[jira] [Commented] (CXF-7005) NullPointerException when using JwkUtils.toRSAPrivateKey

Tue, 16 Aug 2016 03:06:44 -0700 

    [ 
https://issues.apache.org/jira/browse/CXF-7005?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15422539#comment-15422539
 ] 

Sergey Beryozkin commented on CXF-7005:
---------------------------------------

Hi 
We'd like to get Fediz (1.3.2) earlier than usual which depends on CXF so 
hopefully we may have 3.1.8 released
in mid September, in about 4-5 weeks, though I can't guarantee. Please stress 
some more JOSE code in meantime :-)

thanks 

> NullPointerException when using JwkUtils.toRSAPrivateKey
> --------------------------------------------------------
>
>                 Key: CXF-7005
>                 URL: https://issues.apache.org/jira/browse/CXF-7005
>             Project: CXF
>          Issue Type: Bug
>          Components: JAX-RS Security
>    Affects Versions: 3.1.7
>            Reporter: Behrang Saeedzadeh
>            Assignee: Sergey Beryozkin
>             Fix For: 3.2.0, 3.1.8
>
>         Attachments: cxf-7005.zip
>
>
> When an RSA private key is converted to a JWK and stored in a JSON Web Keys 
> file using the following code:
> {code}
> import test.CryptoUtils; // loads an RSA private key from file
> import org.apache.cxf.rs.security.jose.jwk.JsonWebKey;
> import org.apache.cxf.rs.security.jose.jwk.JsonWebKeys;
> import org.apache.cxf.rs.security.jose.jwk.JwkUtils;
> import java.io.FileNotFoundException;
> import java.io.FileOutputStream;
> import java.io.IOException;
> import java.nio.file.Paths;
> import java.security.interfaces.RSAPrivateKey;
> import java.time.LocalDateTime;
> public class JwkCreator {
>     public static void main(String[] args) throws IOException {
>         final RSAPrivateKey privateKey = 
> CryptoUtils.loadRsaPrivateKey(Paths.get("private-key.der"));
>         final JsonWebKey jwk = JwkUtils.fromRSAPrivateKey(privateKey, 
> "RSA-OAEP-256");
>         jwk.setKeyId("test");
>         final JsonWebKeys webKeys = new JsonWebKeys(jwk);
>         JwkUtils.jwkSetToJson(webKeys, new FileOutputStream("jwk.json"));
>     }
> }
> {code}
> The generated file does not have a {{RSA_PUBLIC_EXP}} (i.e. the `e`) property:
> {code}
> {
>   "keys": [
>     {
>       "kty": "RSA",
>       "alg": "RSA-OAEP-256",
>       "n": "...",
>       "d": "...",
>       "p": "...",
>       "q": "...",
>       "dp": "...",
>       "dq": "...",
>       "qi": "...",
>       "kid": "test"
>     }
>   ]
> }
> {code}
> Consequently, when trying to use {{JwkUtils.toRSAPrivateKey}} to convert the 
> JWK to a private key, a NullPointerException is thrown due to the following 
> statement in {{JwkUtils.java}}:
> {code}
> return CryptoUtils.getRSAPrivateKey(encodedModulus, 
>                                                 encodedPublicExponent,
>                                                 encodedPrivateExponent,
>                                                 encodedPrimeP,
>                                                 encodedPrimeQ,
>                                                 encodedPrimeExpP,
>                                                 encodedPrimeExpQ,
>                                                 encodedCrtCoefficient);
> {code}
> which in turn calls {{CryptoUtils.decodeSequence(encodedPublicExponent)}} on 
> a {{null}} value.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to