cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Behrang Saeedzadeh (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (CXF-7005) NullPointerException when using JwkUtils.toRSAPrivateKey
Date Wed, 10 Aug 2016 02:20:20 GMT

     [ https://issues.apache.org/jira/browse/CXF-7005?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Behrang Saeedzadeh updated CXF-7005:
------------------------------------
    Description: 
When an RSA private key is converted to a JWK and stored in a JSON Web Keys file using the
following code:

{code}
import test.CryptoUtils; // loads an RSA private key from file
import org.apache.cxf.rs.security.jose.jwk.JsonWebKey;
import org.apache.cxf.rs.security.jose.jwk.JsonWebKeys;
import org.apache.cxf.rs.security.jose.jwk.JwkUtils;

import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.nio.file.Paths;
import java.security.interfaces.RSAPrivateKey;
import java.time.LocalDateTime;

public class JwkCreator {

    public static void main(String[] args) throws IOException {
        final RSAPrivateKey privateKey = CryptoUtils.loadRsaPrivateKey(Paths.get("private-key.der"));
        final JsonWebKey jwk = JwkUtils.fromRSAPrivateKey(privateKey, "RSA-OAEP-256");
        jwk.setKeyId("test");

        final JsonWebKeys webKeys = new JsonWebKeys(jwk);

        JwkUtils.jwkSetToJson(webKeys, new FileOutputStream("jwk.json"));
    }

}
{code}

The generated file does not have a {{RSA_PUBLIC_EXP}} (i.e. the `e`) property:

{code}
{
  "keys": [
    {
      "kty": "RSA",
      "alg": "RSA-OAEP-256",
      "n": "...",
      "d": "...",
      "p": "...",
      "q": "...",
      "dp": "...",
      "dq": "...",
      "qi": "...",
      "kid": "test"
    }
  ]
}
{code}

Consequently, when trying to use {{JwkUtils.toRSAPrivateKey}} to convert the JWK to a private
key, a NullPointerException is thrown due to the following statement in {{JwkUtils.java}}:

{code}
return CryptoUtils.getRSAPrivateKey(encodedModulus, 
                                                encodedPublicExponent,
                                                encodedPrivateExponent,
                                                encodedPrimeP,
                                                encodedPrimeQ,
                                                encodedPrimeExpP,
                                                encodedPrimeExpQ,
                                                encodedCrtCoefficient);
{code}

which in turn calls {{CryptoUtils.decodeSequence(encodedPublicExponent)}} on a {{null}} value.

  was:
When an RSA private key is converted to a JWK and stored in a JSON Web Keys file using the
following code:

{code}
import au.com.sportsbet.pii.utils.CryptoUtils;
import org.apache.cxf.rs.security.jose.jwk.JsonWebKey;
import org.apache.cxf.rs.security.jose.jwk.JsonWebKeys;
import org.apache.cxf.rs.security.jose.jwk.JwkUtils;

import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.nio.file.Paths;
import java.security.interfaces.RSAPrivateKey;
import java.time.LocalDateTime;

public class JwkCreator {

    public static void main(String[] args) throws IOException {
        final RSAPrivateKey privateKey = CryptoUtils.loadRsaPrivateKey(Paths.get("private-key.der"));
        final JsonWebKey jwk = JwkUtils.fromRSAPrivateKey(privateKey, "RSA-OAEP-256");
        jwk.setKeyId("test");

        final JsonWebKeys webKeys = new JsonWebKeys(jwk);

        JwkUtils.jwkSetToJson(webKeys, new FileOutputStream("jwk.json"));
    }

}
{code}

The generated file does not have a {{RSA_PUBLIC_EXP}} (i.e. the `e`) property:

{code}
{
  "keys": [
    {
      "kty": "RSA",
      "alg": "RSA-OAEP-256",
      "n": "...",
      "d": "...",
      "p": "...",
      "q": "...",
      "dp": "...",
      "dq": "...",
      "qi": "...",
      "kid": "test"
    }
  ]
}
{code}

Consequently, when trying to use {{JwkUtils.toRSAPrivateKey}} to convert the JWK to a private
key, a NullPointerException is thrown due to the following statement in {{JwkUtils.java}}:

{code}
return CryptoUtils.getRSAPrivateKey(encodedModulus, 
                                                encodedPublicExponent,
                                                encodedPrivateExponent,
                                                encodedPrimeP,
                                                encodedPrimeQ,
                                                encodedPrimeExpP,
                                                encodedPrimeExpQ,
                                                encodedCrtCoefficient);
{code}

which in turn calls {{CryptoUtils.decodeSequence(encodedPublicExponent)}} on a {{null}} value.


> NullPointerException when using JwkUtils.toRSAPrivateKey
> --------------------------------------------------------
>
>                 Key: CXF-7005
>                 URL: https://issues.apache.org/jira/browse/CXF-7005
>             Project: CXF
>          Issue Type: Bug
>          Components: JAX-RS Security
>    Affects Versions: 3.1.7
>            Reporter: Behrang Saeedzadeh
>
> When an RSA private key is converted to a JWK and stored in a JSON Web Keys file using
the following code:
> {code}
> import test.CryptoUtils; // loads an RSA private key from file
> import org.apache.cxf.rs.security.jose.jwk.JsonWebKey;
> import org.apache.cxf.rs.security.jose.jwk.JsonWebKeys;
> import org.apache.cxf.rs.security.jose.jwk.JwkUtils;
> import java.io.FileNotFoundException;
> import java.io.FileOutputStream;
> import java.io.IOException;
> import java.nio.file.Paths;
> import java.security.interfaces.RSAPrivateKey;
> import java.time.LocalDateTime;
> public class JwkCreator {
>     public static void main(String[] args) throws IOException {
>         final RSAPrivateKey privateKey = CryptoUtils.loadRsaPrivateKey(Paths.get("private-key.der"));
>         final JsonWebKey jwk = JwkUtils.fromRSAPrivateKey(privateKey, "RSA-OAEP-256");
>         jwk.setKeyId("test");
>         final JsonWebKeys webKeys = new JsonWebKeys(jwk);
>         JwkUtils.jwkSetToJson(webKeys, new FileOutputStream("jwk.json"));
>     }
> }
> {code}
> The generated file does not have a {{RSA_PUBLIC_EXP}} (i.e. the `e`) property:
> {code}
> {
>   "keys": [
>     {
>       "kty": "RSA",
>       "alg": "RSA-OAEP-256",
>       "n": "...",
>       "d": "...",
>       "p": "...",
>       "q": "...",
>       "dp": "...",
>       "dq": "...",
>       "qi": "...",
>       "kid": "test"
>     }
>   ]
> }
> {code}
> Consequently, when trying to use {{JwkUtils.toRSAPrivateKey}} to convert the JWK to a
private key, a NullPointerException is thrown due to the following statement in {{JwkUtils.java}}:
> {code}
> return CryptoUtils.getRSAPrivateKey(encodedModulus, 
>                                                 encodedPublicExponent,
>                                                 encodedPrivateExponent,
>                                                 encodedPrimeP,
>                                                 encodedPrimeQ,
>                                                 encodedPrimeExpP,
>                                                 encodedPrimeExpQ,
>                                                 encodedCrtCoefficient);
> {code}
> which in turn calls {{CryptoUtils.decodeSequence(encodedPublicExponent)}} on a {{null}}
value.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message