[
https://issues.apache.org/jira/browse/CXF-8185?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17000761#comment-17000761
]
Frederik Libert commented on CXF-8185:
--------------------------------------
Ok, I'll try to do that.
The reason that I fixed CXF-8177 and CXF-8178 in the same branch is that the
fix for the latter is done in a class that I externalized during my fixes for
the first.
I replayed my fixes on my branch and split them up into 2 commits (one for each
issue) to make it easier to verify the changes. I also removed some whitespace
changes that my IDE made.
Thanks for your time!
> Generated Ephemeral Public Key missing in JWE Headers when Json Serialization
> is used
> -------------------------------------------------------------------------------------
>
> Key: CXF-8185
> URL: https://issues.apache.org/jira/browse/CXF-8185
> Project: CXF
> Issue Type: Bug
> Components: JAX-RS Security
> Affects Versions: 3.3.4
> Reporter: Frederik Libert
> Priority: Blocker
>
> When using Key Agreement with Elliptic Curve Diffie-Hellman Ephemeral Static
> (ECDH-ES), the
> JWA Specification says that an Ephemeral Public Key MUST be set as "epk"
> Header Parameter (
> https://tools.ietf.org/html/rfc7518#page-16).
> The key is generated during the encryption process.
> However, it is only added to the jwe output when using compact serialization.
> When using Json serialization, the header gets lost somewhere along the way.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
