Re: [OAUTH-WG] JWS encoding Appendix A

Antonio Sanso <asanso@adobe.com> Wed, 05 June 2013 13:43 UTC

Return-Path: <asanso@adobe.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4B63B21F9B20 for <oauth@ietfa.amsl.com>; Wed, 5 Jun 2013 06:43:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.595
X-Spam-Level:
X-Spam-Status: No, score=-4.595 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4, TRACKER_ID=2.003]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QPEmSJsmP3NX for <oauth@ietfa.amsl.com>; Wed, 5 Jun 2013 06:43:46 -0700 (PDT)
Received: from exprod6og127.obsmtp.com (exprod6og127.obsmtp.com [64.18.1.78]) by ietfa.amsl.com (Postfix) with ESMTP id 01B9B21F9AFB for <oauth@ietf.org>; Wed, 5 Jun 2013 06:43:37 -0700 (PDT)
Received: from outbound-smtp-2.corp.adobe.com ([193.104.215.16]) by exprod6ob127.postini.com ([64.18.5.12]) with SMTP ID DSNKUa9AiUtqgignjiKKfzMJkiRANfUZI6TE@postini.com; Wed, 05 Jun 2013 06:43:41 PDT
Received: from inner-relay-1.corp.adobe.com (inner-relay-1.sea.adobe.com [153.32.1.51]) by outbound-smtp-2.corp.adobe.com (8.12.10/8.12.10) with ESMTP id r55DhZAI018581; Wed, 5 Jun 2013 06:43:36 -0700 (PDT)
Received: from nahub02.corp.adobe.com (nahub02.corp.adobe.com [10.8.189.98]) by inner-relay-1.corp.adobe.com (8.12.10/8.12.10) with ESMTP id r55DhZ6A001430; Wed, 5 Jun 2013 06:43:35 -0700 (PDT)
Received: from eurhub01.eur.adobe.com (10.128.4.30) by nahub02.corp.adobe.com (10.8.189.98) with Microsoft SMTP Server (TLS) id 8.3.298.1; Wed, 5 Jun 2013 06:43:34 -0700
Received: from eurmbx01.eur.adobe.com ([10.128.4.32]) by eurhub01.eur.adobe.com ([10.128.4.30]) with mapi; Wed, 5 Jun 2013 14:43:33 +0100
From: Antonio Sanso <asanso@adobe.com>
To: "<Axel.Nennker@telekom.de>" <Axel.Nennker@telekom.de>
Date: Wed, 5 Jun 2013 14:43:30 +0100
Thread-Topic: JWS encoding Appendix A
Thread-Index: Ac5h8qtXso+i3/DDQSusnIhbMfE1oA==
Message-ID: <A9830F30-A62A-45E3-B6CB-BC8033A42A95@adobe.com>
References: <2481701B-912B-4B5B-821C-D86721A4C4C6@adobe.com> <CE8995AB5D178F44A2154F5C9A97CAF40255A5BB872A@HE111541.emea1.cds.t-internal.com>
In-Reply-To: <CE8995AB5D178F44A2154F5C9A97CAF40255A5BB872A@HE111541.emea1.cds.t-internal.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: multipart/alternative; boundary="_000_A9830F30A62A45E3B6CBBC8033A42A95adobecom_"
MIME-Version: 1.0
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] JWS encoding Appendix A
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Jun 2013 13:43:52 -0000

Thanks a lot Axel!!

Regards

Antonio

On Jun 5, 2013, at 3:37 PM, <Axel.Nennker@telekom.de<mailto:Axel.Nennker@telekom.de>> wrote:

Antonio,
Please have a look at this
https://code.google.com/p/jsoncrypto/source/browse/trunk/testsrc/org/jsoncrypto/JcBaseTest.java#104

The \r\n is the important.

Please make sure you have this byte representation of the payload.
The following octet sequence contains the UTF-8 representation of the
   JWS Header:

   [123, 34, 116, 121, 112, 34, 58, 34, 74, 87, 84, 34, 44, 13, 10, 32,
   34, 97, 108, 103, 34, 58, 34, 72, 83, 50, 53, 54, 34, 125]


Best regards
Axel

From: oauth-bounces@ietf.org<mailto:oauth-bounces@ietf.org> [mailto:oauth-bounces@ietf.org] On Behalf Of Antonio Sanso
Sent: Wednesday, June 05, 2013 3:27 PM
To: oauth@ietf.org<mailto:oauth@ietf.org> WG
Subject: [OAUTH-WG] JWS encoding Appendix A

Hi *,

while testing my encoding routine against JWS I spot a difference between my encoding and the one in the spec.

More specifically I am referring to Appendix A.1.1 [0] of the JWS spec.
Now it could easily be that the library I wrote is wrong but it works fine with the encoding in the JWT spec for example.
If somebody would like to give a look just for the record the encoding for the header in the spec looks like \


eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIUzI1NiJ9

while for me would look like

eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9

Same for the payload, spec

eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ

my library

eyJpc3MiOiJqb2UiLCJleHAiOjEzMDA4MTkzODAsImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ

Now the difference is probably given from the fact I did not take care in consideration carriage return in my input.
I am on a huge JSON expert but what is the correct way to handle it?

Regards

Antonio



[0] http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-11#appendix-A.1