Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
None
-
None
-
Unknown
Description
There's a bug I spotted in the elliptic curve encryption code in JOSE - I'm not sure off hand what the correct behaviour is:
EcdhDirectKeyJweEncryption.EcdhHelper takes a "String ctAlgo" as a parameter that is later used as:
ContentAlgorithm jwtAlgo = ContentAlgorithm.valueOf(ctAlgo);
However, EcdhAesWrapKeyEncryptionAlgorithm which constructs EcdhHelper, passes through the key algorithm, not the content algorithm - keyAlgo.getJwaName() leading to an error.