[
https://issues.apache.org/jira/browse/CXF-7005?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15414892#comment-15414892
]
Behrang Saeedzadeh edited comment on CXF-7005 at 8/10/16 8:18 AM:
------------------------------------------------------------------
A Gradle project to reproduce the issue is attached (cxf-7005.zip):
{code}
package org.apache.issues;
import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm;
import org.apache.cxf.rs.security.jose.jwk.JsonWebKey;
import org.apache.cxf.rs.security.jose.jwk.JwkUtils;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.interfaces.RSAPrivateKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
/**
* @author Behrang Saeedzadeh
*/
public class Cxf7005 {
public static void main(String[] args) throws NoSuchAlgorithmException,
InvalidKeySpecException, IOException {
final byte[] encodedKeyBytes =
Files.readAllBytes(Paths.get("src/main/resources/cxf-7005.prv.der").toAbsolutePath());
final PKCS8EncodedKeySpec keySpec = new
PKCS8EncodedKeySpec(encodedKeyBytes);
final KeyFactory keyFactory = KeyFactory.getInstance("RSA");
final RSAPrivateKey contentEncryptionKey = (RSAPrivateKey)
keyFactory.generatePrivate(keySpec);
final JsonWebKey jsonWebKey =
JwkUtils.fromRSAPrivateKey(contentEncryptionKey,
KeyAlgorithm.RSA_OAEP_256.getJwaName());
jsonWebKey.setKeyId("cxf-7005");
JwkUtils.toRSAPrivateKey(jsonWebKey);
}
}
{code}
was (Author: thorium):
A Gradle project to reproduce the issue is attached:
{code}
package org.apache.issues;
import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm;
import org.apache.cxf.rs.security.jose.jwk.JsonWebKey;
import org.apache.cxf.rs.security.jose.jwk.JwkUtils;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.interfaces.RSAPrivateKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
/**
* @author Behrang Saeedzadeh
*/
public class Cxf7005 {
public static void main(String[] args) throws NoSuchAlgorithmException,
InvalidKeySpecException, IOException {
final byte[] encodedKeyBytes =
Files.readAllBytes(Paths.get("src/main/resources/cxf-7005.prv.der").toAbsolutePath());
final PKCS8EncodedKeySpec keySpec = new
PKCS8EncodedKeySpec(encodedKeyBytes);
final KeyFactory keyFactory = KeyFactory.getInstance("RSA");
final RSAPrivateKey contentEncryptionKey = (RSAPrivateKey)
keyFactory.generatePrivate(keySpec);
final JsonWebKey jsonWebKey =
JwkUtils.fromRSAPrivateKey(contentEncryptionKey,
KeyAlgorithm.RSA_OAEP_256.getJwaName());
jsonWebKey.setKeyId("cxf-7005");
JwkUtils.toRSAPrivateKey(jsonWebKey);
}
}
{code}
> NullPointerException when using JwkUtils.toRSAPrivateKey
> --------------------------------------------------------
>
> Key: CXF-7005
> URL: https://issues.apache.org/jira/browse/CXF-7005
> Project: CXF
> Issue Type: Bug
> Components: JAX-RS Security
> Affects Versions: 3.1.7
> Reporter: Behrang Saeedzadeh
> Attachments: cxf-7005.zip
>
>
> When an RSA private key is converted to a JWK and stored in a JSON Web Keys
> file using the following code:
> {code}
> import test.CryptoUtils; // loads an RSA private key from file
> import org.apache.cxf.rs.security.jose.jwk.JsonWebKey;
> import org.apache.cxf.rs.security.jose.jwk.JsonWebKeys;
> import org.apache.cxf.rs.security.jose.jwk.JwkUtils;
> import java.io.FileNotFoundException;
> import java.io.FileOutputStream;
> import java.io.IOException;
> import java.nio.file.Paths;
> import java.security.interfaces.RSAPrivateKey;
> import java.time.LocalDateTime;
> public class JwkCreator {
> public static void main(String[] args) throws IOException {
> final RSAPrivateKey privateKey =
> CryptoUtils.loadRsaPrivateKey(Paths.get("private-key.der"));
> final JsonWebKey jwk = JwkUtils.fromRSAPrivateKey(privateKey,
> "RSA-OAEP-256");
> jwk.setKeyId("test");
> final JsonWebKeys webKeys = new JsonWebKeys(jwk);
> JwkUtils.jwkSetToJson(webKeys, new FileOutputStream("jwk.json"));
> }
> }
> {code}
> The generated file does not have a {{RSA_PUBLIC_EXP}} (i.e. the `e`) property:
> {code}
> {
> "keys": [
> {
> "kty": "RSA",
> "alg": "RSA-OAEP-256",
> "n": "...",
> "d": "...",
> "p": "...",
> "q": "...",
> "dp": "...",
> "dq": "...",
> "qi": "...",
> "kid": "test"
> }
> ]
> }
> {code}
> Consequently, when trying to use {{JwkUtils.toRSAPrivateKey}} to convert the
> JWK to a private key, a NullPointerException is thrown due to the following
> statement in {{JwkUtils.java}}:
> {code}
> return CryptoUtils.getRSAPrivateKey(encodedModulus,
> encodedPublicExponent,
> encodedPrivateExponent,
> encodedPrimeP,
> encodedPrimeQ,
> encodedPrimeExpP,
> encodedPrimeExpQ,
> encodedCrtCoefficient);
> {code}
> which in turn calls {{CryptoUtils.decodeSequence(encodedPublicExponent)}} on
> a {{null}} value.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
