- edited description
Base64 final quantum decoding bug
Issue #95
invalid
Reported by Kristina in
https://bitbucket.org/ksahlmann/nimbus-jose-jwt/issue/1/base64-and-base64codec-decode-methods
Method public final static byte[] decode(final String str) {}
This Implementation is not correct.
For example:
// Ensure the legal chars (including '=' padding) are dividable
// by 4 as specified in RFC 2045.
if ((sLen - sepCnt) % 4 != 0) {
// The string is corrupted
return new byte[0];
}
RFC 2045 says: "(1) the final quantum of encoding input is an integral multiple of 24 bits; here, the final unit of encoded output will be an integral multiple of 4 characters with no "=" padding,"
But also something else is wrong because the last "}" is not recognised in the PlainJWT header and just ignored and results by "java.text.ParseException: Invalid plain header: Invalid JSON: Unexpected End Of File position 24: null"
The plain JWT used for test is real, produced by identity server:
eyJhbGciOiJub25lIiwidHlwIjoiSldUIn0=
.eyJleHAiOjM3NzQ4NjQwNSwiYXpwIjoiRFAwMWd5M1Frd1ZHR2RJZWpJSmdMWEN0UlRnYSIsInN1
YiI6ImFkbWluQGNhcmJvbi5zdXBlciIsImF1ZCI6IkRQMDFneTNRa3dWR0dkSWVqSUpnTFhDdFJU
Z2EiLCJpc3MiOiJodHRwczpcL1wvbG9jYWxob3N0Ojk0NDNcL29hdXRoMmVuZHBvaW50c1wvdG9r
ZW4iLCJpYXQiOjM3Mzg4NjQwNX0=
.
Comments (3)
-
reporter
-
reporter
Added test using the example from Kristina, no exception thrown (see commit 445846a).
-
reporter
- changed status to invalid
See issue
#96. - Log in to comment
