Using own PublicKey implementation

Issue #146 invalid
Michał Piątkowski created an issue

I try to create PublicKey object and pass it to JWTConsumer to verify signature. Unfortunately I am getting this error

Invalid JWT! org.jose4j.jwt.consumer.InvalidJwtException: JWT processing failed. Additional details: [[17] Unable to process JOSE object (cause: org.jose4j.lang.InvalidKeyException: The given key (algorithm=RSA) is not valid for SHA256withRSA): JsonWebSignature ...

With same JWT, if I try to check it with key obtained through creation from JSON (new JsonWebKeySet(json)), everything works fine.

Both key created manually and key obtained from JsonWebKeySet implements PublickKey interface. Both returns same values from interface methods. Checked by running equals method on every value.

My case is to use keys obtained from official KeyCloak server library. Unfortunately I can't get Key or PublicKey object from it, only theirs own implementation. Is there a way to integrate those two?

Lib version: 0.6.5

Small off topic: Great job with library!

Comments (3)

  1. Brian Campbell repo owner

    I don’t know what the keys obtained from official KeyCloak server library are but it looks like the underlying java security provider doesn’t like it as a verification key for ‘SHA256withRSA’. Maybe it doesn’t implement ‘RSAPublicKey’? I’m just guessing. Using the JSON Web Key Set to get a proper key object probably would be the way to integrate things.

  2. Michał Piątkowski reporter

    There could be a problem with interface on my side. I was creating a PublicKey not a RSAPublicKey.
    I will try later with RSA one and see if it resolves problem.

  3. Log in to comment