[ https://issues.apache.org/jira/browse/CXF-7005?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Behrang Saeedzadeh updated CXF-7005: ------------------------------------ Description: When an RSA private key is converted to a JWK and stored in a JSON Web Keys file using the following code: {code} import test.CryptoUtils; // loads an RSA private key from file import org.apache.cxf.rs.security.jose.jwk.JsonWebKey; import org.apache.cxf.rs.security.jose.jwk.JsonWebKeys; import org.apache.cxf.rs.security.jose.jwk.JwkUtils; import java.io.FileNotFoundException; import java.io.FileOutputStream; import java.io.IOException; import java.nio.file.Paths; import java.security.interfaces.RSAPrivateKey; import java.time.LocalDateTime; public class JwkCreator { public static void main(String[] args) throws IOException { final RSAPrivateKey privateKey = CryptoUtils.loadRsaPrivateKey(Paths.get("private-key.der")); final JsonWebKey jwk = JwkUtils.fromRSAPrivateKey(privateKey, "RSA-OAEP-256"); jwk.setKeyId("test"); final JsonWebKeys webKeys = new JsonWebKeys(jwk); JwkUtils.jwkSetToJson(webKeys, new FileOutputStream("jwk.json")); } } {code} The generated file does not have a {{RSA_PUBLIC_EXP}} (i.e. the `e`) property: {code} { "keys": [ { "kty": "RSA", "alg": "RSA-OAEP-256", "n": "...", "d": "...", "p": "...", "q": "...", "dp": "...", "dq": "...", "qi": "...", "kid": "test" } ] } {code} Consequently, when trying to use {{JwkUtils.toRSAPrivateKey}} to convert the JWK to a private key, a NullPointerException is thrown due to the following statement in {{JwkUtils.java}}: {code} return CryptoUtils.getRSAPrivateKey(encodedModulus, encodedPublicExponent, encodedPrivateExponent, encodedPrimeP, encodedPrimeQ, encodedPrimeExpP, encodedPrimeExpQ, encodedCrtCoefficient); {code} which in turn calls {{CryptoUtils.decodeSequence(encodedPublicExponent)}} on a {{null}} value. was: When an RSA private key is converted to a JWK and stored in a JSON Web Keys file using the following code: {code} import au.com.sportsbet.pii.utils.CryptoUtils; import org.apache.cxf.rs.security.jose.jwk.JsonWebKey; import org.apache.cxf.rs.security.jose.jwk.JsonWebKeys; import org.apache.cxf.rs.security.jose.jwk.JwkUtils; import java.io.FileNotFoundException; import java.io.FileOutputStream; import java.io.IOException; import java.nio.file.Paths; import java.security.interfaces.RSAPrivateKey; import java.time.LocalDateTime; public class JwkCreator { public static void main(String[] args) throws IOException { final RSAPrivateKey privateKey = CryptoUtils.loadRsaPrivateKey(Paths.get("private-key.der")); final JsonWebKey jwk = JwkUtils.fromRSAPrivateKey(privateKey, "RSA-OAEP-256"); jwk.setKeyId("test"); final JsonWebKeys webKeys = new JsonWebKeys(jwk); JwkUtils.jwkSetToJson(webKeys, new FileOutputStream("jwk.json")); } } {code} The generated file does not have a {{RSA_PUBLIC_EXP}} (i.e. the `e`) property: {code} { "keys": [ { "kty": "RSA", "alg": "RSA-OAEP-256", "n": "...", "d": "...", "p": "...", "q": "...", "dp": "...", "dq": "...", "qi": "...", "kid": "test" } ] } {code} Consequently, when trying to use {{JwkUtils.toRSAPrivateKey}} to convert the JWK to a private key, a NullPointerException is thrown due to the following statement in {{JwkUtils.java}}: {code} return CryptoUtils.getRSAPrivateKey(encodedModulus, encodedPublicExponent, encodedPrivateExponent, encodedPrimeP, encodedPrimeQ, encodedPrimeExpP, encodedPrimeExpQ, encodedCrtCoefficient); {code} which in turn calls {{CryptoUtils.decodeSequence(encodedPublicExponent)}} on a {{null}} value. > NullPointerException when using JwkUtils.toRSAPrivateKey > -------------------------------------------------------- > > Key: CXF-7005 > URL: https://issues.apache.org/jira/browse/CXF-7005 > Project: CXF > Issue Type: Bug > Components: JAX-RS Security > Affects Versions: 3.1.7 > Reporter: Behrang Saeedzadeh > > When an RSA private key is converted to a JWK and stored in a JSON Web Keys > file using the following code: > {code} > import test.CryptoUtils; // loads an RSA private key from file > import org.apache.cxf.rs.security.jose.jwk.JsonWebKey; > import org.apache.cxf.rs.security.jose.jwk.JsonWebKeys; > import org.apache.cxf.rs.security.jose.jwk.JwkUtils; > import java.io.FileNotFoundException; > import java.io.FileOutputStream; > import java.io.IOException; > import java.nio.file.Paths; > import java.security.interfaces.RSAPrivateKey; > import java.time.LocalDateTime; > public class JwkCreator { > public static void main(String[] args) throws IOException { > final RSAPrivateKey privateKey = > CryptoUtils.loadRsaPrivateKey(Paths.get("private-key.der")); > final JsonWebKey jwk = JwkUtils.fromRSAPrivateKey(privateKey, > "RSA-OAEP-256"); > jwk.setKeyId("test"); > final JsonWebKeys webKeys = new JsonWebKeys(jwk); > JwkUtils.jwkSetToJson(webKeys, new FileOutputStream("jwk.json")); > } > } > {code} > The generated file does not have a {{RSA_PUBLIC_EXP}} (i.e. the `e`) property: > {code} > { > "keys": [ > { > "kty": "RSA", > "alg": "RSA-OAEP-256", > "n": "...", > "d": "...", > "p": "...", > "q": "...", > "dp": "...", > "dq": "...", > "qi": "...", > "kid": "test" > } > ] > } > {code} > Consequently, when trying to use {{JwkUtils.toRSAPrivateKey}} to convert the > JWK to a private key, a NullPointerException is thrown due to the following > statement in {{JwkUtils.java}}: > {code} > return CryptoUtils.getRSAPrivateKey(encodedModulus, > encodedPublicExponent, > encodedPrivateExponent, > encodedPrimeP, > encodedPrimeQ, > encodedPrimeExpP, > encodedPrimeExpQ, > encodedCrtCoefficient); > {code} > which in turn calls {{CryptoUtils.decodeSequence(encodedPublicExponent)}} on > a {{null}} value. -- This message was sent by Atlassian JIRA (v6.3.4#6332)