diff options
author | juerg <juerg@google.com> | 2021-08-31 01:58:23 -0700 |
---|---|---|
committer | Copybara-Service <copybara-worker@google.com> | 2021-08-31 01:59:05 -0700 |
commit | 62c473f487c8cb80688ef9fa669b1e53027f2bac (patch) | |
tree | 21e2cf08d664582cb60ecb93d872b6b0f323b0d7 /java_src/src/main/java/com/google/crypto/tink/jwt/JwtMacInternal.java | |
parent | 2fd2d6f4d4f48431b4ac8f409de4117f0a68ceb2 (diff) | |
download | tink-62c473f487c8cb80688ef9fa669b1e53027f2bac.tar.gz |
Add validation of inconsistent kid header to JwtMac in Java.
- If "kid" in the key and the token do not match, then the token is rejected.
- For output prefix type TINK, we require that the kid is always set.
PiperOrigin-RevId: 393946913
Diffstat (limited to 'java_src/src/main/java/com/google/crypto/tink/jwt/JwtMacInternal.java')
-rw-r--r-- | java_src/src/main/java/com/google/crypto/tink/jwt/JwtMacInternal.java | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/java_src/src/main/java/com/google/crypto/tink/jwt/JwtMacInternal.java b/java_src/src/main/java/com/google/crypto/tink/jwt/JwtMacInternal.java index 731177708..ed522093e 100644 --- a/java_src/src/main/java/com/google/crypto/tink/jwt/JwtMacInternal.java +++ b/java_src/src/main/java/com/google/crypto/tink/jwt/JwtMacInternal.java @@ -29,6 +29,6 @@ interface JwtMacInternal { throws GeneralSecurityException; /** Decodes and verifies a JWT in the JWS compact serialization format. */ - VerifiedJwt verifyMacAndDecode(String compact, JwtValidator validator) - throws GeneralSecurityException; + VerifiedJwt verifyMacAndDecodeWithKid( + String compact, JwtValidator validator, Optional<String> kid) throws GeneralSecurityException; } |