Uploaded image for project: 'CXF'
  1. CXF
  2. CXF-8402

JwkUtils::fromECPublicKey returns key coordinates without leading zero

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 3.4.3
    • Component/s: None
    • Labels:
      None
    • Estimated Complexity:
      Unknown

      Description

      Hi!

      JwkUtils::fromECPublicKey returns key coordinates without leading zeroes because it's using BigInteger.toByteArray(), which returns only necessary bytes to encode a big integer value, here: https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java#L378

      This causes issues in different libraries, almost everywhere leading zeroes are expected to be present so that coordinate length is not changed depending on data.

        Attachments

        1. cert.pem
          0.5 kB
          Dimitri Witkowski
        2. generate.sh
          0.3 kB
          Dimitri Witkowski
        3. image-2021-01-07-09-35-19-811.png
          54 kB
          Dimitri Witkowski
        4. Main.java
          0.8 kB
          Dimitri Witkowski

          Activity

            People

            • Assignee:
              coheigea Colm O hEigeartaigh
              Reporter:
              antelle Dimitri Witkowski

              Dates

              • Created:
                Updated:
                Resolved:

                Issue deployment