- changed status to open
Incorrect reliance on default encoding
Issue #249
resolved
"getBytes()" should probably be replaced by "getBytes(Charset.forName("UTF-8"))" I found 4 occurences:
com.nimbusds.jose.crypto.AESCBC#encryptWithConcatKDF
byte[] mac = HMAC.compute(cik, macInput.getBytes(), macProvider);
com.nimbusds.jose.crypto.AESCBC#decryptWithConcatKDF
byte[] mac = HMAC.compute(cik, macInput.getBytes(), macProvider);
com.nimbusds.jose.crypto.LegacyConcatKDF#generateCEK
byte[] encBytes = enc.toString().getBytes();
com.nimbusds.jose.crypto.LegacyConcatKDF#generateCIK
byte[] encBytes = enc.toString().getBytes();
Comments (4)
-
-
Thanks for spotting this! Fixed in 494aaea.
-
Fix is now on Maven central: http://search.maven.org/#artifactdetails|com.nimbusds|nimbus-jose-jwt|5.3|jar
-
- changed status to resolved
Closing the issue as resolved.
- Log in to comment