Skip to content

Review UVFMetadata compliance. #216

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 4 commits into
base: main
Choose a base branch
from
Draft

Review UVFMetadata compliance. #216

wants to merge 4 commits into from
+58 −11

Conversation

@chenkins
Copy link
Contributor

@chenkins chenkins commented Oct 31, 2025

Resolves #209

chenkins
chenkins commented Oct 31, 2025
View reviewed changes
@chenkins chenkins force-pushed the 209-uvf-compliance branch 2 times, most recently from 3cea6e3 to c981056 Compare November 4, 2025 08:58
chenkins
chenkins commented Nov 4, 2025
View reviewed changes
hub/src/test/java/cloud/katta/crypto/uvf/UvfMetadataPayloadTest.java

@Test
void decryptWithRecoveryKey() throws ParseException, JOSEException, NoSuchAlgorithmException, InvalidKeySpecException, NotECKeyException, JsonProcessingException {
@Disabled("TODO uvf.spec.version missing in protected.")
Copy link
Contributor Author

@chenkins chenkins Nov 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Resolve.

Copy link
Contributor Author

@chenkins chenkins Nov 6, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See https://github.com/cryptomator/hub/pull/274/files#r2500440826

@dkocher dkocher added this to the 1.0.0 milestone Nov 4, 2025
chenkins
chenkins commented Nov 6, 2025
View reviewed changes
hub/src/main/java/cloud/katta/crypto/uvf/UvfMetadataPayload.java
Comment on lines +329 to +332
final Object uvfSpecVersion = jweObject.getHeader().getCustomParams().get(UVF_SPEC_VERSION_KEY_PARAM);
if(!"1".equals(uvfSpecVersion)) {
throw new SecurityFailure(String.format("Unexpected value for critical header %s: found %s, expected \"1\"", UVF_SPEC_VERSION_KEY_PARAM, uvfSpecVersion));
}
Copy link
Contributor Author

@chenkins chenkins Nov 6, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@overheadhunter do we need/want to verify the spec version? Same then web.

https://datatracker.ietf.org/doc/html/rfc7515#section-4.1.11

Recipients MAY consider the JWS to be invalid if the critical
list contains any Header Parameter names defined by this
specification or [JWA] for use with JWS or if any other constraints on its use are violated.

Copy link

@overheadhunter overheadhunter Nov 6, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, needs to be checked. Also it needs to be an integer, not a String!

@chenkins chenkins mentioned this pull request Nov 6, 2025
Draft
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ylangisc ylangisc Awaiting requested review from ylangisc

@overheadhunter overheadhunter Awaiting requested review from overheadhunter

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

1.0.0

Development

Successfully merging this pull request may close these issues.

Review UVFMetadata compliance.

4 participants

@chenkins @overheadhunter @dkocher