diff options
author | juerg <juerg@google.com> | 2021-03-01 00:26:03 -0800 |
---|---|---|
committer | Copybara-Service <copybara-worker@google.com> | 2021-03-01 00:26:30 -0800 |
commit | 344c2c44468652a63ae1b4925ec705cbf3dc0e16 (patch) | |
tree | 9ac9eff14ba073432449697e9059dfbc1e6c6293 /java_src/src/main/java/com/google/crypto/tink/jwt/JwtFormat.java | |
parent | 925d976313ce4d72b8a620e23c5c9b36a53f3e06 (diff) | |
download | tink-344c2c44468652a63ae1b4925ec705cbf3dc0e16.tar.gz |
Use strict Json parsing in Tink Java JWT.
PiperOrigin-RevId: 360122543
Diffstat (limited to 'java_src/src/main/java/com/google/crypto/tink/jwt/JwtFormat.java')
-rw-r--r-- | java_src/src/main/java/com/google/crypto/tink/jwt/JwtFormat.java | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/java_src/src/main/java/com/google/crypto/tink/jwt/JwtFormat.java b/java_src/src/main/java/com/google/crypto/tink/jwt/JwtFormat.java index e30a67ec9..bda3ea038 100644 --- a/java_src/src/main/java/com/google/crypto/tink/jwt/JwtFormat.java +++ b/java_src/src/main/java/com/google/crypto/tink/jwt/JwtFormat.java @@ -19,7 +19,9 @@ import static java.nio.charset.StandardCharsets.UTF_8; import com.google.crypto.tink.subtle.Base64; import com.google.gson.JsonObject; import com.google.gson.JsonParseException; -import com.google.gson.JsonParser; +import com.google.gson.internal.Streams; +import com.google.gson.stream.JsonReader; +import java.io.StringReader; import java.security.InvalidAlgorithmParameterException; import java.util.Locale; @@ -96,8 +98,10 @@ final class JwtFormat { static JsonObject decodeHeader(String headerStr) throws JwtInvalidException { try { - return JsonParser.parseString(new String(Base64.urlSafeDecode(headerStr), UTF_8)) - .getAsJsonObject(); + String jsonHeader = new String(Base64.urlSafeDecode(headerStr), UTF_8); + JsonReader jsonReader = new JsonReader(new StringReader(jsonHeader)); + jsonReader.setLenient(false); + return Streams.parse(jsonReader).getAsJsonObject(); } catch (JsonParseException | IllegalArgumentException ex) { throw new JwtInvalidException("invalid JWT header: " + ex); } |