More test cases for io.jsonwebtoken.SigningKeyResolverAdapter

java/ql/test/library-tests/dataflow/taintsources/JwsSigningKeyResolverAdapter.java

@@ -1,3 +1,5 @@
+import java.security.Key;
+
 import io.jsonwebtoken.Claims;
 import io.jsonwebtoken.JwsHeader;
 import io.jsonwebtoken.SigningKeyResolverAdapter;
@@ -7,10 +9,25 @@ public class JwsSigningKeyResolverAdapter extends SigningKeyResolverAdapter {
     }
 
     @Override
-    public byte[] resolveSigningKeyBytes(JwsHeader header, Claims claims) {
+    public Key resolveSigningKey(JwsHeader header, Claims claims) {
         final String keyId = header.getKeyId();
         String example = "example:" + keyId;
         sink(example); // $ hasRemoteTaintFlow
+        return null;
+    }
+
+    @Override
+    public byte[] resolveSigningKeyBytes(JwsHeader header, Claims claims) {
+        final String keyId = header.getKeyId();
+        String example = "example:" + keyId;
+
+        sink(example); // $ hasRemoteTaintFlow
+
+        final String algorithm = header.getAlgorithm();
+        sink("algo:" + algorithm); // $ hasRemoteTaintFlow
+
+        final String random = (String)header.get("random");
+        sink("random:" + random) ; // $ hasRemoteTaintFlow
 
         return new byte[0];
     }