From 9f5fcc7f65586cc7bc63d123eb461ae66f2ae6b7 Mon Sep 17 00:00:00 2001 From: Maria Furman Date: Mon, 16 Dec 2019 10:35:45 -0800 Subject: [PATCH] Fixed the JWT segment counting bug in the JsonWebToken constructor (#1299) --- .../JsonWebToken.cs | 25 ++--- .../LogMessages.cs | 1 + .../JsonWebTokenTests.cs | 93 +++++++++++++++++++ .../References.cs | 8 ++ 4 files changed, 111 insertions(+), 16 deletions(-) diff --git a/src/Microsoft.IdentityModel.JsonWebTokens/JsonWebToken.cs b/src/Microsoft.IdentityModel.JsonWebTokens/JsonWebToken.cs index 8882f332bd..7e8ed9b7da 100644 --- a/src/Microsoft.IdentityModel.JsonWebTokens/JsonWebToken.cs +++ b/src/Microsoft.IdentityModel.JsonWebTokens/JsonWebToken.cs @@ -56,21 +56,11 @@ public JsonWebToken(string jwtEncodedString) if (string.IsNullOrEmpty(jwtEncodedString)) throw new ArgumentNullException(nameof(jwtEncodedString)); - int count = 1; - int next = -1; - while ((next = jwtEncodedString.IndexOf('.', next + 1)) != -1) - { - count++; - if (count >= JwtConstants.JwsSegmentCount) - break; - } - - // JWS or JWE - if (count == JwtConstants.JwsSegmentCount || count == JwtConstants.JweSegmentCount) - { - var tokenParts = jwtEncodedString.Split('.'); + // Max number of segments is set to JwtConstants.MaxJwtSegmentCount + 1 so that we know if there were more than 5 segments present. + // In the case where JwtEncodedString has greater than 5 segments, the length of tokenParts will always be 6. + var tokenParts = jwtEncodedString.Split(new char[] { '.' }, JwtConstants.MaxJwtSegmentCount + 1); + if (tokenParts.Length == JwtConstants.JwsSegmentCount || tokenParts.Length == JwtConstants.JweSegmentCount) Decode(tokenParts, jwtEncodedString); - } else throw LogHelper.LogExceptionMessage(new ArgumentException(LogHelper.FormatInvariant(LogMessages.IDX14100, jwtEncodedString))); } @@ -421,13 +411,16 @@ private void AddDefaultClaimFromJToken(List claims, string claimType, JTo /// Decodes the payload and signature from the JWE parts. /// /// Parts of the JWE including the header. - /// Assumes Header has already been set. + /// + /// Assumes Header has already been set. + /// According to the JWE documentation (https://tools.ietf.org/html/rfc7516#section-2), it is possible for the EncryptedKey, InitializationVector, and AuthenticationTag to be empty strings. + /// private void DecodeJwe(string[] tokenParts) { EncodedHeader = tokenParts[0]; EncryptedKey = tokenParts[1]; InitializationVector = tokenParts[2]; - Ciphertext = tokenParts[3]; + Ciphertext = !string.IsNullOrWhiteSpace(tokenParts[3]) ? tokenParts[3] : throw LogHelper.LogExceptionMessage(new ArgumentException(LogMessages.IDX14306)); AuthenticationTag = tokenParts[4]; } diff --git a/src/Microsoft.IdentityModel.JsonWebTokens/LogMessages.cs b/src/Microsoft.IdentityModel.JsonWebTokens/LogMessages.cs index b09da7c95b..9798e2e854 100644 --- a/src/Microsoft.IdentityModel.JsonWebTokens/LogMessages.cs +++ b/src/Microsoft.IdentityModel.JsonWebTokens/LogMessages.cs @@ -66,6 +66,7 @@ internal static class LogMessages internal const string IDX14303 = "IDX14303: Claim with name '{0}' does not exist in the header."; internal const string IDX14304 = "IDX14304: Claim with name '{0}' does not exist in the payload."; internal const string IDX14305 = "IDX14305: Unable to convert the '{0}' claim to the following type: '{1}'. Claim type was: '{2}'."; + internal const string IDX14306 = "IDX14306: JWE Ciphertext cannot be an empty string."; #pragma warning restore 1591 } } diff --git a/test/Microsoft.IdentityModel.JsonWebTokens.Tests/JsonWebTokenTests.cs b/test/Microsoft.IdentityModel.JsonWebTokens.Tests/JsonWebTokenTests.cs index dcb34aa498..cea2db1f46 100644 --- a/test/Microsoft.IdentityModel.JsonWebTokens.Tests/JsonWebTokenTests.cs +++ b/test/Microsoft.IdentityModel.JsonWebTokens.Tests/JsonWebTokenTests.cs @@ -29,6 +29,7 @@ using System.Collections.Generic; using System.Globalization; using System.IdentityModel.Tokens.Jwt; +using System.IdentityModel.Tokens.Jwt.Tests; using System.Linq; using System.Security.Claims; using Microsoft.IdentityModel.Logging; @@ -512,6 +513,98 @@ public static TheoryData ParseTimeValuesTheoryData } } + // Test ensures that we only try to populate a JsonWebToken from a string if it is a properly formatted JWT. More specifically, we only want to try and decode + // a JWT token if it has the correct number of (JWE or JWS) token parts. + [Theory, MemberData(nameof(ParseTokenTheoryData))] + public void ParseToken(JwtTheoryData theoryData) + { + var context = TestUtilities.WriteHeader($"{this}.ParseToken", theoryData); + try + { + var tokenFromEncodedString = new JsonWebToken(theoryData.Token); + theoryData.ExpectedException.ProcessNoException(context); + } + catch (Exception ex) + { + theoryData.ExpectedException.ProcessException(ex, context); + } + + TestUtilities.AssertFailIfErrors(context); + } + + public static TheoryData ParseTokenTheoryData + { + get + { + var theoryData = new TheoryData(); + + JwtTestData.InvalidNumberOfSegmentsData("IDX14100:", theoryData); + JwtTestData.ValidEncodedSegmentsData(theoryData); + + theoryData.Add(new JwtTheoryData + { + TestId = nameof(EncodedJwts.InvalidHeader), + Token = EncodedJwts.InvalidHeader, + ExpectedException = ExpectedException.ArgumentException(substringExpected: "IDX14102:", inner: typeof(JsonReaderException)) + }); + + theoryData.Add(new JwtTheoryData + { + TestId = nameof(EncodedJwts.InvalidPayload), + Token = EncodedJwts.InvalidPayload, + ExpectedException = ExpectedException.ArgumentException(substringExpected: "IDX14101:", inner: typeof(JsonReaderException)) + }); + + theoryData.Add(new JwtTheoryData + { + TestId = nameof(EncodedJwts.JWSEmptyHeader), + Token = EncodedJwts.JWSEmptyHeader, + ExpectedException = ExpectedException.ArgumentException(substringExpected: "IDX14102:", inner: typeof(JsonReaderException)) + }); + + theoryData.Add(new JwtTheoryData + { + TestId = nameof(EncodedJwts.JWSEmptyPayload), + Token = EncodedJwts.JWSEmptyPayload, + ExpectedException = ExpectedException.ArgumentException(substringExpected: "IDX14101:", inner: typeof(JsonReaderException)) + }); + + theoryData.Add(new JwtTheoryData + { + TestId = nameof(EncodedJwts.JWEEmptyHeader), + Token = EncodedJwts.JWEEmptyHeader, + ExpectedException = ExpectedException.ArgumentException(substringExpected: "IDX14102:", inner: typeof(JsonReaderException)) + }); + + theoryData.Add(new JwtTheoryData + { + TestId = nameof(EncodedJwts.JWEEmptyEncryptedKey), + Token = EncodedJwts.JWEEmptyEncryptedKey, + }); + + theoryData.Add(new JwtTheoryData + { + TestId = nameof(EncodedJwts.JWEEmptyIV), + Token = EncodedJwts.JWEEmptyIV, + }); + + theoryData.Add(new JwtTheoryData + { + TestId = nameof(EncodedJwts.JWEEmptyCiphertext), + Token = EncodedJwts.JWEEmptyCiphertext, + ExpectedException = ExpectedException.ArgumentException(substringExpected: "IDX14306:") + }); + + theoryData.Add(new JwtTheoryData + { + TestId = nameof(EncodedJwts.JWEEmptyAuthenticationTag), + Token = EncodedJwts.JWEEmptyAuthenticationTag, + }); + + return theoryData; + } + } + [Fact] public void DateTimeISO8061Claim() { diff --git a/test/System.IdentityModel.Tokens.Jwt.Tests/References.cs b/test/System.IdentityModel.Tokens.Jwt.Tests/References.cs index fe2a1da759..03dc22ee1f 100644 --- a/test/System.IdentityModel.Tokens.Jwt.Tests/References.cs +++ b/test/System.IdentityModel.Tokens.Jwt.Tests/References.cs @@ -474,6 +474,7 @@ public static class EncodedJwts public static string Asymmetric_1024 = @"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJodHRwOi8vR290Snd0LmNvbSIsImF1ZCI6Imh0dHA6Ly9Db250b3NvLmNvbSIsImh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL2NvdW50cnkiOiJVU0EiLCJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9lbWFpbGFkZHJlc3MiOiJ1c2VyQGNvbnRvc28uY29tIiwiaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNS8wNS9pZGVudGl0eS9jbGFpbXMvZ2l2ZW5uYW1lIjoiVG9ueSIsImh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL2hvbWVwaG9uZSI6IjU1NS4xMjEyIiwiaHR0cDovL3NjaGVtYXMubWljcm9zb2Z0LmNvbS93cy8yMDA4LzA2L2lkZW50aXR5L2NsYWltcy9yb2xlIjoiU2FsZXMiLCJzdWIiOiJib2IifQ.WlNiBiAqmS4G-Em5O-uYiWLK5CJO8B-6Hvqjv_DXpoxldGiMWzivuyJocXPIIDVbcLxovmTc5j0KKgA9foOFBSkEEasqESA0VTYE30T1kkrGOaElola5DZagzax2zDipjxhbtBdMsvgF2t6GQJKyF0oFt828_yRGUsUnaXxg_MY"; public static string Asymmetric_2048 = @"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJodHRwOi8vR290Snd0LmNvbSIsImF1ZCI6Imh0dHA6Ly9Db250b3NvLmNvbSIsImh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL2NvdW50cnkiOiJVU0EiLCJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9lbWFpbGFkZHJlc3MiOiJ1c2VyQGNvbnRvc28uY29tIiwiaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNS8wNS9pZGVudGl0eS9jbGFpbXMvZ2l2ZW5uYW1lIjoiVG9ueSIsImh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL2hvbWVwaG9uZSI6IjU1NS4xMjEyIiwiaHR0cDovL3NjaGVtYXMubWljcm9zb2Z0LmNvbS93cy8yMDA4LzA2L2lkZW50aXR5L2NsYWltcy9yb2xlIjoiU2FsZXMiLCJzdWIiOiJib2IifQ.XYeDHk0XRs1ybrk2AMWu3ZwNC6gPUYqxacJtUDSfQCGouRFdmkYtZcgvWAhH8iFv3DmPgfX0lI9WCtjN2JOZqOx5w90r9UKCh_9e_vUKZyjLkyUEv3iBl2HTpxfcj3ns5MmZI50N8O2cYq1d6-CRK_oi8oKhLWKfrD8LoMpCtV8zjraEB1GUfJvMrxPTIzHSF-V_nmu5aPIoHVyxAcc1jShkYdnS5Dz8nVqLBleCAQ2Tv-8N9Q8l1362b088y15auc-hBb76KmMU2aCutyJDRz0NqsCkFz-cV-vnIj-hzl562DzSUP48nEMTwEIO_bRKex1R5beZ36ZrKLP1GQxc8Q"; public static string Symmetric_256 = @"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwOi8vR290Snd0LmNvbSIsImF1ZCI6Imh0dHA6Ly9Db250b3NvLmNvbSIsImh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL2NvdW50cnkiOiJVU0EiLCJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9lbWFpbGFkZHJlc3MiOiJ1c2VyQGNvbnRvc28uY29tIiwiaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNS8wNS9pZGVudGl0eS9jbGFpbXMvZ2l2ZW5uYW1lIjoiVG9ueSIsImh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL2hvbWVwaG9uZSI6IjU1NS4xMjEyIiwiaHR0cDovL3NjaGVtYXMubWljcm9zb2Z0LmNvbS93cy8yMDA4LzA2L2lkZW50aXR5L2NsYWltcy9yb2xlIjoiU2FsZXMiLCJzdWIiOiJib2IifQ._IFPA82MzKeV4IrsgZX8mkAEfzWT8-zEE4b5R2nzih4"; + public static string InvalidHeader = @"eyJcdWQiOiJodHRwOi8vbG9jYWxob3N0L1JQIiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdC9TdHMiLCJuYm.eyJpc3MiOiJodHRwOi8vR290Snd0LmNvbSIsImF1ZCI6Imh0dHA6Ly9Db250b3NvLmNvbSIsImh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL2NvdW50cnkiOiJVU0EiLCJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9lbWFpbGFkZHJlc3MiOiJ1c2VyQGNvbnRvc28uY29tIiwiaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNS8wNS9pZGVudGl0eS9jbGFpbXMvZ2l2ZW5uYW1lIjoiVG9ueSIsImh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL2hvbWVwaG9uZSI6IjU1NS4xMjEyIiwiaHR0cDovL3NjaGVtYXMubWljcm9zb2Z0LmNvbS93cy8yMDA4LzA2L2lkZW50aXR5L2NsYWltcy9yb2xlIjoiU2FsZXMiLCJzdWIiOiJib2IifQ.QW0Wfw-R5n3BHXE0vG-0giRFeB6W9oFrWJyFTaLI0qICDYx3yZ2eLXJ3zNFLVf3OG-MqytN5tqUdNfK1mRzeubqvdODHLFX36e1o3X8DR_YumyyQvgSeTJ0wwqT8PowbE3nbKfiX4TtJ4jffBelGKnL6vdx3AU2cwvLfSVp8ppA"; public static string InvalidPayload = @"eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsIng1dCI6InZ4VThJR1pYdEFtemg0NzdDT05CR2dYRTlfYyJ9.eyJcdWQiOiJodHRwOi8vbG9jYWxob3N0L1JQIiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdC9TdHMiLCJuYmYiOjEzNjcyODA0MDUsImV4cCI6MTM2NzMwOTIwNSwiaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNS8wNS9pZGVudGl0eS9jbGFpbXMvZ2l2ZW5uYW1lIjoiYWFsIn0.Pro66IUD94jvZNnG_l96Hph78L_LYSx6eobO6QfWF3y038ebLZorhKYgAj1LtsNVAbq7E_I5tnoI1Y4YUV5_wMGtMqT_XTB4N8vktDzf0Y32MhopsDrveofJAAFAUP1npYZtFF89RAWzy1GaXqXw05SbUcyMPWTSvmPk_frzJRTc-utAaBAp-zKqS1KXGB_s99x7lDxy3ZFMDFtFHQlOJiXeClXYCVkB-ZmvrSFSAIasFK4eIG9pOcMY43_wS7ybNjF7WncY6PEi6JmUoh2AwA-SCdY-Bhs80Tf4GMB2HsmuMkSVgoptt6Fgf-q8LhWG0W80g66JRgdhMj85BZ6bxg"; public static string LiveJwt = @"eyJhbGciOiJIUzI1NiIsImtpZCI6IjAiLCJ0eXAiOiJKV1QifQ.eyJ2ZXIiOjEsImlzcyI6InVybjp3aW5kb3dzOmxpdmVpZCIsImV4cCI6MTM2ODY0ODg2MywidWlkIjoiMzgwZTE3YzMxNGU2ZmMyODA0NzA3MjI5NTc3MjEwZmIiLCJhdWQiOiJ3d3cuc3JpLWRldjEwMC5jb20iLCJ1cm46bWljcm9zb2Z0OmFwcHVyaSI6Im1zLWFwcDovL1MtMS0xNS0yLTM2MzczOTQzNzAtMjIzMTgyMTkzNi01NjUwMTU1MS0xNTE0NjEzNDgyLTQ1NjgzNjc4LTM1NzUyNjE4NTItMjMzNTgyNjkwIiwidXJuOm1pY3Jvc29mdDphcHBpZCI6IjAwMDAwMDAwNEMwRTdBNUMifQ.I-sE7t6IJUho1TfgaLilNuzro-pWOMgg33rQ351GcoM"; public static string OverClaims = @"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6ImtyaU1QZG1Cdng2OHNrVDgtbVBBQjNCc2VlQSJ9.eyJhdWQiOiJodHRwczovL2dyYXBoLndpbmRvd3MubmV0IiwiaXNzIjoiaHR0cHM6Ly9zdHMud2luZG93cy5uZXQvNzJmOTg4YmYtODZmMS00MWFmLTkxYWItMmQ3Y2QwMTFkYjQ3LyIsImlhdCI6MTQwNTk2ODkyMiwibmJmIjoxNDA1OTY4OTIyLCJleHAiOjE0MDU5NzI4MjIsInZlciI6IjEuMCIsInRpZCI6IjcyZjk4OGJmLTg2ZjEtNDFhZi05MWFiLTJkN2NkMDExZGI0NyIsImFtciI6WyJwd2QiXSwib2lkIjoiMzVjNzZlZWQtZjY0MC00YWU3LWFhZTItMzI3NzE3MWVhM2U1IiwidXBuIjoibmJhbGlnYUBtaWNyb3NvZnQuY29tIiwidW5pcXVlX25hbWUiOiJuYmFsaWdhQG1pY3Jvc29mdC5jb20iLCJzdWIiOiI1R0UwVkhBSlBuaUdNSWluN3dMNFBFMFE5MjAzTG00bHJBUnBrcEFBYmprIiwicHVpZCI6IjEwMDM3RkZFODAxQjI4QTAiLCJmYW1pbHlfbmFtZSI6IkJhbGlnYSIsImdpdmVuX25hbWUiOiJOYW1yYXRhIiwiX2NsYWltX25hbWVzIjp7Imdyb3VwcyI6InNyYzEifSwiX2NsYWltX3NvdXJjZXMiOnsic3JjMSI6eyJlbmRwb2ludCI6Imh0dHBzOi8vZ3JhcGgud2luZG93cy5uZXQvNzJmOTg4YmYtODZmMS00MWFmLTkxYWItMmQ3Y2QwMTFkYjQ3L3VzZXJzLzM1Yzc2ZWVkLWY2NDAtNGFlNy1hYWUyLTMyNzcxNzFlYTNlNS9nZXRNZW1iZXJPYmplY3RzIn19LCJhcHBpZCI6IjExOGUxNzBmLWNmMjYtNDAwZi1hMGU5LTk2OTEwYjMxMTg3ZSIsImFwcGlkYWNyIjoiMSIsInNjcCI6IlVzZXJQcm9maWxlLlJlYWQiLCJhY3IiOiIxIn0.PWNfaBajC6KAr2dKiG0aJ1295hIXm9XWZPdrCw6zMgT0s46rrcBFMWOJQ-4Cz1aSqour6tslg8cl4_1rAjlkVwsXs7QTekMHxIcf3SPpM6vPTa7OfQ4dzBbPQV_QKif1xBXDkFQfZPAF2tPwcK_VBzHT0Z94_CpOtxChXmGEctW38Rt6f8bC_aaD6nsTZOt6NdAmI2AVOchpp7qNWEdBTvdcoNyz_a5VbUwWsHGCvozcOLjjFLles-K0BhiFw3MyJU_DMG-H6TgeBtwJPiuU2vHUTea26sfKHbpe7GypBo1PjY7odDWMH-d7c1Z0fT-UL15dAV419zX1NGbl-cujsw"; @@ -492,6 +493,13 @@ public static class EncodedJwts public static string JweTest2 = @"eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiRGVmYXVsdFN5bW1ldHJpY1NlY3VyaXR5S2V5XzI1NiIsInR5cCI6IkpXVCJ9..HksrbloZr9KUuYlpb3AbdA.aBtVk9Aad6qR81MVQ2NvZVQxEOD8x3_YC2qCGHKTFasjQPvhEbFhm_tZHHOOsRh1c7PG-atrHE6vcG0op8NRgZGpBJAzT8uwmRmJ3w-FuG_u4nfttg8qfD1OfA_4R82vRh6iXg7ZzviVInIa8ZCVntdWjoMN3hManuLdVIYFAWkG4J2Vy0tuGmjbamvbx9MSJWHO84um7Szz03dUai99aKPKAR43PeN3JlXvA95MXAJzY973B7OviFRsYi1MryX_6FUt_OVvJQMJsjUADQeyesgUNw3GP9xT4KI8NjBW8LJ4q2l3as0ztmzJKQWAnvSLSfJNgWpnQrFTX3qThylIqUESshMJjCHQKW6WO7NOFt2RrgR9v1omw-1S8cV1m4SKNnJOqmRF3ZijNJjGpzaPIEfDHzsE0MwU67_-f-uVAlTJzZnxax8d-7KEkd0KZCcO_ILL1xWKxDkdxGy51WcJwBOTcx0x1jpuAOwIi0wT9kTSDw7WpH3T0VpCnbjB1K8MQYrn1y9vkT3SG6IjRVrJnyo_pk8RuSnKRtFFNwAbE4JqwCQg5wthcJ9M1nO1aMgfIrnl7EEbbEaP3PnZTrrZ1UxiIXmk0xocIFDqHxGtMC-Rs6uJ67gUhAxMdi5iji5Ogrencfjat1azGH_89nRETDF0WjAs6EOTWpHB5jp0xx684kcYT4EbUp-ms0XxmcxV7oyUnkM9jxJBmbSEZoS5Dec6dO5sM6J4G5QI6U1_1edzi886mxZg25RA3AGCwjbXAW-zKUiPUP4Xu8TCRsMzpNocDV5dJ9cCb8zLpmtKclckcSVjd27zU3twGl65yS0uRdKradP99npd3rBmdeCgJyJwDJ2lAJpY804LQJSztt81caOnv-fOAI-7MEBQgVI3.EOlYXEsosb6b8tuRxMNQqA"; public static string JweTest3 = @"eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiRGVmYXVsdFN5bW1ldHJpY1NlY3VyaXR5S2V5XzI1NiIsInR5cCI6IkpXVCJ9..1mLo9oZ_n0HuNKmS2SR6nw.KBkP2fD0SHWAZhzNzLx7DSaNlqwhd7aPUQ2oEEOVA0i99LGCuEBB2-mHmIOZgbkU5hGF7oCidVLM9ar8_Tek2I5-EdEDFCaT8wctBneSNiyXRJwUHOT7o_HO6f2rp4CfIAaqf_J8iM4UJtmC4eez2nxJc44oWlUvLWVS3Q73le6qiAW3ASpmJIPB47vn5YEa1AtR6I3A3X7f18yMSdtGKaLA6sUL-ZeRPAg0dNUiObMT9MqqtA_Jt61z8g-x3DSNKDvfUv6nIdo0L4KhFt7m5okXAedF-VxOUIryNEzMoYcEef78RX6Nf-5Eq71vzKIK99CFsL5uhfhk_RJl8-8wbIuJjuWByalnw7LW_0-7w7VIWtg24gHCq6mKvDdmVBgL-caWVDL2ILSR4MnJywqx11YzG74gsC-JvsjkEsZL3mH-27eiCsd_Xb2YXiGdMkmveJzlYwiQk5Uos-6kvNGWfzsxhkpGnCRbxBKjeCsj6lXTpHs_16MhACX2xdNmsLKF01waty-cQ5mufEgTsyi98CWCmRtZOs1wWLfmcGEL-j85p7ts1LLS-UPswgSJ3lFobriuSYt_oaBfcemz5emn1xe2VNme7-BvhS6i3axnY2Z6ULtLICI1AbQuSRT336m5WmWhGvu04XVkyilJRy9qUr7kKDR6Ux1PXrSpsd0GiDk3qLwmnv8N9FOROvfx3TtyXDLFuapbQwz1A37nl8Vg2kYoARqOAU73lslhbYLD_DiOIBmDREw85M2sBgTqZGCQMlFzTLxeiM0OZv-s2yMTv4fD7p_Tg1512bV1W3fe_Ja-4wmkwRXJmnF8K8m6oWnofBERieGtA_0HVcjQQh_t5Z2tc3XQEdCJxAqiiCGdmw-SX_9OMjWEjgLbvfqK_eVm.0DUduz5oR0ry2xRlaUnS7A"; public static string JweTest4 = @"eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiRGVmYXVsdFN5bW1ldHJpY1NlY3VyaXR5S2V5XzI1NiIsInR5cCI6IkpXVCJ9..KgIILz-uysx_8sGUHw6Uig.Jzj6wn_rulSAuaADgUayVttM_h1CxzDeadddOaZ3sDzBu6Z0ffMQ9IKtjbpkLfzawFM0qBRjt1p75IUieTa7esZOWj5yoS8UQWg0e1n2pWpWEx9zpfeMsJjbwrsD4_tFxKRDjlAuDHYX2NehgT8CAiI2vI0dMgzIUR8VU6p7Srg_UpiZy_QnVcFG7hHhAK0R0affj6ViGhc7U_diMnpR5P3s8eG-GImB4iHMltlaUTcUqFDgSJBCmiQ0SK-lDTy9Q4Z3tGdhTZeofG9-fi68E234uznjdSj_Ql2t1E4nMOYc0kRcORlKJNQKUMLqW5ddwZwPqRd0HzccjLwnP20RqUbWntBidIdTTl94dT-1BrNGQMDMCTV7HQQxmf1JKbBN0DD0xkfOnO4UGEoHVhjOQhd1R1gAh7KtDNMJKPIdmGfMoy2SDJm_pPwmJ1ayw8rF4F5MoCDxUcKVfC25DAWOxVtnvvR4rJ9qkc9dWHr6sdFqZi7sRQIG9M7T2qqOktoZdoAEmduhii5_p5B456PsZlt8olRCsI8Xb_p4sR5clsEEMRatiUKvcXzNiVEK__17tGa2ALKGoutYb_8AasavGhz-sUjlLlHlCmaI9MA8s07MfhobBEepgNStymK1IBkl1wb1sidMmkNWSX4R18bA9J5tjAcUH0tsyyXzxix7DkKag-zl3pxxawS0NmjVIAnxXOFM_M8_DWQAySNO3atkHnMP__PneG3J-4vUoZhVeEQj66D-MCnCGzKi7YeEAjvLbPsQSeE6ptZ5lfiCmzmza0OkfeRnxRE8L1UA6-XydZ0Z6P1M7W-eV4OctVwIq1VNJeC461-D0ukouDWGBfVajW0k9Ws-U2l8Sp16TgEHkly1MnU7P7VkclldrIQ18yzd.j6_mHUzwEVeprRmNZMEY7A"; + public static string JWSEmptyHeader = @".eyJhIjoiYiJ9.eyJhIjoiYiJ9"; + public static string JWSEmptyPayload = @"eyJhIjoiYiJ9..eyJhIjoiYiJ9"; + public static string JWEEmptyHeader = @".eyJhIjoiYiJ9.eyJhIjoiYiJ9.eyJhIjoiYiJ9.eyJhIjoiYiJ9"; + public static string JWEEmptyEncryptedKey = @"eyJhIjoiYiJ9..eyJhIjoiYiJ9.eyJhIjoiYiJ9.eyJhIjoiYiJ9"; + public static string JWEEmptyIV = @"eyJhIjoiYiJ9.eyJhIjoiYiJ9..eyJhIjoiYiJ9.eyJhIjoiYiJ9"; + public static string JWEEmptyCiphertext = @"eyJhIjoiYiJ9.eyJhIjoiYiJ9.eyJhIjoiYiJ9..eyJhIjoiYiJ9"; + public static string JWEEmptyAuthenticationTag = @"eyJhIjoiYiJ9.eyJhIjoiYiJ9.eyJhIjoiYiJ9.eyJhIjoiYiJ9."; public static string JwsKidNullX5t {