You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "Behrang Saeedzadeh (JIRA)" <ji...@apache.org> on 2016/08/10 02:20:20 UTC
[jira] [Updated] (CXF-7005) NullPointerException when using
JwkUtils.toRSAPrivateKey
[ https://issues.apache.org/jira/browse/CXF-7005?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Behrang Saeedzadeh updated CXF-7005:
------------------------------------
Description:
When an RSA private key is converted to a JWK and stored in a JSON Web Keys file using the following code:
{code}
import test.CryptoUtils; // loads an RSA private key from file
import org.apache.cxf.rs.security.jose.jwk.JsonWebKey;
import org.apache.cxf.rs.security.jose.jwk.JsonWebKeys;
import org.apache.cxf.rs.security.jose.jwk.JwkUtils;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.nio.file.Paths;
import java.security.interfaces.RSAPrivateKey;
import java.time.LocalDateTime;
public class JwkCreator {
public static void main(String[] args) throws IOException {
final RSAPrivateKey privateKey = CryptoUtils.loadRsaPrivateKey(Paths.get("private-key.der"));
final JsonWebKey jwk = JwkUtils.fromRSAPrivateKey(privateKey, "RSA-OAEP-256");
jwk.setKeyId("test");
final JsonWebKeys webKeys = new JsonWebKeys(jwk);
JwkUtils.jwkSetToJson(webKeys, new FileOutputStream("jwk.json"));
}
}
{code}
The generated file does not have a {{RSA_PUBLIC_EXP}} (i.e. the `e`) property:
{code}
{
"keys": [
{
"kty": "RSA",
"alg": "RSA-OAEP-256",
"n": "...",
"d": "...",
"p": "...",
"q": "...",
"dp": "...",
"dq": "...",
"qi": "...",
"kid": "test"
}
]
}
{code}
Consequently, when trying to use {{JwkUtils.toRSAPrivateKey}} to convert the JWK to a private key, a NullPointerException is thrown due to the following statement in {{JwkUtils.java}}:
{code}
return CryptoUtils.getRSAPrivateKey(encodedModulus,
encodedPublicExponent,
encodedPrivateExponent,
encodedPrimeP,
encodedPrimeQ,
encodedPrimeExpP,
encodedPrimeExpQ,
encodedCrtCoefficient);
{code}
which in turn calls {{CryptoUtils.decodeSequence(encodedPublicExponent)}} on a {{null}} value.
was:
When an RSA private key is converted to a JWK and stored in a JSON Web Keys file using the following code:
{code}
import au.com.sportsbet.pii.utils.CryptoUtils;
import org.apache.cxf.rs.security.jose.jwk.JsonWebKey;
import org.apache.cxf.rs.security.jose.jwk.JsonWebKeys;
import org.apache.cxf.rs.security.jose.jwk.JwkUtils;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.nio.file.Paths;
import java.security.interfaces.RSAPrivateKey;
import java.time.LocalDateTime;
public class JwkCreator {
public static void main(String[] args) throws IOException {
final RSAPrivateKey privateKey = CryptoUtils.loadRsaPrivateKey(Paths.get("private-key.der"));
final JsonWebKey jwk = JwkUtils.fromRSAPrivateKey(privateKey, "RSA-OAEP-256");
jwk.setKeyId("test");
final JsonWebKeys webKeys = new JsonWebKeys(jwk);
JwkUtils.jwkSetToJson(webKeys, new FileOutputStream("jwk.json"));
}
}
{code}
The generated file does not have a {{RSA_PUBLIC_EXP}} (i.e. the `e`) property:
{code}
{
"keys": [
{
"kty": "RSA",
"alg": "RSA-OAEP-256",
"n": "...",
"d": "...",
"p": "...",
"q": "...",
"dp": "...",
"dq": "...",
"qi": "...",
"kid": "test"
}
]
}
{code}
Consequently, when trying to use {{JwkUtils.toRSAPrivateKey}} to convert the JWK to a private key, a NullPointerException is thrown due to the following statement in {{JwkUtils.java}}:
{code}
return CryptoUtils.getRSAPrivateKey(encodedModulus,
encodedPublicExponent,
encodedPrivateExponent,
encodedPrimeP,
encodedPrimeQ,
encodedPrimeExpP,
encodedPrimeExpQ,
encodedCrtCoefficient);
{code}
which in turn calls {{CryptoUtils.decodeSequence(encodedPublicExponent)}} on a {{null}} value.
> NullPointerException when using JwkUtils.toRSAPrivateKey
> --------------------------------------------------------
>
> Key: CXF-7005
> URL: https://issues.apache.org/jira/browse/CXF-7005
> Project: CXF
> Issue Type: Bug
> Components: JAX-RS Security
> Affects Versions: 3.1.7
> Reporter: Behrang Saeedzadeh
>
> When an RSA private key is converted to a JWK and stored in a JSON Web Keys file using the following code:
> {code}
> import test.CryptoUtils; // loads an RSA private key from file
> import org.apache.cxf.rs.security.jose.jwk.JsonWebKey;
> import org.apache.cxf.rs.security.jose.jwk.JsonWebKeys;
> import org.apache.cxf.rs.security.jose.jwk.JwkUtils;
> import java.io.FileNotFoundException;
> import java.io.FileOutputStream;
> import java.io.IOException;
> import java.nio.file.Paths;
> import java.security.interfaces.RSAPrivateKey;
> import java.time.LocalDateTime;
> public class JwkCreator {
> public static void main(String[] args) throws IOException {
> final RSAPrivateKey privateKey = CryptoUtils.loadRsaPrivateKey(Paths.get("private-key.der"));
> final JsonWebKey jwk = JwkUtils.fromRSAPrivateKey(privateKey, "RSA-OAEP-256");
> jwk.setKeyId("test");
> final JsonWebKeys webKeys = new JsonWebKeys(jwk);
> JwkUtils.jwkSetToJson(webKeys, new FileOutputStream("jwk.json"));
> }
> }
> {code}
> The generated file does not have a {{RSA_PUBLIC_EXP}} (i.e. the `e`) property:
> {code}
> {
> "keys": [
> {
> "kty": "RSA",
> "alg": "RSA-OAEP-256",
> "n": "...",
> "d": "...",
> "p": "...",
> "q": "...",
> "dp": "...",
> "dq": "...",
> "qi": "...",
> "kid": "test"
> }
> ]
> }
> {code}
> Consequently, when trying to use {{JwkUtils.toRSAPrivateKey}} to convert the JWK to a private key, a NullPointerException is thrown due to the following statement in {{JwkUtils.java}}:
> {code}
> return CryptoUtils.getRSAPrivateKey(encodedModulus,
> encodedPublicExponent,
> encodedPrivateExponent,
> encodedPrimeP,
> encodedPrimeQ,
> encodedPrimeExpP,
> encodedPrimeExpQ,
> encodedCrtCoefficient);
> {code}
> which in turn calls {{CryptoUtils.decodeSequence(encodedPublicExponent)}} on a {{null}} value.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)