifies signatures with keys only meant for encryption.
Possibly this has been fixed upstream with
https://bitbucket.org/b_c/jose4j/wiki/commits/72e156aa68def409bca97f4dff9f63ec5a7c24c1

NOKEYCHECK=True
PiperOrigin-RevId: 509168926

3 files changed, 267 insertions, 6 deletions

diff --git a/java/com/google/security/wycheproof/jose4j/JsonWebSignatureTest.java b/java/com/google/security/wycheproof/jose4j/JsonWebSignatureTest.java
index 9664476..1c878b0 100644
--- a/java/com/google/security/wycheproof/jose4j/JsonWebSignatureTest.java
+++ b/java/com/google/security/wycheproof/jose4j/JsonWebSignatureTest.java
@@ -52,7 +52,16 @@ public class JsonWebSignatureTest {
         "ps512_UsingRS384_tcId334",
         "ps512_UsingRS512_tcId336",
         "ps512_UsingPS256_tcId338",
-        "ps512_UsingPS384_tcId340");
+        "ps512_UsingPS384_tcId340",
+        // Signature verification with key that are restricted to "use": "enc"
+        // or "key_ops": "encrypt" should fail.
+        // The latest release of jose4j from Feb. 8 2023 adds more
+        // restrictions. It appears that the following cases should be covered.
+        "rsa_encryption_rejectWrongUse_tcId353",
+        "ec_key_for_encryption_rejectWrongUse_tcId354",
+        "rsa_encryption_rejectWrongKeyOps_tcId355",
+        "ec_key_for_encryption_rejectWrongKeyOps_tcId356"
+);
   }
 
   /** A JsonWebCryptoTestGroup that contains key information and tests against those keys. */
diff --git a/schemas/json_web_signature_schema.json b/schemas/json_web_signature_schema.json
index 6bd2200..48589cc 100644
--- a/schemas/json_web_signature_schema.json
+++ b/schemas/json_web_signature_schema.json
@@ -40,10 +40,14 @@
         },
         "use": {
           "type": "string",
-          "description": "what type of crypto operation to perform",
-          "enum": [
-            "sig"
-          ]
+          "description": "what type of crypto operation to perform"
+        },
+        "key_ops": {
+          "type": "array",
+          "items": {
+            "type": "string"
+          },
+          "description" : "an alternative to use"
         },
         "kid": {
           "type": "string",
diff --git a/testvectors/json_web_signature_test.json b/testvectors/json_web_signature_test.json
index 50dbef1..206c2e3 100644
--- a/testvectors/json_web_signature_test.json
+++ b/testvectors/json_web_signature_test.json
@@ -1,6 +1,6 @@
 {
   "generatorVersion" : "0.3",
-  "numberOfTests" : 348,
+  "numberOfTests" : 356,
   "header" : [
     "Test vectors of type JwCrypto are intended for tests that verify the ",
     "operations of a JSON Web Encryption/Signature library."
@@ -3320,6 +3320,254 @@
           "result": "valid"
         }
       ]
+    },
+    {
+      "type": "JsonWebSignature",
+      "comment": "rfc7520WithKeyOps",
+      "public": {
+          "kty": "RSA",
+          "alg": "RS256",
+          "kid": "bilbo.baggins@hobbiton.example",
+          "key_ops": ["verify"],
+          "n": "n4EPtAOCc9AlkeQHPzHStgAbgs7bTZLwUBZdR8_KuKPEHLd4rHVTeT-O-XV2jRojdNhxJWTDvNd7nqQ0VEiZQHz_AJmSCpMaJMRBSFKrKb2wqVwGU_NsYOYL-QtiWN2lbzcEe6XC0dApr5ydQLrHqkHHig3RBordaZ6Aj-oBHqFEHYpPe7Tpe-OfVfHd1E6cS6M1FZcD1NNLYD5lFHpPI9bTwJlsde3uhGqC0ZCuEHg8lhzwOHrtIQbS0FVbb9k3-tVTU4fg_3L_vniUFAKwuCLqKnS2BYwdq_mzSnbLY7h_qixoR7jig3__kRhuaxwUkRz5iaiQkqgc5gHdrNP5zw",
+          "e": "AQAB"
+      },
+      "private" : {
+          "kty": "RSA",
+          "alg": "RS256",
+          "kid": "bilbo.baggins@hobbiton.example",
+          "key_ops": ["sign, verify"],
+          "n": "n4EPtAOCc9AlkeQHPzHStgAbgs7bTZLwUBZdR8_KuKPEHLd4rHVTeT-O-XV2jRojdNhxJWTDvNd7nqQ0VEiZQHz_AJmSCpMaJMRBSFKrKb2wqVwGU_NsYOYL-QtiWN2lbzcEe6XC0dApr5ydQLrHqkHHig3RBordaZ6Aj-oBHqFEHYpPe7Tpe-OfVfHd1E6cS6M1FZcD1NNLYD5lFHpPI9bTwJlsde3uhGqC0ZCuEHg8lhzwOHrtIQbS0FVbb9k3-tVTU4fg_3L_vniUFAKwuCLqKnS2BYwdq_mzSnbLY7h_qixoR7jig3__kRhuaxwUkRz5iaiQkqgc5gHdrNP5zw",
+          "e": "AQAB",
+          "d": "bWUC9B-EFRIo8kpGfh0ZuyGPvMNKvYWNtB_ikiH9k20eT-O1q_I78eiZkpXxXQ0UTEs2LsNRS-8uJbvQ-A1irkwMSMkK1J3XTGgdrhCku9gRldY7sNA_AKZGh-Q661_42rINLRCe8W-nZ34ui_qOfkLnK9QWDDqpaIsA-bMwWWSDFu2MUBYwkHTMEzLYGqOe04noqeq1hExBTHBOBdkMXiuFhUq1BU6l-DqEiWxqg82sXt2h-LMnT3046AOYJoRioz75tSUQfGCshWTBnP5uDjd18kKhyv07lhfSJdrPdM5Plyl21hsFf4L_mHCuoFau7gdsPfHPxxjVOcOpBrQzwQ",
+          "p": "3Slxg_DwTXJcb6095RoXygQCAZ5RnAvZlno1yhHtnUex_fp7AZ_9nRaO7HX_-SFfGQeutao2TDjDAWU4Vupk8rw9JR0AzZ0N2fvuIAmr_WCsmGpeNqQnev1T7IyEsnh8UMt-n5CafhkikzhEsrmndH6LxOrvRJlsPp6Zv8bUq0k",
+          "q": "uKE2dh-cTf6ERF4k4e_jy78GfPYUIaUyoSSJuBzp3Cubk3OCqs6grT8bR_cu0Dm1MZwWmtdqDyI95HrUeq3MP15vMMON8lHTeZu2lmKvwqW7anV5UzhM1iZ7z4yMkuUwFWoBvyY898EXvRD-hdqRxHlSqAZ192zB3pVFJ0s7pFc",
+          "dp": "B8PVvXkvJrj2L-GYQ7v3y9r6Kw5g9SahXBwsWUzp19TVlgI-YV85q1NIb1rxQtD-IsXXR3-TanevuRPRt5OBOdiMGQp8pbt26gljYfKU_E9xn-RULHz0-ed9E9gXLKD4VGngpz-PfQ_q29pk5xWHoJp009Qf1HvChixRX59ehik",
+          "dq": "CLDmDGduhylc9o7r84rEUVn7pzQ6PF83Y-iBZx5NT-TpnOZKF1pErAMVeKzFEl41DlHHqqBLSM0W1sOFbwTxYWZDm6sI6og5iTbwQGIC3gnJKbi_7k_vJgGHwHxgPaX2PnvP-zyEkDERuf-ry4c_Z11Cq9AqC2yeL6kdKT1cYF8",
+          "qi": "3PiqvXQN0zwMeE-sBvZgi289XP9XCQF3VWqPzMKnIgQp7_Tugo6-NZBKCQsMf3HaEGBjTVJs_jcK8-TRXvaKe-7ZMaQj8VfBdYkssbu0NKDDhjJ-GtiseaDVWt7dcH0cfwxgFUHpQh7FoCrjFJ6h6ZEpMF6xmujs4qMpPz8aaI4"
+      },
+      "tests": [
+        {
+          "tcId": 349,
+          "comment": "Figure13",
+          "flags": [],
+          "jws": "eyJhbGciOiJSUzI1NiIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZXhhbXBsZSJ9.SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4.MRjdkly7_-oTPTS3AXP41iQIGKa80A0ZmTuV5MEaHoxnW2e5CZ5NlKtainoFmKZopdHM1O2U4mwzJdQx996ivp83xuglII7PNDi84wnB-BDkoBwA78185hX-Es4JIwmDLJK3lfWRa-XtL0RnltuYv746iYTh_qHRD68BNt1uSNCrUCTJDt5aAE6x8wW1Kt9eRo4QPocSadnHXFxnt8Is9UzpERV0ePPQdLuW3IS_de3xyIrDaLGdjluPxUAhb6L2aXic1U12podGU0KLUQSE_oI-ZnmKJ3F4uOZDnd6QZWJushZ41Axf_fcIe8u9ipH84ogoree7vjbU5y18kDquDg",
+          "result": "valid"
+        }
+      ]
+    },
+    {
+      "type": "JsonWebSignature",
+      "comment": "rfc7520WithKeyOps",
+      "public": {
+          "kty": "RSA",
+          "alg": "PS256",
+          "kid": "bilbo.baggins@hobbiton.example",
+          "key_ops": ["verify"],
+          "n": "n4EPtAOCc9AlkeQHPzHStgAbgs7bTZLwUBZdR8_KuKPEHLd4rHVTeT-O-XV2jRojdNhxJWTDvNd7nqQ0VEiZQHz_AJmSCpMaJMRBSFKrKb2wqVwGU_NsYOYL-QtiWN2lbzcEe6XC0dApr5ydQLrHqkHHig3RBordaZ6Aj-oBHqFEHYpPe7Tpe-OfVfHd1E6cS6M1FZcD1NNLYD5lFHpPI9bTwJlsde3uhGqC0ZCuEHg8lhzwOHrtIQbS0FVbb9k3-tVTU4fg_3L_vniUFAKwuCLqKnS2BYwdq_mzSnbLY7h_qixoR7jig3__kRhuaxwUkRz5iaiQkqgc5gHdrNP5zw",
+          "e": "AQAB"
+      },
+      "private" : {
+          "kty": "RSA",
+          "alg": "PS256",
+          "kid": "bilbo.baggins@hobbiton.example",
+          "key_ops": ["sign", "verify"],
+          "n": "n4EPtAOCc9AlkeQHPzHStgAbgs7bTZLwUBZdR8_KuKPEHLd4rHVTeT-O-XV2jRojdNhxJWTDvNd7nqQ0VEiZQHz_AJmSCpMaJMRBSFKrKb2wqVwGU_NsYOYL-QtiWN2lbzcEe6XC0dApr5ydQLrHqkHHig3RBordaZ6Aj-oBHqFEHYpPe7Tpe-OfVfHd1E6cS6M1FZcD1NNLYD5lFHpPI9bTwJlsde3uhGqC0ZCuEHg8lhzwOHrtIQbS0FVbb9k3-tVTU4fg_3L_vniUFAKwuCLqKnS2BYwdq_mzSnbLY7h_qixoR7jig3__kRhuaxwUkRz5iaiQkqgc5gHdrNP5zw",
+          "e": "AQAB",
+          "d": "bWUC9B-EFRIo8kpGfh0ZuyGPvMNKvYWNtB_ikiH9k20eT-O1q_I78eiZkpXxXQ0UTEs2LsNRS-8uJbvQ-A1irkwMSMkK1J3XTGgdrhCku9gRldY7sNA_AKZGh-Q661_42rINLRCe8W-nZ34ui_qOfkLnK9QWDDqpaIsA-bMwWWSDFu2MUBYwkHTMEzLYGqOe04noqeq1hExBTHBOBdkMXiuFhUq1BU6l-DqEiWxqg82sXt2h-LMnT3046AOYJoRioz75tSUQfGCshWTBnP5uDjd18kKhyv07lhfSJdrPdM5Plyl21hsFf4L_mHCuoFau7gdsPfHPxxjVOcOpBrQzwQ",
+          "p": "3Slxg_DwTXJcb6095RoXygQCAZ5RnAvZlno1yhHtnUex_fp7AZ_9nRaO7HX_-SFfGQeutao2TDjDAWU4Vupk8rw9JR0AzZ0N2fvuIAmr_WCsmGpeNqQnev1T7IyEsnh8UMt-n5CafhkikzhEsrmndH6LxOrvRJlsPp6Zv8bUq0k",
+          "q": "uKE2dh-cTf6ERF4k4e_jy78GfPYUIaUyoSSJuBzp3Cubk3OCqs6grT8bR_cu0Dm1MZwWmtdqDyI95HrUeq3MP15vMMON8lHTeZu2lmKvwqW7anV5UzhM1iZ7z4yMkuUwFWoBvyY898EXvRD-hdqRxHlSqAZ192zB3pVFJ0s7pFc",
+          "dp": "B8PVvXkvJrj2L-GYQ7v3y9r6Kw5g9SahXBwsWUzp19TVlgI-YV85q1NIb1rxQtD-IsXXR3-TanevuRPRt5OBOdiMGQp8pbt26gljYfKU_E9xn-RULHz0-ed9E9gXLKD4VGngpz-PfQ_q29pk5xWHoJp009Qf1HvChixRX59ehik",
+          "dq": "CLDmDGduhylc9o7r84rEUVn7pzQ6PF83Y-iBZx5NT-TpnOZKF1pErAMVeKzFEl41DlHHqqBLSM0W1sOFbwTxYWZDm6sI6og5iTbwQGIC3gnJKbi_7k_vJgGHwHxgPaX2PnvP-zyEkDERuf-ry4c_Z11Cq9AqC2yeL6kdKT1cYF8",
+          "qi": "3PiqvXQN0zwMeE-sBvZgi289XP9XCQF3VWqPzMKnIgQp7_Tugo6-NZBKCQsMf3HaEGBjTVJs_jcK8-TRXvaKe-7ZMaQj8VfBdYkssbu0NKDDhjJ-GtiseaDVWt7dcH0cfwxgFUHpQh7FoCrjFJ6h6ZEpMF6xmujs4qMpPz8aaI4"
+      },
+      "tests": [
+        {
+          "tcId": 350,
+          "comment": "Figure20",
+          "flags": [],
+          "jws": "eyJhbGciOiJQUzM4NCIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZXhhbXBsZSJ9.SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4.cu22eBqkYDKgIlTpzDXGvaFfz6WGoz7fUDcfT0kkOy42miAh2qyBzk1xEsnk2IpN6-tPid6VrklHkqsGqDqHCdP6O8TTB5dDDItllVo6_1OLPpcbUrhiUSMxbbXUvdvWXzg-UD8biiReQFlfz28zGWVsdiNAUf8ZnyPEgVFn442ZdNqiVJRmBqrYRXe8P_ijQ7p8Vdz0TTrxUeT3lm8d9shnr2lfJT8ImUjvAA2Xez2Mlp8cBE5awDzT0qI0n6uiP1aCN_2_jLAeQTlqRHtfa64QQSUmFAAjVKPbByi7xho0uTOcbH510a6GYmJUAfmWjwZ6oD4ifKo8DYM-X72Eaw",
+          "result": "valid"
+        }
+      ]
+    },
+    {
+      "type": "JsonWebSignature",
+      "comment": "rfc7520WithKeyOps",
+      "public": {
+          "kty": "EC",
+          "alg": "ES521",
+          "kid": "bilbo.baggins@hobbiton.example",
+          "key_ops": ["verify"],
+          "crv": "P-521",
+          "x": "AHKZLLOsCOzz5cY97ewNUajB957y-C-U88c3v13nmGZx6sYl_oJXu9A5RkTKqjqvjyekWF-7ytDyRXYgCF5cj0Kt",
+          "y": "AdymlHvOiLxXkEhayXQnNCvDX4h9htZaCJN34kfmC6pV5OhQHiraVySsUdaQkAgDPrwQrJmbnX9cwlGfP-HqHZR1"
+      },
+      "private" : {
+          "kty": "EC",
+          "alg": "ES521",
+          "kid": "bilbo.baggins@hobbiton.example",
+          "key_ops": ["sign", "verify"],
+          "crv": "P-521",
+          "x": "AHKZLLOsCOzz5cY97ewNUajB957y-C-U88c3v13nmGZx6sYl_oJXu9A5RkTKqjqvjyekWF-7ytDyRXYgCF5cj0Kt",
+          "y": "AdymlHvOiLxXkEhayXQnNCvDX4h9htZaCJN34kfmC6pV5OhQHiraVySsUdaQkAgDPrwQrJmbnX9cwlGfP-HqHZR1",
+          "d": "AAhRON2r9cqXX1hg-RoI6R1tX5p2rUAYdmpHZoC1XNM56KtscrX6zbKipQrCW9CGZH3T4ubpnoTKLDYJ_fF3_rJt"
+      },
+      "tests": [
+        {
+          "tcId": 351,
+          "comment": "Figure27",
+          "flags": [],
+          "jws": "eyJhbGciOiJFUzUxMiIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZXhhbXBsZSJ9.SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4.AE_R_YZCChjn4791jSQCrdPZCNYqHXCTZH0-JZGYNlaAjP2kqaluUIIUnC9qvbu9Plon7KRTzoNEuT4Va2cmL1eJAQy3mtPBu_u_sDDyYjnAMDxXPn7XrT0lw-kvAD890jl8e2puQens_IEKBpHABlsbEPX6sFY8OcGDqoRuBomu9xQ2",
+          "result": "valid"
+        }
+      ]
+    },
+    {
+      "type": "JsonWebSignature",
+      "comment": "rfc7520",
+      "private" : {
+         "kty": "oct",
+         "kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037",
+         "use": "sig",
+         "alg": "HS256",
+         "k": "hJtXIZ2uSN5kbQfbtTNWbpdmhkV8FJG-Onbc6mxCcYg"
+      },
+      "tests": [
+        {
+          "tcId": 352,
+          "comment": "Figure35",
+          "flags": [],
+          "jws": "eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOWItNDcxYi1iZmQ2LWVlZjMxNGJjNzAzNyJ9.SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4.s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p0",
+          "result": "valid"
+        }
+      ]
+    },
+    {
+      "type": "JsonWebSignature",
+      "comment": "rsa_encryption",
+      "private": {
+        "use": "enc",
+        "n": "kqGboBfAWttWPCA-0cGRgsY6SaYoIARt0B_PkaEcIq9HPYNdu9n6UuWHuuTHrjF_ZoQW97r5HaAorNvrMEGTGdxCHZdEtkHvNVVmrtxTBLiQCbCozXhFoIrVcr3qUBrdGnNn_M3jJi7Wg7p_-x62nS5gNG875oyheRkutHsQXikFZwsN3q_TsPNOVlCiHy8mxzaFTUQGm-X8UYexFyAivlDSjgDJLAZSWfxd7k9Gxuwa3AUfQqQcVcegmgKGCaErQ3qQbh1x7WB6iopE3_-GZ8HMAVtR9AmrVscqYsnjhaCehfAI0iKKs8zXr8tISc0ORbaalrkk03H1ZrsEnDKEWQ",
+        "e": "AQAB",
+        "d": "YsfIRYN6rDqSz5KRf1E9q7HK1o6-_UK-j7S-asb0Y1FdVs1GuiRQhMPoOjmhY3Io93EI3_7vj8uzWzAUMsAaTxOY3sJnIbktYuqTcD0xGD8VmdGPBkx963db8B6M2UYfqZARf7dbzP9EuB1N1miMcTsqyGgfHGOk7CXQ1vkIv8Uww38KMtEdJ3iB8r-f3qcu-UJjE7Egw9CxKOMjArOXxZEr4VnoIXrImrcTxBfjdY8GbzXGATiPQLur5GT99ZDW78falsir-b5Ean6HNyOeuaJuceT-yjgCXn57Rd3oIHD94CrjNtjBusoLdjbr489L8K9ksCh1gynzLGkeeWgVGQ",
+        "p": "0xalbl1PJbSBGD4XOjIYJLwMYyHMiM06SBauMGzBfCask5DN5jH68Kw1yPS4wkLpx4ltGLuy0X5mMaZzrSOkBGb27-NizBgB2-L279XotznWeh2jbF05Kqzkoz3VaX_7dRhCHEhOopMQh619hA1bwaJyW1k8aNlLPTl3BotkP4M",
+        "q": "sdQsQVz3tI7hmisAgiIjppOssEnZaZO0ONeRRDxBHGLe3BCo1FJoMMQryOAlglayjQnnWjQ-BpwUpa0r9YQhVLweoNEIig6Beph7iYRZgOHEiiTTgUIGgXAL6xhsby1PueUfT0xsN1Y7qt5f5EwOfu7tnFqNyJXIp9W1NQgU6fM",
+        "dp": "kEpEnuJNfdqa-_VFb1RayJF6bjDmXQTcN_a47wUIZVMSWHR9KkMz41v0D_-oY7HVl73Kw0NagnVCaeH75HgeX5v6ZBQsrpIigynr3hl8T_LLNwIXebVnpFI2n5de0BTZ0DraxfZvOhYJEJV43NE8zWm7fdHLx2fxVFJ5mBGkXv0",
+        "dq": "U_xJCnXF51iz5AP7MXq-K6YDIR8_t0UzEMV-riNm_OkVKAoWMnDZFG8R3sU98djQaxwKT-fsg2KjvbuTz1igBUzzijAvQESpkiUB82i2fNAj6rqJybpNKESq3FWkoL1dsgYsS19knJ31gDWWRFRHZFujjPyXiexz4BBmjK1Mc1E",
+        "qi": "Uvb84tWiJF3fB-U9wZSPi7juGgrzeXS_LYtf5fcdV0fZg_h_5nSVpXyYyQ-PK218qEC5MlDkaHKRD9wBOe_eU_zJTNoXzB2oAcgl2MapBWUMytbiF84ghP_2K9UD63ZVsyrorSZhmsJIBBuqQjrmk0tIdpMdlMxLYhrbYwFxUqc",
+        "kid": "kid-rsa-sign",
+        "kty": "RSA"
+      },
+      "public": {
+        "use": "enc",
+        "n": "kqGboBfAWttWPCA-0cGRgsY6SaYoIARt0B_PkaEcIq9HPYNdu9n6UuWHuuTHrjF_ZoQW97r5HaAorNvrMEGTGdxCHZdEtkHvNVVmrtxTBLiQCbCozXhFoIrVcr3qUBrdGnNn_M3jJi7Wg7p_-x62nS5gNG875oyheRkutHsQXikFZwsN3q_TsPNOVlCiHy8mxzaFTUQGm-X8UYexFyAivlDSjgDJLAZSWfxd7k9Gxuwa3AUfQqQcVcegmgKGCaErQ3qQbh1x7WB6iopE3_-GZ8HMAVtR9AmrVscqYsnjhaCehfAI0iKKs8zXr8tISc0ORbaalrkk03H1ZrsEnDKEWQ",
+        "e": "AQAB",
+        "kid": "kid-rsa-sign",
+        "kty": "RSA"
+      },
+      "tests": [
+        {
+          "tcId": 353,
+          "comment": "rejectWrongUse",
+          "jws": "eyJhbGciOiJSUzI1NiIsImtpZCI6ImtpZC1yc2Etc2lnbiJ9.Zm9v.HUwxI1-cZrZgcuOgBQ7G7NE-GrqK79l6GV1KT4DKXnSMFwC8pfZCzE7pmLE7mYpLCIvzC87yuOjuhT0uW5oe6aaAEtR978cm-q8dfly45flqMrd_ifhi9GCsMlyi8dpQ42Ou1etZljFZuWjfyk8CN1c5DaHRwhqjScAPIFp6xmzKIRUJ_xdQfUSfSlujLaixtScU518EoNP4oo1v7E8RAz6ZO4g2N4Xqs8OvSxYydcoTEg42QnLHe9JnXgI37Q5gSwinwaPsG3Ry56UYiLoL8mCUa74S51y02VsIgVmmGWgaXjM-i_lCiKQDBiBnvWlka4XhVuvd6ZWibM9cbCPtPg",
+          "result": "invalid",
+          "flags": []
+        }
+      ]
+    },
+    {
+      "type": "JsonWebSignature",
+      "comment": "ec_key_for_encryption",
+      "private": {
+        "use": "enc",
+        "x": "04N0xi21hshyvBp7I167sbE_bXqyqkAPfefdklMO7wY",
+        "y": "UI8exy-C06a7DUnjIdENkxeFtHM4-l_41LqEw9nVgmw",
+        "crv": "P-256",
+        "d": "yy49oPcINGK2ps0LmtxpB6UTEOiITghHBif6wDqmJ3c",
+        "kid": "kid-ec-sign",
+        "kty": "EC"
+      },
+      "public": {
+        "use": "enc",
+        "x": "04N0xi21hshyvBp7I167sbE_bXqyqkAPfefdklMO7wY",
+        "y": "UI8exy-C06a7DUnjIdENkxeFtHM4-l_41LqEw9nVgmw",
+        "crv": "P-256",
+        "kid": "kid-ec-sign",
+        "kty": "EC"
+      },
+      "tests": [
+        {
+          "tcId": 354,
+          "comment": "rejectWrongUse",
+          "jws": "eyJhbGciOiJFUzI1NiIsImtpZCI6ImtpZC1lYy1zaWduIn0.Zm9v.5cA0OHyMP7ezamUd5c9kV-FrGxdx4hbGXOdplQkutrqWrte5P-pAvsE3Ve6xSyU3YDQwUHjVVOtvcrEbbnZ8yA",
+          "result": "invalid",
+          "flags": []
+        }
+      ]
+    },
+    {
+      "type": "JsonWebSignature",
+      "comment": "rsa_encryption",
+      "private": {
+        "key_ops" : ["encrypt", "decrypt"],
+        "n": "kqGboBfAWttWPCA-0cGRgsY6SaYoIARt0B_PkaEcIq9HPYNdu9n6UuWHuuTHrjF_ZoQW97r5HaAorNvrMEGTGdxCHZdEtkHvNVVmrtxTBLiQCbCozXhFoIrVcr3qUBrdGnNn_M3jJi7Wg7p_-x62nS5gNG875oyheRkutHsQXikFZwsN3q_TsPNOVlCiHy8mxzaFTUQGm-X8UYexFyAivlDSjgDJLAZSWfxd7k9Gxuwa3AUfQqQcVcegmgKGCaErQ3qQbh1x7WB6iopE3_-GZ8HMAVtR9AmrVscqYsnjhaCehfAI0iKKs8zXr8tISc0ORbaalrkk03H1ZrsEnDKEWQ",
+        "e": "AQAB",
+        "d": "YsfIRYN6rDqSz5KRf1E9q7HK1o6-_UK-j7S-asb0Y1FdVs1GuiRQhMPoOjmhY3Io93EI3_7vj8uzWzAUMsAaTxOY3sJnIbktYuqTcD0xGD8VmdGPBkx963db8B6M2UYfqZARf7dbzP9EuB1N1miMcTsqyGgfHGOk7CXQ1vkIv8Uww38KMtEdJ3iB8r-f3qcu-UJjE7Egw9CxKOMjArOXxZEr4VnoIXrImrcTxBfjdY8GbzXGATiPQLur5GT99ZDW78falsir-b5Ean6HNyOeuaJuceT-yjgCXn57Rd3oIHD94CrjNtjBusoLdjbr489L8K9ksCh1gynzLGkeeWgVGQ",
+        "p": "0xalbl1PJbSBGD4XOjIYJLwMYyHMiM06SBauMGzBfCask5DN5jH68Kw1yPS4wkLpx4ltGLuy0X5mMaZzrSOkBGb27-NizBgB2-L279XotznWeh2jbF05Kqzkoz3VaX_7dRhCHEhOopMQh619hA1bwaJyW1k8aNlLPTl3BotkP4M",
+        "q": "sdQsQVz3tI7hmisAgiIjppOssEnZaZO0ONeRRDxBHGLe3BCo1FJoMMQryOAlglayjQnnWjQ-BpwUpa0r9YQhVLweoNEIig6Beph7iYRZgOHEiiTTgUIGgXAL6xhsby1PueUfT0xsN1Y7qt5f5EwOfu7tnFqNyJXIp9W1NQgU6fM",
+        "dp": "kEpEnuJNfdqa-_VFb1RayJF6bjDmXQTcN_a47wUIZVMSWHR9KkMz41v0D_-oY7HVl73Kw0NagnVCaeH75HgeX5v6ZBQsrpIigynr3hl8T_LLNwIXebVnpFI2n5de0BTZ0DraxfZvOhYJEJV43NE8zWm7fdHLx2fxVFJ5mBGkXv0",
+        "dq": "U_xJCnXF51iz5AP7MXq-K6YDIR8_t0UzEMV-riNm_OkVKAoWMnDZFG8R3sU98djQaxwKT-fsg2KjvbuTz1igBUzzijAvQESpkiUB82i2fNAj6rqJybpNKESq3FWkoL1dsgYsS19knJ31gDWWRFRHZFujjPyXiexz4BBmjK1Mc1E",
+        "qi": "Uvb84tWiJF3fB-U9wZSPi7juGgrzeXS_LYtf5fcdV0fZg_h_5nSVpXyYyQ-PK218qEC5MlDkaHKRD9wBOe_eU_zJTNoXzB2oAcgl2MapBWUMytbiF84ghP_2K9UD63ZVsyrorSZhmsJIBBuqQjrmk0tIdpMdlMxLYhrbYwFxUqc",
+        "kid": "kid-rsa-sign",
+        "kty": "RSA"
+      },
+      "public": {
+        "key_ops": ["encrypt"],
+        "n": "kqGboBfAWttWPCA-0cGRgsY6SaYoIARt0B_PkaEcIq9HPYNdu9n6UuWHuuTHrjF_ZoQW97r5HaAorNvrMEGTGdxCHZdEtkHvNVVmrtxTBLiQCbCozXhFoIrVcr3qUBrdGnNn_M3jJi7Wg7p_-x62nS5gNG875oyheRkutHsQXikFZwsN3q_TsPNOVlCiHy8mxzaFTUQGm-X8UYexFyAivlDSjgDJLAZSWfxd7k9Gxuwa3AUfQqQcVcegmgKGCaErQ3qQbh1x7WB6iopE3_-GZ8HMAVtR9AmrVscqYsnjhaCehfAI0iKKs8zXr8tISc0ORbaalrkk03H1ZrsEnDKEWQ",
+        "e": "AQAB",
+        "kid": "kid-rsa-sign",
+        "kty": "RSA"
+      },
+      "tests": [
+        {
+          "tcId": 355,
+          "comment": "rejectWrongKeyOps",
+          "jws": "eyJhbGciOiJSUzI1NiIsImtpZCI6ImtpZC1yc2Etc2lnbiJ9.Zm9v.HUwxI1-cZrZgcuOgBQ7G7NE-GrqK79l6GV1KT4DKXnSMFwC8pfZCzE7pmLE7mYpLCIvzC87yuOjuhT0uW5oe6aaAEtR978cm-q8dfly45flqMrd_ifhi9GCsMlyi8dpQ42Ou1etZljFZuWjfyk8CN1c5DaHRwhqjScAPIFp6xmzKIRUJ_xdQfUSfSlujLaixtScU518EoNP4oo1v7E8RAz6ZO4g2N4Xqs8OvSxYydcoTEg42QnLHe9JnXgI37Q5gSwinwaPsG3Ry56UYiLoL8mCUa74S51y02VsIgVmmGWgaXjM-i_lCiKQDBiBnvWlka4XhVuvd6ZWibM9cbCPtPg",
+          "result": "invalid",
+          "flags": []
+        }
+      ]
+    },
+    {
+      "type": "JsonWebSignature",
+      "comment": "ec_key_for_encryption",
+      "private": {
+        "key_ops": ["encrypt", "decrypt"],
+        "x": "04N0xi21hshyvBp7I167sbE_bXqyqkAPfefdklMO7wY",
+        "y": "UI8exy-C06a7DUnjIdENkxeFtHM4-l_41LqEw9nVgmw",
+        "crv": "P-256",
+        "d": "yy49oPcINGK2ps0LmtxpB6UTEOiITghHBif6wDqmJ3c",
+        "kid": "kid-ec-sign",
+        "kty": "EC"
+      },
+      "public": {
+        "key_ops": ["encrypt"],
+        "x": "04N0xi21hshyvBp7I167sbE_bXqyqkAPfefdklMO7wY",
+        "y": "UI8exy-C06a7DUnjIdENkxeFtHM4-l_41LqEw9nVgmw",
+        "crv": "P-256",
+        "kid": "kid-ec-sign",
+        "kty": "EC"
+      },
+      "tests": [
+        {
+          "tcId": 356,
+          "comment": "rejectWrongKeyOps",
+          "jws": "eyJhbGciOiJFUzI1NiIsImtpZCI6ImtpZC1lYy1zaWduIn0.Zm9v.5cA0OHyMP7ezamUd5c9kV-FrGxdx4hbGXOdplQkutrqWrte5P-pAvsE3Ve6xSyU3YDQwUHjVVOtvcrEbbnZ8yA",
+          "result": "invalid",
+          "flags": []
+        }
+      ]
     }
   ]
 }