// Validate if required parameters are present and consistent
if (ret == RHN_OK) {
  if (!has_kty) {
    if (!has_alg) {
      y_log_message(Y_LOG_LEVEL_ERROR, "r_jwk_is_valid - Invalid data");
      ret = RHN_ERROR_PARAM;
    }
  } else {
    if (has_kty && !has_pubkey_parameters) {
      y_log_message(Y_LOG_LEVEL_ERROR, "r_jwk_is_valid - public key parameters missing");
      ret = RHN_ERROR_PARAM;
    }
  }
}

"aud": [
    "ldaps://school.dev/",
    "account"
  ],

/usr/local/include/gmp.h:446:37: note: expanded from macro '__GMP_ABS'
#define __GMP_ABS(x)   ((x) >= 0 ? (x) : -(x))
                                  ^
/usr/local/include/gmp.h:1875:10: error: operand of ? changes signedness: 'int' to 'size_t' (aka 'unsigned long') [-Werror,-Wsign-conversion]
return __GMP_ABS (__gmp_z->_mp_size);
~~~~~~ ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/usr/local/include/gmp.h:446:42: note: expanded from macro '__GMP_ABS'
#define __GMP_ABS(x)   ((x) >= 0 ? (x) : -(x))
                                       ^~~~
2 errors generated.
ninja: build stopped: subcommand failed.

Any suggestion ?

 * Verifies the signature of the JWT
 * The JWT must contain a signature
 * or the JWT must have alg: none

root@9ac53b23f309:/tmp/jtests# cat ec256.keys
    {
      "crv": "P-256",
      "d": "oFsqPRb6-_4lsQxpo9SkpI_msq_77wEgIsCiwLaMWgA",
      "kid": "ExUMY91J9atex-1Ai5vbu6qJ4aAGq0RMQxo__QyZV4k",
      "kty": "EC",
      "x": "g2L0jXitI0uUgmsKCUJjMVr20NrU5uHVlTbbXEd5UvY",
      "y": "MCcXesyMUYS3l6PvyQeN6B6Ou1UiWQF-7OeIZBWmgK4"
    }

root@edb8bbbd1def:/j/tests# data='{"sub": "[email protected]","name": "JohnDoe","iat": 1516239022}'

Using https://github.com/babelouest/rhonabwy

root@edb8bbbd1def:/j/tests# /j/jwtc/rnbyc -s "$data" -l ECDH-ES  -e A256CBC-HS512 -P ec256.jwks -K o256.jwks -a HS256

jwt: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiIsImtpZCI6IktPTWdUTFdhTDdzN0s5S0JBNldsc0EifQ.eyJzdWIiOiJqZG9lQGV4YW1wbGUuY29tIiwibmFtZSI6IkpvaG5Eb2UiLCJpYXQiOjE1MTYyMzkwMjJ9.3cr0Mhmthj0_-btt69sRLvbGb7ScD4lpcp-8MMArk90

r_jwe_encrypt_payload: jwe->key
BE CD C2 20 52 27 2E 77  9D 4E CA E3 D6 E1 0F 3B
36 2C 0F B7 F1 23 FF DF  36 C9 A3 13 81 F1 64 D0
00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00

jwe: eyJ0eXAiOiJKV1QiLCJjdHkiOiJKV1QiLCJhbGciOiJFQ0RILUVTIiwia2lkIjoiRXhVTVk5MUo5YXRleC0xQWk1dmJ1NnFKNGFBR3EwUk1ReG9fX1F5WlY0ayIsImVwayI6eyJrdHkiOiJFQyIsIngiOiJOWjZJSlk4WTNlZVhPLXFXZXJ4NUhNeUNsNkFMeWdQaEdFaDEydFpaTkcwIiwieSI6Inl3Vk5GamVpLURQWEpRZ2FxV0lOalZ1R2JEaW94VUp4MDlUZXprb0xVWmsiLCJjcnYiOiJQLTI1NiJ9LCJlbmMiOiJBMjU2Q0JDLUhTNTEyIn0..z-JRY8K9BjcP3P86ZojJJw.ngURI13qrpyOIc5AvIwcdS9D151f8YVwmsvjWG0kQg9ASELPw82F7Sh5Azrt5to6slyQ4BDib9PdwI3BTg29Wd-jbUYlrsTYx53-Syy5pGSIOhsilTbWo-eIHUPyV8E0m1RC3une-M7uxgiQL79hYvhgC9eteuobsS8dai9FkPjCr2WiOqvevqYtwmAJ_sUkD83-2b98HeZ_ZcDt4E6OHej02DrMFSIs6bhHAspdn2AlxRyHEyO3Z1su7-xafP7zYnKuiG49UppFYoKI_OKMIw.eZxa077Rgt5ogrosk9GN0JJvl2cpljxZ4wRBOuvuWi4

# save jwt and jwe to files

root@9ac53b23f309:/tmp/jtests# cat jwt.txt
eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiIsImtpZCI6IktPTWdUTFdhTDdzN0s5S0JBNldsc0EifQ.eyJzdWIiOiJqZG9lQGV4YW1wbGUuY29tIiwibmFtZSI6IkpvaG5Eb2UiLCJpYXQiOjE1MTYyMzkwMjJ9.3cr0Mhmthj0_-btt69sRLvbGb7ScD4lpcp-8MMArk90

root@9ac53b23f309:/tmp/jtests# cat jwe.txt
eyJ0eXAiOiJKV1QiLCJjdHkiOiJKV1QiLCJhbGciOiJFQ0RILUVTIiwia2lkIjoiRXhVTVk5MUo5YXRleC0xQWk1dmJ1NnFKNGFBR3EwUk1ReG9fX1F5WlY0ayIsImVwayI6eyJrdHkiOiJFQyIsIngiOiJOWjZJSlk4WTNlZVhPLXFXZXJ4NUhNeUNsNkFMeWdQaEdFaDEydFpaTkcwIiwieSI6Inl3Vk5GamVpLURQWEpRZ2FxV0lOalZ1R2JEaW94VUp4MDlUZXprb0xVWmsiLCJjcnYiOiJQLTI1NiJ9LCJlbmMiOiJBMjU2Q0JDLUhTNTEyIn0..z-JRY8K9BjcP3P86ZojJJw.ngURI13qrpyOIc5AvIwcdS9D151f8YVwmsvjWG0kQg9ASELPw82F7Sh5Azrt5to6slyQ4BDib9PdwI3BTg29Wd-jbUYlrsTYx53-Syy5pGSIOhsilTbWo-eIHUPyV8E0m1RC3une-M7uxgiQL79hYvhgC9eteuobsS8dai9FkPjCr2WiOqvevqYtwmAJ_sUkD83-2b98HeZ_ZcDt4E6OHej02DrMFSIs6bhHAspdn2AlxRyHEyO3Z1su7-xafP7zYnKuiG49UppFYoKI_OKMIw.eZxa077Rgt5ogrosk9GN0JJvl2cpljxZ4wRBOuvuWi4


root@edb8bbbd1def:/j/tests# /j/jwtc/rnbyc -t "$ntok" -K ec256.keys -H true -d
2023-06-29T03:33:20Z - rnbyc INFO: Starting rnbyc debug mode

r_jwe_decrypt_payload: jwe->key
BE CD C2 20 52 27 2E 77  9D 4E CA E3 D6 E1 0F 3B
36 2C 0F B7 F1 23 FF DF  36 C9 A3 13 81 F1 64 D0
00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
Token payload decrypted
{
  "alg": "ECDH-ES",
  "cty": "JWT",
  "enc": "A256CBC-HS512",
  "epk": {
    "crv": "P-256",
    "kty": "EC",
    "x": "NZ6IJY8Y3eeXO-qWerx5HMyCl6ALygPhGEh12tZZNG0",
    "y": "ywVNFjei-DPXJQgaqWINjVuGbDioxUJx09TezkoLUZk"
  },
  "kid": "ExUMY91J9atex-1Ai5vbu6qJ4aAGq0RMQxo__QyZV4k",
  "typ": "JWT"
}
{
  "alg": "HS256",
  "kid": "KOMgTLWaL7s7K9KBA6WlsA",
  "typ": "JWT"
}
{
  "iat": 1516239022,
  "name": "JohnDoe",
  "sub": "[email protected]"
}

Cross verify with go-jose/jose-util: https://github.com/go-jose/go-jose

$git diff
diff --git a/cipher/ecdh_es.go b/cipher/ecdh_es.go
index 093c646..c54f174 100644
--- a/cipher/ecdh_es.go
+++ b/cipher/ecdh_es.go
@@ -22,6 +22,8 @@ import (
        "crypto/ecdsa"
        "crypto/elliptic"
        "encoding/binary"
+       "encoding/hex"
+       "fmt"
 )

 // DeriveECDHES derives a shared encryption key using ECDH/ConcatKDF as described in JWE/JWA.
@@ -64,6 +66,8 @@ func DeriveECDHES(alg string, apuData, apvData []byte, priv *ecdsa.PrivateKey, p
        // Read on the KDF will never fail
        _, _ = reader.Read(key)

+       fmt.Printf("DeriveECDHES: key\n%s", hex.Dump(key))
+
        return key
 }

root@9ac53b23f309:/tmp/jtests# ./jose-util decrypt --key ec256.keys --in jwe.txt

DeriveECDHES: key
00000000  be cd c2 20 52 27 2e 77  9d 4e ca e3 d6 e1 0f 3b  |... R'.w.N.....;|
00000010  36 2c 0f b7 f1 23 ff df  36 c9 a3 13 81 f1 64 d0  |6,...#..6.....d.|
00000020  b7 34 92 35 ac 93 d5 87  cc b1 45 b4 e7 9b 43 9c  |.4.5......E...C.|
00000030  ed 8d b6 de 21 27 34 fa  e7 49 f2 46 dd 30 c9 c7  |....!'4..I.F.0..|
jose-util: error: unable to decrypt message: go-jose/go-jose: error in cryptographic primitive

(gdb) x /64xb jwe.dcek_.data()
0x248ad60:      0xbe    0xcd    0xc2    0x20    0x52    0x27    0x2e    0x77
0x248ad68:      0x9d    0x4e    0xca    0xe3    0xd6    0xe1    0x0f    0x3b
0x248ad70:      0x36    0x2c    0x0f    0xb7    0xf1    0x23    0xff    0xdf
0x248ad78:      0x36    0xc9    0xa3    0x13    0x81    0xf1    0x64    0xd0
0x248ad80:      0xb7    0x34    0x92    0x35    0xac    0x93    0xd5    0x87
0x248ad88:      0xcc    0xb1    0x45    0xb4    0xe7    0x9b    0x43    0x9c
0x248ad90:      0xed    0x8d    0xb6    0xde    0x21    0x27    0x34    0xfa
0x248ad98:      0xe7    0x49    0xf2    0x46    0xdd    0x30    0xc9    0xc7

root@edb8bbbd1def:/j/tests# /j/jwtc/rnbyc.new -s "$data" -l ECDH-ES  -e A256CBC-HS512 -P ec256.jwks -K o256.jwks -a HS256

jwt: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiIsImtpZCI6ImlpMXdBTHhXbWxBRHJEUnRuN0cwTlEifQ.eyJzdWIiOiJqZG9lQGV4YW1wbGUuY29tIiwibmFtZSI6IkpvaG5Eb2UiLCJpYXQiOjE1MTYyMzkwMjJ9.J96TAtD8CQo3tATeUGtKEdb1Pcz_p1Q1a0kFuoghQdg

r_jwe_encrypt_payload: jwe->key
14 FB 29 D7 C7 F7 7F 12  D9 9F D4 63 F6 98 F0 70
6E AD 6C B2 FE 7D EE F0  41 83 BB F9 87 E6 38 06
6A 83 2A 1A C9 6E DC 88  41 3D 20 BD 89 AA E7 2F
41 75 D9 E7 D7 19 BA 01  54 8F F7 0F A0 D5 A4 79

jwe:
eyJ0eXAiOiJKV1QiLCJjdHkiOiJKV1QiLCJhbGciOiJFQ0RILUVTIiwia2lkIjoiRXhVTVk5MUo5YXRleC0xQWk1dmJ1NnFKNGFBR3EwUk1ReG9fX1F5WlY0ayIsImVwayI6eyJrdHkiOiJFQyIsIngiOiJ4YTU5WnpveFlseG10eFRVeW5EaVNpUHpSYkYzdm5RS2Y2ZjcxZkNfSXFjIiwieSI6ImhzRk9lb0RvcmFJUHo3OXVDSERXTmhsbm5XZ3VIZk9sOEw3RnROUlM5cVUiLCJjcnYiOiJQLTI1NiJ9LCJlbmMiOiJBMjU2Q0JDLUhTNTEyIn0..fbX7a7yaM3FprfHN5juiow.d6Ynb8fL2fcHMEOCcmj9DrJE1T02lU8FFLbLsOHLbKtJ6h26HxHBOnkJWPLWn9P8G9T4Sz49IboSiUpCRRbvYyb-NNLzEYIp4LzBdNQmFfgoUasE6ECtYZJk7NDBe1zwXGFAtmEVCdiGJlAsFsq9DiINKNvGpTQze7ks2d1DwToMjhQjVeNPGW5iBz0fpz_s8Q_CTs1RtnWjuUCjgriMV1sNrd-Ea6xVb5rW3FS99NvH6Xnu81Mu0wLMQFxkq4UFo_kc7XYQ8ToR0i902Ck6NQ.HkJMezu9E-_hbYbkGClfgLtdDobuqWLYFAxVAz1XDeQ

root@edb8bbbd1def:/j/tests# ntok="eyJ0eXAiOiJKV1QiLCJjdHkiOiJKV1QiLCJhbGciOiJFQ0RILUVTIiwia2lkIjoiRXhVTVk5MUo5YXRleC0xQWk1dmJ1NnFKNGFBR3EwUk1ReG9fX1F5WlY0ayIsImVwayI6eyJrdHkiOiJFQyIsIngiOiJ4YTU5WnpveFlseG10eFRVeW5EaVNpUHpSYkYzdm5RS2Y2ZjcxZkNfSXFjIiwieSI6ImhzRk9lb0RvcmFJUHo3OXVDSERXTmhsbm5XZ3VIZk9sOEw3RnROUlM5cVUiLCJjcnYiOiJQLTI1NiJ9LCJlbmMiOiJBMjU2Q0JDLUhTNTEyIn0..fbX7a7yaM3FprfHN5juiow.d6Ynb8fL2fcHMEOCcmj9DrJE1T02lU8FFLbLsOHLbKtJ6h26HxHBOnkJWPLWn9P8G9T4Sz49IboSiUpCRRbvYyb-NNLzEYIp4LzBdNQmFfgoUasE6ECtYZJk7NDBe1zwXGFAtmEVCdiGJlAsFsq9DiINKNvGpTQze7ks2d1DwToMjhQjVeNPGW5iBz0fpz_s8Q_CTs1RtnWjuUCjgriMV1sNrd-Ea6xVb5rW3FS99NvH6Xnu81Mu0wLMQFxkq4UFo_kc7XYQ8ToR0i902Ck6NQ.HkJMezu9E-_hbYbkGClfgLtdDobuqWLYFAxVAz1XDeQ"

root@edb8bbbd1def:/j/tests# /j/jwtc/rnbyc.new -t "$ntok" -K ec256.keys -P o256.jwks -H true -d
2023-06-29T05:25:19Z - rnbyc INFO: Starting rnbyc debug mode

r_jwe_decrypt_payload: jwe->key
14 FB 29 D7 C7 F7 7F 12  D9 9F D4 63 F6 98 F0 70
6E AD 6C B2 FE 7D EE F0  41 83 BB F9 87 E6 38 06
6A 83 2A 1A C9 6E DC 88  41 3D 20 BD 89 AA E7 2F
41 75 D9 E7 D7 19 BA 01  54 8F F7 0F A0 D5 A4 79
Token payload decrypted
Token signature verified
{
  "alg": "ECDH-ES",
  "cty": "JWT",
  "enc": "A256CBC-HS512",
  "epk": {
    "crv": "P-256",
    "kty": "EC",
    "x": "xa59ZzoxYlxmtxTUynDiSiPzRbF3vnQKf6f71fC_Iqc",
    "y": "hsFOeoDoraIPz79uCHDWNhlnnWguHfOl8L7FtNRS9qU"
  },
  "kid": "ExUMY91J9atex-1Ai5vbu6qJ4aAGq0RMQxo__QyZV4k",
  "typ": "JWT"
}
{
  "alg": "HS256",
  "kid": "ii1wALxWmlADrDRtn7G0NQ",
  "typ": "JWT"
}
{
  "iat": 1516239022,
  "name": "JohnDoe",
  "sub": "[email protected]"
}

root@9ac53b23f309:/tmp/jtests# ./jose-util decrypt --key ec256.keys --in jwe.new
DeriveECDHES:
00000000  14 fb 29 d7 c7 f7 7f 12  d9 9f d4 63 f6 98 f0 70  |..)........c...p|
00000010  6e ad 6c b2 fe 7d ee f0  41 83 bb f9 87 e6 38 06  |n.l..}..A.....8.|
00000020  6a 83 2a 1a c9 6e dc 88  41 3d 20 bd 89 aa e7 2f  |j.*..n..A= ..../|
00000030  41 75 d9 e7 d7 19 ba 01  54 8f f7 0f a0 d5 a4 79  |Au......T......y|

eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiIsImtpZCI6ImlpMXdBTHhXbWxBRHJEUnRuN0cwTlEifQ.eyJzdWIiOiJqZG9lQGV4YW1wbGUuY29tIiwibmFtZSI6IkpvaG5Eb2UiLCJpYXQiOjE1MTYyMzkwMjJ9.J96TAtD8CQo3tATeUGtKEdb1Pcz_p1Q1a0kFuoghQdg

#!/bin/bash

SCRIPT_DIR=$(cd $(dirname $0); pwd)
BUILD_DIR=${SCRIPT_DIR}/build
INST_DIR=${SCRIPT_DIR}/inst
RHONABWY_SRC_DIR=${SCRIPT_DIR}/rhonabwy-0.9.9999

rm -rf "${BUILD_DIR}" "${INST_DIR}"
mkdir "${BUILD_DIR}" "${INST_DIR}"

cd "${BUILD_DIR}"
cmake \
    -DCMAKE_INSTALL_PREFIX="${INST_DIR}" \
    -DCMAKE_BUILD_TYPE=Release \
    -DDOWNLOAD_DEPENDENCIES=OFF \
    -DBUILD_RNBYC=ON\
    -DWITH_ULFIUS=OFF \
    -DPC_ORCANIA_INCLUDEDIR="${SCRIPT_DIR}/orcania-inst/include" \
    -DPC_ORCANIA_LIBDIR="${SCRIPT_DIR}/orcania-inst/lib64" \
    \
    -DPC_YDER_INCLUDEDIR="${SCRIPT_DIR}/yder-inst/include" \
    -DPC_YDER_LIBDIR="${SCRIPT_DIR}/yder-inst/lib64" \
    \
    -DPC_JANSSON_INCLUDEDIR="${SCRIPT_DIR}/jansson-inst/include" \
    -DPC_JANSSON_LIBDIR="${SCRIPT_DIR}/jansson-inst/lib" \
    \
    -DPC_GNUTLS_INCLUDEDIR="${SCRIPT_DIR}/gnutls-inst/include" \
    -DPC_GNUTLS_LIBDIR="${SCRIPT_DIR}/gnutls-inst/lib" \
    \
    -DZLIB_LIBRARY="${SCRIPT_DIR}/zlib-inst/lib/libz.so.1" \
    -DZLIB_INCLUDE_DIR="${SCRIPT_DIR}/zlib-inst/include" \
    \
    "${RHONABWY_SRC_DIR}"

# This makes building the library work
cat >> CMakeFiles/rhonabwy.dir/flags.make <<EOF
C_INCLUDES += -I${SCRIPT_DIR}/orcania-inst/include
C_INCLUDES += -I${SCRIPT_DIR}/yder-inst/include
C_INCLUDES += -I${SCRIPT_DIR}/nettle-inst/include
C_INCLUDES += -I${SCRIPT_DIR}/gmp-inst/include
EOF

# This makes building the binary work
cat >> CMakeFiles/rnbyc.dir/flags.make <<EOF
C_INCLUDES += -I${SCRIPT_DIR}/orcania-inst/include
C_INCLUDES += -I${SCRIPT_DIR}/yder-inst/include
C_INCLUDES += -I${SCRIPT_DIR}/nettle-inst/include
C_INCLUDES += -I${SCRIPT_DIR}/gmp-inst/include
EOF

make
make install

rhonabwy-src/src/jws.c: In function 'r_jws_serialize':
rhonabwy-src/src/jws.c:301:31: error: 'adj' may be used uninitialized in this function [-Werror=maybe-uninitialized]
  301 |           s_out_padding = adj - s.size;
      |                           ~~~~^~~~~~~~
rhonabwy-src/src/jws.c:268:16: note: 'adj' was declared here
  268 |   unsigned int adj;
      |                ^~~