Fix for CVE-2017-11424

[sirosen]

Add "RSA PUBLIC KEY" to the forbidden key strings in HMAC. Prevents the use of PKCS1 keys, cited by this CVE as exposing a key-confusion attack.
Also add a test case for it, doing the obvious thing.

Closes #62

[zejn]

Looks good to me. The PyPy build failed because of PyCrypto failing to compile.

[mpdavis]

I'm happy with this change, but I want to see what is up with the failing build before merging.

[mpdavis]

@sirosen I noticed your builds are running on the newer trusty builders.

Can you try adding dist: precise to .travis.yml to see if that fixes the build issue?

[codecov-io]

Codecov Report

Merging #63 into master will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##           master      #63   +/-   ##
=======================================
  Coverage   94.53%   94.53%           
=======================================
  Files          12       12           
  Lines         841      841           
=======================================
  Hits          795      795           
  Misses         46       46

Impacted Files	Coverage Δ
jose/jwk.py	95.12% <ø> (ø)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update b54c12a...5bc7470. Read the comment docs.

[sirosen]

Yeah, I don't mind slipping that change in. Doing that now.

[mpdavis]

lgtm

[mpdavis]

Released in 1.4.0