[JBoss JIRA] (WFWIP-297) Base64 encoded JWKS from a file fails to resolve

Wednesday, 15 January 2020

     [
https://issues.redhat.com/browse/WFWIP-297?page=com.atlassian.jira.plugin...
]

Darran Lofthouse updated WFWIP-297:
-----------------------------------
    Priority: Critical  (was: Blocker)

...
 Base64 encoded JWKS from a file fails to resolve
 ------------------------------------------------

                 Key: WFWIP-297
                 URL: https://issues.redhat.com/browse/WFWIP-297
             Project: WildFly WIP
          Issue Type: Bug
          Components: MP JWT
            Reporter: Jan Kasik
            Assignee: Darran Lofthouse
            Priority: Critical

 JWKS supplied through {{mp.jwt.verify.publickey.location}} fails to resolve when encoded
to Base64 string. Seems like the SmallRye is trying to parse the file content as a PEM
key. See excerpt from log.
 This breaks specification compatibility because according to MP-JWT 1.1 which specifies
in section 9.2.3:
 {quote}
 The JWKS may be supplied in plain JSON or Base64 URL encoded JSON format.
 {quote}
 {code}
 12:04:02,323 DEBUG [io.smallrye.jwt.config.JWTAuthContextInfoProvider] (default task-1)
init, mpJwtPublicKey=NONE, mpJwtIssuer=issuer, mpJwtLocation=META-INF/keys.jwks
 ...
 12:04:02,326 DEBUG [io.smallrye.jwt.auth.principal.KeyLocationResolver] (default task-1)
Trying to create a key from the encoded PEM key...
 12:04:02,326 DEBUG [io.smallrye.jwt.auth.principal.KeyLocationResolver] (default task-1)
Failed to create a key from the encoded PEM key:
java.security.spec.InvalidKeySpecException: java.security.InvalidKeyException: invalid key
format
 	at sun.security.rsa.RSAKeyFactory.engineGeneratePublic(RSAKeyFactory.java:205)
 ...
 Caused by: org.jose4j.jwt.consumer.InvalidJwtException: JWT processing failed. Additional
details: [[17] Unable to process JOSE object (cause:
org.jose4j.lang.UnresolvableKeyException: Failed to resolve a key from:
META-INF/keys.jwks):
JsonWebSignature{"kid":"blue-key","typ":"JWT","alg":"RS256"}->eyJraWQiOiJibHVlLWtleSIsInR5cCI6IkpXVCIsImFsZyI6IlJTMjU2In0=.eyJqdGkiOiJmMjc2YjVhYS0zMGZiLTQ4MWEtYjk0MS0xNDJhNjBmMGZiNjMiLCJzdWIiOiJGQUtFX1VTRVIiLCJncm91cHMiOlsiZ3JvdXAyIiwiZ3JvdXAxIl0sImF1ZCI6Im1pY3JvcHJvZmlsZS1qd3QtdGVzdHN1aXRlIiwiaXNzIjoiaXNzdWVyIiwiaWF0IjoxNTc4NjU0MjQxLCJleHAiOjE1Nzg2NTc4NDEsInVwbiI6IkZBS0VfVVNFUiIsInByZWZlcnJlZF91c2VybmFtZSI6IkZBS0VfVVNFUiJ9.AEe5kEr0s2p4CDbqwHPRwLziktwABX0OmM2aCEgdUF71eXlCu72ZhwNYDac3NyXMNhWp7k_xxX0I20EIbwBQsiJFmQZgqXZuK44Kc3jnMWDHT8kdPU03G3rIZBA2aiYsVy2gZ67gG_VnFx453fqHOxBIXtDsy1mzdrHwHLgY5iOklAodlv0Oe-H2Qik8oEj_k2R0a9b9E9pu7RHkono1d8TIuufwuJOIv7QSSo9w5vC74mYvd_RhZKvLACLx4ry9KVWamtDp_hMpclAqeUCjvcL-2VMI1VaDE3ZE7XonNMbCjwjxLzTtRLwVZAoYiD3eXSYkFTLGUT4BtfE8P5B3Uvb6pjf50e_EgYePAwvY-PFBFPB54BWcO433B3Pk411XYHUZweQfMHumateCwPJXZXcCoWjGj8ujHH3Leje_9gswzxDxd0JI2zjJEwasTBMixC65Jz9W5lKwQVVTHULP49KIbRXFkU52gTizMZNaABSGI48naMHr0Xu42yDKSrwkJTO3zNW1kSVi-3BMU6fmUxK8BF3xy2VgDgg_Rpmx_eQCBrGE36J-swHZbAPmiMKYT96D3rZHcMHa1oj784Em_h1p3sfr27ZCd0vpO7rOmHWzk1SWnb5GkySuuedwBQL-K5VT3mytqwFOg_UXZMkxSEGbn37WRzMa2KxfXKgRA-A=]
 	at org.jose4j.jwt.consumer.JwtConsumer.processContext(JwtConsumer.java:271)
 	at org.jose4j.jwt.consumer.JwtConsumer.process(JwtConsumer.java:433)
 	at
io.smallrye.jwt.auth.principal.DefaultJWTTokenParser.parse(DefaultJWTTokenParser.java:88)
 	... 40 more
 Caused by: org.jose4j.lang.UnresolvableKeyException: Failed to resolve a key from:
META-INF/keys.jwks
 	at
io.smallrye.jwt.auth.principal.KeyLocationResolver.resolveKey(KeyLocationResolver.java:101)
 	at org.jose4j.jwt.consumer.JwtConsumer.processContext(JwtConsumer.java:213)
 	... 42 more
 {code} 

--
This message was sent by Atlassian Jira
(v7.13.8#713008)

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006