We have encountered a problem where loading JSON Web Keys (JWKs) results in the following error message:
"failed to validate JSON Web Key: failed to validate JWK: marshaled JWK does not match original JWK"
The JWK is set as follows:
"kty": "EC",
"crv": "P-256",
"alg": "ES256"
Upon investigation, we found that the problem lies in one of the key coordinates starting with a leading zero. For example:
The x coordinate starts with "ALTu..." After the coordinate is changed with the following function
|
func base64urlTrailingPadding(s string) ([]byte, error) { |
the result looks like:
[0 180 238...]
However, after calling Set.Bytes() on this value, the leading zero disappears..
|
X: new(big.Int).SetBytes(x), |
When converting the result back to bytes we see the following result:
[180 238...]
This discrepancy leads to the original error message because the deepEqual check here no longer validates correctly.
|
ok := reflect.DeepEqual(j.marshal, marshalled) |
We recommend addressing this issue by ensuring consistent handling of leading zeros in key coordinates during JWK validation.
We hope to hear soon from you!
Kind regards,
Hauke