Roberto Viani Junior created CXF-8651:
-----------------------------------------
Summary: JOSE: JwsCompactConsumer not parsing headers properly if
the claims contains \n
Key: CXF-8651
URL: https://issues.apache.org/jira/browse/CXF-8651
Project: CXF
Issue Type: Bug
Components: JAX-RS Security
Affects Versions: 3.4.4, 3.5.0
Reporter: Roberto Viani Junior
The JWS is generate with an invalid payload if I try to set a claim like this:
JwtClaims claims = new JwtClaims();
String claim = "GET\n\n\nWed, 19 Jan 2022 15:25:29
GMT\n/test/16c8a1ec-8d75-47a1-b138-46746713b8d8";
claims.setClaim("test", claim);
JwsCompactProducer jwsProducer = new JwsJwtCompactProducer(claims);
The JWS payload result will be:
eyJ0ZXN0IjoiR0VUCgoKV2VkLCAxOSBKYW4gMjAyMiAxNToyNToyOSBHTVQKL3Rlc3QvMTZjOGExZWMtOGQ3NS00N2ExLWIxMzgtNDY3NDY3MTNiOGQ4In0
And when I decode the result is:
"\{\"test\":\"GET\n\n\nWed, 19 Jan 2022 15:25:29
GMT\n/test/16c8a1ec-8d75-47a1-b138-46746713b8d8\"}"
This is an invalid payload because the json is stringify.. the json should be:
{
"test" : "GET\n\n\nWed, 19 Jan 2022 15:25:29
GMT\n/test/16c8a1ec-8d75-47a1-b138-46746713b8d8"
}
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
