How can I convert a publicKey string into Key object

Issue #13 closed

Frank He created an issue 2015-03-13

Hi Brian, I am now using your jose4j library to decode access token, but when I use JwtConsumerBuilder, I need to set publicKey using setVerificationKey method. Now the problem is it only accepts Key object, but I have key string. Can you tell me how I can convert a public key from string to Key object and passed to setVerificationKey() method? Thank you very much for your kind information.

Comments (15)

Brian Campbell repo owner
Hi Frank, A public key has to be encoded somehow to be in string format. So it depends on how the key is encoded. Do you know it's encoded or can you paste the string here?
- 2015-03-13T12:24:44+00:00
Frank He reporter
this is the sample public key:

-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxLWNUWPY9lZbUz6BnemY zuri0tXkhAT1CdlDc2h7SY8mJRY7WiEL+oWfR66AiRtb/mZ/+DK8/AZeWZC4mcZn 9YbzwbnqXNxMzsrcJHPJS2vDyxOp11yo+sljsXdEvesDQDELetGkIcXfgLcSGVxD CjsmZX/qwM0J0JjkupVKmYdvERQXetQ12YUFvUr7HnMaT8OqM6/iD9SJtrlf2Hb/ bnJdo2PCzQVP8wcalSk2BK9tzxA537Cmxam208ahFO37IPMSF06dh6ygGFFVA/fU O04aBKK5cd0w1JevhfYNMNYr5K4PUEldxyfiRVJu3sAXWP62eYDPUl7JNETJGZqT 8wIDAQAB -----END PUBLIC KEY-----
- 2015-03-13T14:54:37+00:00

Brian Campbell repo owner

Try something like this:

import org.jose4j.base64url.Base64;
import java.security.KeyFactory;
import java.security.PublicKey;
import java.security.spec.X509EncodedKeySpec;

       String pem =// "-----BEGIN PUBLIC KEY-----" +
               "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxLWNUWPY9lZbUz6BnemY" +
               "zuri0tXkhAT1CdlDc2h7SY8mJRY7WiEL+oWfR66AiRtb/mZ/+DK8/AZeWZC4mcZn" +
               "9YbzwbnqXNxMzsrcJHPJS2vDyxOp11yo+sljsXdEvesDQDELetGkIcXfgLcSGVxD" +
               "CjsmZX/qwM0J0JjkupVKmYdvERQXetQ12YUFvUr7HnMaT8OqM6/iD9SJtrlf2Hb/" +
               "bnJdo2PCzQVP8wcalSk2BK9tzxA537Cmxam208ahFO37IPMSF06dh6ygGFFVA/fU" +
               "O04aBKK5cd0w1JevhfYNMNYr5K4PUEldxyfiRVJu3sAXWP62eYDPUl7JNETJGZqT" +
               "8wIDAQAB";
              // + "-----END PUBLIC KEY-----";

        X509EncodedKeySpec pubKeySpec = new X509EncodedKeySpec(Base64.decode(pem));
        KeyFactory keyFactory = KeyFactory.getInstance("RSA");
        PublicKey publicKey = keyFactory.generatePublic(pubKeySpec);
        System.out.println(publicKey);

2015-03-13T21:16:49+00:00

Brian Campbell repo owner
- marked as task
- marked as minor
- 2015-03-14T01:24:56+00:00
Frank He reporter
Thanks, It worked. As a recommendation, why not creating a method to accept key in string format?
- 2015-03-14T03:10:05+00:00
Brian Campbell repo owner
Really because I'm trying to keep a good separation of concerns and avoid scope creep. There are lots of different kinds of keys and ways they can be represented as a string. And dealing with all of it is beyond what JwtConsumerBuilder/JwtConsumer are meant to do.
- 2015-03-14T13:05:37+00:00

Brian Campbell repo owner

For example, here is the exact same key as a string in JWK format:

{"kty":"RSA",
"n":"xLWNUWPY9lZbUz6BnemYzuri0tXkhAT1CdlDc2h7SY8mJRY7WiEL-oWfR66AiRtb_mZ_-DK8_AZeWZC4mcZn9YbzwbnqXNxMzsrcJHPJS2vDyxOp11yo-sljsXdEvesDQDELetGkIcXfgLcSGVxDCjsmZX_qwM0J0JjkupVKmYdvERQXetQ12YUFvUr7HnMaT8OqM6_iD9SJtrlf2Hb_bnJdo2PCzQVP8wcalSk2BK9tzxA537Cmxam208ahFO37IPMSF06dh6ygGFFVA_fUO04aBKK5cd0w1JevhfYNMNYr5K4PUEldxyfiRVJu3sAXWP62eYDPUl7JNETJGZqT8w",
"e":"AQAB"}

2015-03-14T13:06:46+00:00

Brian Campbell repo owner
- changed status to resolved
resolving
- 2015-04-12T02:46:12+00:00
Joey Kendall
Brian,

I'm sure that this is mostly due to the fact that I really don't understand what type of key I've got, but I'm having some similar issues as above. I tried the solution you suggested above but it didn't work for me. From an issue I saw on stack over flow I tried this:

certificateFactory = CertificateFactory.getInstance(FACTORY_TYPE); certificate = certificateFactory.generateCertificate(new ByteArrayInputStream(Base64.decode(value)));

where 'value' has the data from a cert file that our ops team gave me. This is working mostly as expected and I am able to verify the token in question. The part I don't really like about this solution is that my cert file looks like this:

-----BEGIN CERTIFICATE----- MIIE8TCCA9mgAwIBAgIPMIdyRHuyassdjrAEWmGbMA0GCSqGSIb3DQEBCw.... .... .... .... .... .... .... -----END CERTIFICATE-----

And I'd really like to be able to just read the file in rather than copy paste the data in between the BEGIN and END. Any chance you can point me in the correct direction with this?

Thanks
- 2016-01-25T04:00:39+00:00

Brian Campbell repo owner

Hi Joey,

Pretty sure CertificateFactory can handle that format (pem encoded) so you can just give it a file input stream. Something like this:

        try (FileInputStream fis = new FileInputStream(new File("/path/to/file.crt")))
        {
            CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
            Certificate certificate = certFactory.generateCertificate(fis);
            PublicKey publicKey = certificate.getPublicKey();
        }

2016-01-25T22:17:29+00:00

Joey Kendall
Thanks. That was just what I needed.
- 2016-01-27T16:24:48+00:00
Brian Campbell repo owner
released with v 0.5.0 is actually some support for PEM encoded public keys like that. KeyPairUtil / RsaKeyUtil fromPemEncoded(...) and pemEncode(...) https://bitbucket.org/b_c/jose4j/commits/6f7abb1
- 2016-03-04T23:06:23+00:00
Brian Campbell repo owner
- changed status to closed
- 2016-03-04T23:07:38+00:00
Sambasiva
Hi Brian,

‌

Could you please help me to convert a public key string which was encoded as JWK string into actual PublicKey. I need it to validate a JWT token.
- 2020-06-29T15:22:49+00:00
Brian Campbell repo owner
take a look at https://stackoverflow.com/questions/36308611/get-ellipticcurvejsonwebkey-from-json-in-jose4j
- 2020-06-29T17:42:19+00:00
Log in to comment

Assignee: Brian Campbell

Type: task

Priority: minor

Status: closed

Votes: 0

Watchers: 2