- changed status to resolved
Consider creating a policy to catch unchecked exceptions produced by JOSE crypto providers
Issue #20
resolved
I just discovered that BouncyCastle may actually throw an unchecked exception on attempting to decrypt an AESGCM JWE with an invalid / missing authentication tag.
Testcase: testWithA128GCM took 6.713 sec
Caused an ERROR
null
java.lang.NegativeArraySizeException
at org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher.engineDoFinal(Unknown Source)
at javax.crypto.Cipher.doFinal(Cipher.java:1813)
at com.nimbusds.jose.crypto.RSADecrypter.decrypt(Unknown Source)
at com.nimbusds.jose.JWEObject.decrypt(Unknown Source)
at com.nimbusds.jose.crypto.RSA1_5Test.testWithA128GCM(Unknown Source)
Comments (1)
-
reporter - Log in to comment
Addressed in commit 47c3967.