How can I convert a publicKey string into Key object
Hi Brian, I am now using your jose4j library to decode access token, but when I use JwtConsumerBuilder, I need to set publicKey using setVerificationKey method. Now the problem is it only accepts Key object, but I have key string. Can you tell me how I can convert a public key from string to Key object and passed to setVerificationKey() method? Thank you very much for your kind information.
Comments (15)
-
repo owner -
reporter this is the sample public key:
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxLWNUWPY9lZbUz6BnemY zuri0tXkhAT1CdlDc2h7SY8mJRY7WiEL+oWfR66AiRtb/mZ/+DK8/AZeWZC4mcZn 9YbzwbnqXNxMzsrcJHPJS2vDyxOp11yo+sljsXdEvesDQDELetGkIcXfgLcSGVxD CjsmZX/qwM0J0JjkupVKmYdvERQXetQ12YUFvUr7HnMaT8OqM6/iD9SJtrlf2Hb/ bnJdo2PCzQVP8wcalSk2BK9tzxA537Cmxam208ahFO37IPMSF06dh6ygGFFVA/fU O04aBKK5cd0w1JevhfYNMNYr5K4PUEldxyfiRVJu3sAXWP62eYDPUl7JNETJGZqT 8wIDAQAB -----END PUBLIC KEY-----
-
repo owner Try something like this:
import org.jose4j.base64url.Base64; import java.security.KeyFactory; import java.security.PublicKey; import java.security.spec.X509EncodedKeySpec; String pem =// "-----BEGIN PUBLIC KEY-----" + "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxLWNUWPY9lZbUz6BnemY" + "zuri0tXkhAT1CdlDc2h7SY8mJRY7WiEL+oWfR66AiRtb/mZ/+DK8/AZeWZC4mcZn" + "9YbzwbnqXNxMzsrcJHPJS2vDyxOp11yo+sljsXdEvesDQDELetGkIcXfgLcSGVxD" + "CjsmZX/qwM0J0JjkupVKmYdvERQXetQ12YUFvUr7HnMaT8OqM6/iD9SJtrlf2Hb/" + "bnJdo2PCzQVP8wcalSk2BK9tzxA537Cmxam208ahFO37IPMSF06dh6ygGFFVA/fU" + "O04aBKK5cd0w1JevhfYNMNYr5K4PUEldxyfiRVJu3sAXWP62eYDPUl7JNETJGZqT" + "8wIDAQAB"; // + "-----END PUBLIC KEY-----"; X509EncodedKeySpec pubKeySpec = new X509EncodedKeySpec(Base64.decode(pem)); KeyFactory keyFactory = KeyFactory.getInstance("RSA"); PublicKey publicKey = keyFactory.generatePublic(pubKeySpec); System.out.println(publicKey);
-
repo owner -
reporter Thanks, It worked. As a recommendation, why not creating a method to accept key in string format?
-
repo owner Really because I'm trying to keep a good separation of concerns and avoid scope creep. There are lots of different kinds of keys and ways they can be represented as a string. And dealing with all of it is beyond what JwtConsumerBuilder/JwtConsumer are meant to do.
-
repo owner For example, here is the exact same key as a string in JWK format:
{"kty":"RSA", "n":"xLWNUWPY9lZbUz6BnemYzuri0tXkhAT1CdlDc2h7SY8mJRY7WiEL-oWfR66AiRtb_mZ_-DK8_AZeWZC4mcZn9YbzwbnqXNxMzsrcJHPJS2vDyxOp11yo-sljsXdEvesDQDELetGkIcXfgLcSGVxDCjsmZX_qwM0J0JjkupVKmYdvERQXetQ12YUFvUr7HnMaT8OqM6_iD9SJtrlf2Hb_bnJdo2PCzQVP8wcalSk2BK9tzxA537Cmxam208ahFO37IPMSF06dh6ygGFFVA_fUO04aBKK5cd0w1JevhfYNMNYr5K4PUEldxyfiRVJu3sAXWP62eYDPUl7JNETJGZqT8w", "e":"AQAB"}
-
repo owner - changed status to resolved
resolving
-
Brian,
I'm sure that this is mostly due to the fact that I really don't understand what type of key I've got, but I'm having some similar issues as above. I tried the solution you suggested above but it didn't work for me. From an issue I saw on stack over flow I tried this:
certificateFactory = CertificateFactory.getInstance(FACTORY_TYPE); certificate = certificateFactory.generateCertificate(new ByteArrayInputStream(Base64.decode(value)));
where 'value' has the data from a cert file that our ops team gave me. This is working mostly as expected and I am able to verify the token in question. The part I don't really like about this solution is that my cert file looks like this:
-----BEGIN CERTIFICATE----- MIIE8TCCA9mgAwIBAgIPMIdyRHuyassdjrAEWmGbMA0GCSqGSIb3DQEBCw.... .... .... .... .... .... .... -----END CERTIFICATE-----
And I'd really like to be able to just read the file in rather than copy paste the data in between the BEGIN and END. Any chance you can point me in the correct direction with this?
Thanks
-
repo owner Hi Joey,
Pretty sure CertificateFactory can handle that format (pem encoded) so you can just give it a file input stream. Something like this:
try (FileInputStream fis = new FileInputStream(new File("/path/to/file.crt"))) { CertificateFactory certFactory = CertificateFactory.getInstance("X.509"); Certificate certificate = certFactory.generateCertificate(fis); PublicKey publicKey = certificate.getPublicKey(); }
-
Thanks. That was just what I needed.
-
repo owner released with v 0.5.0 is actually some support for PEM encoded public keys like that. KeyPairUtil / RsaKeyUtil fromPemEncoded(...) and pemEncode(...) https://bitbucket.org/b_c/jose4j/commits/6f7abb1
-
repo owner - changed status to closed
-
Hi Brian,
Could you please help me to convert a public key string which was encoded as JWK string into actual PublicKey. I need it to validate a JWT token.
-
repo owner - Log in to comment
Hi Frank, A public key has to be encoded somehow to be in string format. So it depends on how the key is encoded. Do you know it's encoded or can you paste the string here?