How can I convert a publicKey string into Key object

Issue #13 closed
Frank He created an issue

Hi Brian, I am now using your jose4j library to decode access token, but when I use JwtConsumerBuilder, I need to set publicKey using setVerificationKey method. Now the problem is it only accepts Key object, but I have key string. Can you tell me how I can convert a public key from string to Key object and passed to setVerificationKey() method? Thank you very much for your kind information.

Comments (15)

  1. Brian Campbell repo owner

    Hi Frank, A public key has to be encoded somehow to be in string format. So it depends on how the key is encoded. Do you know it's encoded or can you paste the string here?

  2. Frank He reporter

    this is the sample public key:

    -----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxLWNUWPY9lZbUz6BnemY zuri0tXkhAT1CdlDc2h7SY8mJRY7WiEL+oWfR66AiRtb/mZ/+DK8/AZeWZC4mcZn 9YbzwbnqXNxMzsrcJHPJS2vDyxOp11yo+sljsXdEvesDQDELetGkIcXfgLcSGVxD CjsmZX/qwM0J0JjkupVKmYdvERQXetQ12YUFvUr7HnMaT8OqM6/iD9SJtrlf2Hb/ bnJdo2PCzQVP8wcalSk2BK9tzxA537Cmxam208ahFO37IPMSF06dh6ygGFFVA/fU O04aBKK5cd0w1JevhfYNMNYr5K4PUEldxyfiRVJu3sAXWP62eYDPUl7JNETJGZqT 8wIDAQAB -----END PUBLIC KEY-----

  3. Brian Campbell repo owner

    Try something like this:

    import org.jose4j.base64url.Base64;
    import java.security.KeyFactory;
    import java.security.PublicKey;
    import java.security.spec.X509EncodedKeySpec;
    
           String pem =// "-----BEGIN PUBLIC KEY-----" +
                   "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxLWNUWPY9lZbUz6BnemY" +
                   "zuri0tXkhAT1CdlDc2h7SY8mJRY7WiEL+oWfR66AiRtb/mZ/+DK8/AZeWZC4mcZn" +
                   "9YbzwbnqXNxMzsrcJHPJS2vDyxOp11yo+sljsXdEvesDQDELetGkIcXfgLcSGVxD" +
                   "CjsmZX/qwM0J0JjkupVKmYdvERQXetQ12YUFvUr7HnMaT8OqM6/iD9SJtrlf2Hb/" +
                   "bnJdo2PCzQVP8wcalSk2BK9tzxA537Cmxam208ahFO37IPMSF06dh6ygGFFVA/fU" +
                   "O04aBKK5cd0w1JevhfYNMNYr5K4PUEldxyfiRVJu3sAXWP62eYDPUl7JNETJGZqT" +
                   "8wIDAQAB";
                  // + "-----END PUBLIC KEY-----";
    
            X509EncodedKeySpec pubKeySpec = new X509EncodedKeySpec(Base64.decode(pem));
            KeyFactory keyFactory = KeyFactory.getInstance("RSA");
            PublicKey publicKey = keyFactory.generatePublic(pubKeySpec);
            System.out.println(publicKey);
    
  4. Frank He reporter

    Thanks, It worked. As a recommendation, why not creating a method to accept key in string format?

  5. Brian Campbell repo owner

    Really because I'm trying to keep a good separation of concerns and avoid scope creep. There are lots of different kinds of keys and ways they can be represented as a string. And dealing with all of it is beyond what JwtConsumerBuilder/JwtConsumer are meant to do.

  6. Brian Campbell repo owner

    For example, here is the exact same key as a string in JWK format:

    {"kty":"RSA",
    "n":"xLWNUWPY9lZbUz6BnemYzuri0tXkhAT1CdlDc2h7SY8mJRY7WiEL-oWfR66AiRtb_mZ_-DK8_AZeWZC4mcZn9YbzwbnqXNxMzsrcJHPJS2vDyxOp11yo-sljsXdEvesDQDELetGkIcXfgLcSGVxDCjsmZX_qwM0J0JjkupVKmYdvERQXetQ12YUFvUr7HnMaT8OqM6_iD9SJtrlf2Hb_bnJdo2PCzQVP8wcalSk2BK9tzxA537Cmxam208ahFO37IPMSF06dh6ygGFFVA_fUO04aBKK5cd0w1JevhfYNMNYr5K4PUEldxyfiRVJu3sAXWP62eYDPUl7JNETJGZqT8w",
    "e":"AQAB"}
    
  7. Joey Kendall

    Brian,

    I'm sure that this is mostly due to the fact that I really don't understand what type of key I've got, but I'm having some similar issues as above. I tried the solution you suggested above but it didn't work for me. From an issue I saw on stack over flow I tried this:

    certificateFactory = CertificateFactory.getInstance(FACTORY_TYPE); certificate = certificateFactory.generateCertificate(new ByteArrayInputStream(Base64.decode(value)));

    where 'value' has the data from a cert file that our ops team gave me. This is working mostly as expected and I am able to verify the token in question. The part I don't really like about this solution is that my cert file looks like this:

    -----BEGIN CERTIFICATE----- MIIE8TCCA9mgAwIBAgIPMIdyRHuyassdjrAEWmGbMA0GCSqGSIb3DQEBCw.... .... .... .... .... .... .... -----END CERTIFICATE-----

    And I'd really like to be able to just read the file in rather than copy paste the data in between the BEGIN and END. Any chance you can point me in the correct direction with this?

    Thanks

  8. Brian Campbell repo owner

    Hi Joey,

    Pretty sure CertificateFactory can handle that format (pem encoded) so you can just give it a file input stream. Something like this:

            try (FileInputStream fis = new FileInputStream(new File("/path/to/file.crt")))
            {
                CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
                Certificate certificate = certFactory.generateCertificate(fis);
                PublicKey publicKey = certificate.getPublicKey();
            }
    
  9. Sambasiva

    Hi Brian,

    Could you please help me to convert a public key string which was encoded as JWK string into actual PublicKey. I need it to validate a JWT token.

  10. Log in to comment