[jira] [Updated] (CXF-8402) JwkUtils::fromECPublicKey returns key coordinates without leading zero

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[jira] [Updated] (CXF-8402) JwkUtils::fromECPublicKey returns key coordinates without leading zero

Colm O hEigeartaigh (Jira)

     [ https://issues.apache.org/jira/browse/CXF-8402?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Colm O hEigeartaigh updated CXF-8402:
-------------------------------------
    Fix Version/s: 3.4.3

> JwkUtils::fromECPublicKey returns key coordinates without leading zero
> ----------------------------------------------------------------------
>
>                 Key: CXF-8402
>                 URL: https://issues.apache.org/jira/browse/CXF-8402
>             Project: CXF
>          Issue Type: Bug
>            Reporter: Dimitri Witkowski
>            Assignee: Colm O hEigeartaigh
>            Priority: Major
>             Fix For: 3.4.3
>
>         Attachments: Main.java, cert.pem, generate.sh, image-2021-01-07-09-35-19-811.png
>
>
> Hi!
> {{JwkUtils::fromECPublicKey}} returns key coordinates without leading zeroes because it's using {{BigInteger.toByteArray()}}, which returns only necessary bytes to encode a big integer value, here: [https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java#L378]
> This causes issues in different libraries, almost everywhere leading zeroes are expected to be present so that coordinate length is not changed depending on data.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)