No SignatureException when token ends with non base64 alphabet

[celloni]

Hey all

I work with Version: 0.10.7

I don't understand a behaviour of the lib. So I have the following:

Code to parse a token:

            Jwts.parser()
                    .setSigningKey(jwtSecretKey.toByteArray())
                    .parseClaimsJws(token)
                    .body

JWT Token ends for example with a non base64 alphabet sign } for example like:

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c{

Like this the JWT signature of the Token is not encoded correctly so I would expect an SignatureException but the lib extracts the token correctly, so what happens here with the trailing}?

[lhazlewood]

Your test does not actually change the signature, which in cryptographic contexts, is always a byte array. Instead, your test is changing a text encoding of the byte array. They are different things.

JJWT uses a very fast Base64(Url) decoder that ignores invalid characters in the string prefix and suffix to still result in the original signature byte array. Because again, for cryptography, it's not the text encoding we care about - it's always the byte arrays (claims byte array, signature byte array) we care about. If anything in either of these underlying byte arrays is changed, then yes, the cryptographic assertions should (and will) definitely fail.

You have to remember why signatures exist. From our documentation, signing JWTs:

1. guarantees it was created by someone we know (it is authentic) as well as
2. guarantees that no-one has manipulated or changed it after it was created (its integrity is maintained).

Just prepending or appending invalid text to try to 'trick' the algorithm doesn't change the integrity of the claims or signature byte arrays, nor the authenticity of the claims byte array, because those byte arrays are still obtained intact.

Additionally, occasionally, changing some of the characters in the middle of the string may not change the underlying byte arrays either, because of the way Base64 works. Please see #518 and its referenced issues and links for more information on why.

So, in summary, what really matters in cryptographic contexts is not if you mess around with the strings and text encoding, but if you change the underlying byte arrays, then the checks will fail.