1. connect2id Avatar connect2id
  2. Crypto
  3. Nimbus-JOSE-JWT
  4. Issues

Consider adding xml-dsig algorithm support to JWSVerificationKeySelector class

Issue #463 invalid
Dre Leed created an issue

Although xml-dsig header “alg” values are not standard, they are frequently seen in jwts generated by .net. The mapping of standard algorithm values and their xml-dsig equivalents can be found here: https://datatracker.ietf.org/doc/html/rfc7518#appendix-A.1

At present, a JWT with an xml-dsig alg header value fails validation in JWSVerificationKeySelector.selectJWSKeys() because the value in the jwt header isn’t a known value in the jwsAlgs collection.

It would be fairly trivial to add an additional attribute to JWSAlgorithm values containing the xml-dsig equivalent, and to enhance the check at the beginning of selectJWSKeys() to include that attribute when checking for a match.

Comments (3)

  2. Dre Leed reporter

    Here’s a sample header:

    {
    "alg": "http://www.w3.org/2001/04/xmldsig-more#hmac-sha256",
    "typ": "JWT",
    "kid": "64e112fe-96ec-43e1-a512-5ff51953f60f",
    "ver": "LNAA-1.0"
    }

    There’s a more extensive discussion about how and why xml-dsig values are used here: https://giters.com/jwtk/jjwt/issues/676

    Here’s an example of the enum I have in my code to handle the issue:

    public enum JWSAlgorithmExt {
    /**
     * HMAC with SHA-256, requires 256+ bit secret. JWT algorithm name: "HS256"
     */
    HMAC_256("HS256","http://www.w3.org/2001/04/xmldsig-more#hmac-sha256"),

    /**
     * HMAC with SHA-384, requires 384+ bit secret. JWT algorithm name: "HS384"
     */
    HMAC_384("HS384","http://www.w3.org/2001/04/xmldsig-more#hmac-sha384"),

    /**
     * HMAC with SHA-512, requires 512+ bit secret. JWT algorithm name: "HS512"
     */
    HMAC_512("HS512","http://www.w3.org/2001/04/xmldsig-more#hmac-sha512"),

    /**
     * RSA PKCS#1 signature with SHA-256. JWT Algorithm name: "RS256"
     */
    RSA_PKCS1_256("RS256","http://www.w3.org/2001/04/xmldsig-more#hmac-rsa256"),

    /**
     * RSA PKCS#1 signature with SHA-384. JWT Algorithm name: "RS384"
     */
    RSA_PKCS1_384("RS384","http://www.w3.org/2001/04/xmldsig-more#hmac-rsa284"),

    /**
     * RSA PKCS#1 signature with SHA-512. JWT Algorithm Name: "RS512"
     */
    RSA_PKCS1_512("RS512","http://www.w3.org/2001/04/xmldsig-more#hmac-rsa512"),

    /**
     * RSA PSS signature with SHA-256.JWT Algorithm Name: "PS256"
     */
    RSA_PSS_256("PS256","http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1"),

    /**
     * RSA PSS signature with SHA-384. JWT Algorithm Name: "PS384"
     */
    RSA_PSS_384("PS384","http://www.w3.org/2007/05/xmldsig-more#sha384-rsa-MGF1"),

    /**
     * RSA PSS signature with SHA-512. JWT Algorithm Name: "PS512"
     */
    RSA_PSS_512("PS512","http://www.w3.org/2007/05/xmldsig-more#sha512-rsa-MGF1"),
    /**
     * EC P-256 DSA with SHA-256. JWT Algorithm Name: "ES256"
     */
    EC_P_256("ES256","http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256"),
    /**
     * EC P-384 DSA with SHA-384. JWT Algorithm Name: "ES384"
     */
    EC_P_384("ES384","http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384"),
    /**
     * EC P-521 DSA with SHA-512. JWT Algorithm Name: "ES512"
     */
    EC_P_512("ES512","http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512"),

  3. Yavor Vasilev

    These JWS algorithm names are not standard. Adding non-standard stuff to accommodate another library will create more bad precedent and is bad.

  4. Log in to comment
Assignee
Type
enhancement
Priority
minor
Status
invalid
Component
JWT
Milestone
Votes
0
Watchers
1
Jira: the preferred issue tracker for Bitbucket. Join the team!