JWE with no "cty" where content accidentally looks like JSON cannot be decrypted with parseEncryptedContent

**Describe the bug**

If I have a content JWE, and it has no "cty", and the payload content happens to be parseable as JSON, then parseEncryptedContent fails with `io.jsonwebtoken.UnsupportedJwtException: Unexpected Claims JWE.`

**To Reproduce**

        Password password = Keys.password("password".toCharArray());
        String jwe = Jwts.builder()
            .content(new byte[] { 0x7B, 0x7D })
            .encryptWith(password, Jwts.KEY.PBES2_HS512_A256KW, Jwts.ENC.A256GCM)
            .compact();
        byte[] payload =  Jwts.parser()
            .decryptWith(password)
            .build()
            .parseEncryptedContent(jwe)
            .getPayload();

This code throws `io.jsonwebtoken.UnsupportedJwtException: Unexpected Claims JWE.`

**Expected behavior**

I expect to get the content, which happens to be the two bytes corresponding to the characters '{' and '}'.


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

JWE with no "cty" where content accidentally looks like JSON cannot be decrypted with parseEncryptedContent #1035

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

JWE with no "cty" where content accidentally looks like JSON cannot be decrypted with parseEncryptedContent #1035

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions