[jboss-jira] [JBoss JIRA] (WFLY-12976) Base64 encoded JWKS from a file fails to resolve

Darran Lofthouse (Jira) issues at jboss.org
Wed Jan 15 12:50:43 EST 2020 

     [ https://issues.redhat.com/browse/WFLY-12976?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Darran Lofthouse moved WFWIP-297 to WFLY-12976:
-----------------------------------------------

        Project: WildFly  (was: WildFly WIP)
            Key: WFLY-12976  (was: WFWIP-297)
    Component/s: MP JWT
                     (was: MP JWT)


> Base64 encoded JWKS from a file fails to resolve
> ------------------------------------------------
>
>                 Key: WFLY-12976
>                 URL: https://issues.redhat.com/browse/WFLY-12976
>             Project: WildFly
>          Issue Type: Bug
>          Components: MP JWT
>            Reporter: Jan Kasik
>            Assignee: Darran Lofthouse
>            Priority: Critical
>
> JWKS supplied through {{mp.jwt.verify.publickey.location}} fails to resolve when encoded to Base64 string. Seems like the SmallRye is trying to parse the file content as a PEM key. See excerpt from log.
> This breaks specification compatibility because according to MP-JWT 1.1 which specifies in section 9.2.3:
> {quote}
> The JWKS may be supplied in plain JSON or Base64 URL encoded JSON format.
> {quote}
> {code}
> 12:04:02,323 DEBUG [io.smallrye.jwt.config.JWTAuthContextInfoProvider] (default task-1) init, mpJwtPublicKey=NONE, mpJwtIssuer=issuer, mpJwtLocation=META-INF/keys.jwks
> ...
> 12:04:02,326 DEBUG [io.smallrye.jwt.auth.principal.KeyLocationResolver] (default task-1) Trying to create a key from the encoded PEM key...
> 12:04:02,326 DEBUG [io.smallrye.jwt.auth.principal.KeyLocationResolver] (default task-1) Failed to create a key from the encoded PEM key: java.security.spec.InvalidKeySpecException: java.security.InvalidKeyException: invalid key format
> 	at sun.security.rsa.RSAKeyFactory.engineGeneratePublic(RSAKeyFactory.java:205)
> ...
> Caused by: org.jose4j.jwt.consumer.InvalidJwtException: JWT processing failed. Additional details: [[17] Unable to process JOSE object (cause: org.jose4j.lang.UnresolvableKeyException: Failed to resolve a key from: META-INF/keys.jwks): JsonWebSignature{"kid":"blue-key","typ":"JWT","alg":"RS256"}->eyJraWQiOiJibHVlLWtleSIsInR5cCI6IkpXVCIsImFsZyI6IlJTMjU2In0=.eyJqdGkiOiJmMjc2YjVhYS0zMGZiLTQ4MWEtYjk0MS0xNDJhNjBmMGZiNjMiLCJzdWIiOiJGQUtFX1VTRVIiLCJncm91cHMiOlsiZ3JvdXAyIiwiZ3JvdXAxIl0sImF1ZCI6Im1pY3JvcHJvZmlsZS1qd3QtdGVzdHN1aXRlIiwiaXNzIjoiaXNzdWVyIiwiaWF0IjoxNTc4NjU0MjQxLCJleHAiOjE1Nzg2NTc4NDEsInVwbiI6IkZBS0VfVVNFUiIsInByZWZlcnJlZF91c2VybmFtZSI6IkZBS0VfVVNFUiJ9.AEe5kEr0s2p4CDbqwHPRwLziktwABX0OmM2aCEgdUF71eXlCu72ZhwNYDac3NyXMNhWp7k_xxX0I20EIbwBQsiJFmQZgqXZuK44Kc3jnMWDHT8kdPU03G3rIZBA2aiYsVy2gZ67gG_VnFx453fqHOxBIXtDsy1mzdrHwHLgY5iOklAodlv0Oe-H2Qik8oEj_k2R0a9b9E9pu7RHkono1d8TIuufwuJOIv7QSSo9w5vC74mYvd_RhZKvLACLx4ry9KVWamtDp_hMpclAqeUCjvcL-2VMI1VaDE3ZE7XonNMbCjwjxLzTtRLwVZAoYiD3eXSYkFTLGUT4BtfE8P5B3Uvb6pjf50e_EgYePAwvY-PFBFPB54BWcO433B3Pk411XYHUZweQfMHumateCwPJXZXcCoWjGj8ujHH3Leje_9gswzxDxd0JI2zjJEwasTBMixC65Jz9W5lKwQVVTHULP49KIbRXFkU52gTizMZNaABSGI48naMHr0Xu42yDKSrwkJTO3zNW1kSVi-3BMU6fmUxK8BF3xy2VgDgg_Rpmx_eQCBrGE36J-swHZbAPmiMKYT96D3rZHcMHa1oj784Em_h1p3sfr27ZCd0vpO7rOmHWzk1SWnb5GkySuuedwBQL-K5VT3mytqwFOg_UXZMkxSEGbn37WRzMa2KxfXKgRA-A=]
> 	at org.jose4j.jwt.consumer.JwtConsumer.processContext(JwtConsumer.java:271)
> 	at org.jose4j.jwt.consumer.JwtConsumer.process(JwtConsumer.java:433)
> 	at io.smallrye.jwt.auth.principal.DefaultJWTTokenParser.parse(DefaultJWTTokenParser.java:88)
> 	... 40 more
> Caused by: org.jose4j.lang.UnresolvableKeyException: Failed to resolve a key from: META-INF/keys.jwks
> 	at io.smallrye.jwt.auth.principal.KeyLocationResolver.resolveKey(KeyLocationResolver.java:101)
> 	at org.jose4j.jwt.consumer.JwtConsumer.processContext(JwtConsumer.java:213)
> 	... 42 more
> {code}



--
This message was sent by Atlassian Jira
(v7.13.8#713008)

More information about the jboss-jira mailing list