Behrang Saeedzadeh created CXF-7005:
---------------------------------------
Summary: NullPointerException when using JwkUtils.toRSAPrivateKey
Key: CXF-7005
URL: https://issues.apache.org/jira/browse/CXF-7005
Project: CXF
Issue Type: Bug
Components: JAX-RS Security
Affects Versions: 3.1.7
Reporter: Behrang Saeedzadeh
When an RSA private key is converted to a JWK and stored in a JSON Web Keys
file using the following code:
{code}
import au.com.sportsbet.pii.utils.CryptoUtils;
import org.apache.cxf.rs.security.jose.jwk.JsonWebKey;
import org.apache.cxf.rs.security.jose.jwk.JsonWebKeys;
import org.apache.cxf.rs.security.jose.jwk.JwkUtils;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.nio.file.Paths;
import java.security.interfaces.RSAPrivateKey;
import java.time.LocalDateTime;
public class JwkCreator {
public static void main(String[] args) throws IOException {
final RSAPrivateKey privateKey =
CryptoUtils.loadRsaPrivateKey(Paths.get("private-key.der"));
final JsonWebKey jwk = JwkUtils.fromRSAPrivateKey(privateKey,
"RSA-OAEP-256");
jwk.setKeyId("test");
final JsonWebKeys webKeys = new JsonWebKeys(jwk);
JwkUtils.jwkSetToJson(webKeys, new FileOutputStream("jwk.json"));
}
}
{code}
The generated file does not have a {{RSA_PUBLIC_EXP}} (i.e. the `e`) property:
{code}
{
"keys": [
{
"kty": "RSA",
"alg": "RSA-OAEP-256",
"n": "...",
"d": "...",
"p": "...",
"q": "...",
"dp": "...",
"dq": "...",
"qi": "...",
"kid": "test"
}
]
}
{code}
Consequently, when trying to use {{JwkUtils.toRSAPrivateKey}} to convert the
JWK to a private key, a NullPointerException is thrown due to the following
statement in {{JwkUtils.java}}:
{code}
return CryptoUtils.getRSAPrivateKey(encodedModulus,
encodedPublicExponent,
encodedPrivateExponent,
encodedPrimeP,
encodedPrimeQ,
encodedPrimeExpP,
encodedPrimeExpQ,
encodedCrtCoefficient);
{code}
which in turn calls {{CryptoUtils.decodeSequence(encodedPublicExponent)}} on a
{{null}} value.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
