x5t Parameter in JSON Web Keys (JWK)

Jason Fehr (Jira) Wed, 28 Feb 2024 15:13:40 -0800


     [ 
https://issues.apache.org/jira/browse/IMPALA-12559?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Jason Fehr updated IMPALA-12559:
--------------------------------
    Description: 
The ["x5u"|https://datatracker.ietf.org/doc/html/rfc7517#section-4.6], 
["x5c"|https://datatracker.ietf.org/doc/html/rfc7517#section-4.7], 
["x5t"|https://datatracker.ietf.org/doc/html/rfc7517#section-4.8], and 
["x5t#S256|https://datatracker.ietf.org/doc/html/rfc7517#section-4.9] 
parameters in JWKs is not supported by Impala.  Implement support for this 
parameter using the available methods in the [Thalhammer/jwt-cpp 
library|https://github.com/Thalhammer/jwt-cpp/blob/ce1f9df3a9f861d136d6f0c93a6f811c364d1d3d/example/jwks-verify.cpp].

Note:  If the "alg" property is specified and so is "x5u" or "x5c", then the 
value of the "alg" property must match the algorithm on the certificate from 
the "x5u" or "x5c" property.

  was:The ["x5c" 
parameter|https://datatracker.ietf.org/doc/html/rfc7517#section-4.7] in JWKs is 
not supported by Impala.  Implement support for this parameter using the 
available methods in the [Thalhammer/jwt-cpp 
library|https://github.com/Thalhammer/jwt-cpp/blob/ce1f9df3a9f861d136d6f0c93a6f811c364d1d3d/example/jwks-verify.cpp].


> Support x5u/x5c/x5t Parameter in JSON Web Keys (JWK)
> ----------------------------------------------------
>
>                 Key: IMPALA-12559
>                 URL: https://issues.apache.org/jira/browse/IMPALA-12559
>             Project: IMPALA
>          Issue Type: Bug
>          Components: be, Security
>            Reporter: Jason Fehr
>            Priority: Critical
>              Labels: JWT, jwt, security
>
> The ["x5u"|https://datatracker.ietf.org/doc/html/rfc7517#section-4.6], 
> ["x5c"|https://datatracker.ietf.org/doc/html/rfc7517#section-4.7], 
> ["x5t"|https://datatracker.ietf.org/doc/html/rfc7517#section-4.8], and 
> ["x5t#S256|https://datatracker.ietf.org/doc/html/rfc7517#section-4.9] 
> parameters in JWKs is not supported by Impala.  Implement support for this 
> parameter using the available methods in the [Thalhammer/jwt-cpp 
> library|https://github.com/Thalhammer/jwt-cpp/blob/ce1f9df3a9f861d136d6f0c93a6f811c364d1d3d/example/jwks-verify.cpp].
> Note:  If the "alg" property is specified and so is "x5u" or "x5c", then the 
> value of the "alg" property must match the algorithm on the certificate from 
> the "x5u" or "x5c" property.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Updated] (IMPALA-12559) Support x5u/x5c/x5t Parameter in JSON Web Keys (JWK)

Reply via email to