- edited description
JWT Token - No installed provider supports this key
Issue #51
closed
I'm trying to create a JWT token with your library
// Create the Claims, which will be the content of the JWT
JwtClaims claims = new JwtClaims();
claims.setIssuer("xxxxxxxxxxxxxxxxxxx");
claims.setAudience("xxxxxxxxxxxxxxxxxxx"); // to whom the token is intended to be sent
claims.setExpirationTimeMinutesInTheFuture(60); //60 minutes from now
claims.setGeneratedJwtId(); // a unique identifier for the token
claims.setIssuedAtToNow(); // when the token was issued/created (now)
claims.setNotBeforeMinutesInThePast(1); // time before which the token is not yet valid (2 minutes ago)
claims.setSubject("xxxxxxxxx"); // the subject/principal is whom the token is about
// A JWT is a JWS and/or a JWE with JSON claims as the payload.
// In this example it is a JWS so we create a JsonWebSignature object.
JsonWebSignature jws = new JsonWebSignature();
jws.setPayload(claims.toJson());
jws.setKey(rsaJsonWebKey.getPrivateKey());
// Set the Key ID (kid) header because it's just the polite thing to do.
// We only have one key in this example but a using a Key ID helps
// facilitate a smooth key rollover process
//jws.setKeyIdHeaderValue(rsaJsonWebKey.getKeyId());
jws.setHeader("typ", "JWT");
// Set the signature algorithm on the JWT/JWS that will integrity protect the claims
jws.setAlgorithmHeaderValue(AlgorithmIdentifiers.HMAC_SHA256); // this causes throws exception here
but am getting this error:
org.jose4j.lang.InvalidKeyException: Key is not valid for HmacSHA256
at org.jose4j.mac.MacUtil.initMacWithKey(MacUtil.java:61)
at org.jose4j.mac.MacUtil.getInitializedMac(MacUtil.java:37)
at org.jose4j.jws.HmacUsingShaAlgorithm.getMacInstance(HmacUsingShaAlgorithm.java:67)
at org.jose4j.jws.HmacUsingShaAlgorithm.sign(HmacUsingShaAlgorithm.java:61)
at org.jose4j.jws.JsonWebSignature.sign(JsonWebSignature.java:85)
at org.jose4j.jws.JsonWebSignature.getCompactSerialization(JsonWebSignature.java:72)
at com.worldpay.riskservice.TokenHelper.build(TokenHelper.java:45)
at com.worldpay.riskservice.MainVerticle.lambda$start$0(MainVerticle.java:22)
at io.vertx.ext.web.impl.RouteImpl.handleContext(RouteImpl.java:221)
at io.vertx.ext.web.impl.RoutingContextImplBase.iterateNext(RoutingContextImplBase.java:78)
at io.vertx.ext.web.impl.RoutingContextImpl.next(RoutingContextImpl.java:93)
at io.vertx.ext.web.handler.impl.BodyHandlerImpl$BHandler.doEnd(BodyHandlerImpl.java:155)
at io.vertx.ext.web.handler.impl.BodyHandlerImpl$BHandler.end(BodyHandlerImpl.java:141)
at io.vertx.ext.web.handler.impl.BodyHandlerImpl.lambda$handle$34(BodyHandlerImpl.java:61)
at io.vertx.core.http.impl.HttpServerRequestImpl.handleEnd(HttpServerRequestImpl.java:406)
at io.vertx.core.http.impl.ServerConnection.handleEnd(ServerConnection.java:286)
at io.vertx.core.http.impl.ServerConnection.processMessage(ServerConnection.java:404)
at io.vertx.core.http.impl.ServerConnection.handleMessage(ServerConnection.java:134)
at io.vertx.core.http.impl.HttpServerImpl$ServerHandler.doMessageReceived(HttpServerImpl.java:514)
at io.vertx.core.http.impl.HttpServerImpl$ServerHandler.doMessageReceived(HttpServerImpl.java:420)
at io.vertx.core.http.impl.VertxHttpHandler.lambda$channelRead$18(VertxHttpHandler.java:80)
at io.vertx.core.impl.ContextImpl.lambda$wrapTask$16(ContextImpl.java:333)
at io.vertx.core.impl.ContextImpl.executeFromIO(ContextImpl.java:225)
at io.vertx.core.http.impl.VertxHttpHandler.channelRead(VertxHttpHandler.java:80)
at io.vertx.core.net.impl.VertxHandler.channelRead(VertxHandler.java:124)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:318)
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:304)
at io.netty.handler.codec.ByteToMessageDecoder.fireChannelRead(ByteToMessageDecoder.java:276)
at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:263)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:318)
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:304)
at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:846)
at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:131)
at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:511)
at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:468)
at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:382)
at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:354)
at io.netty.util.concurrent.SingleThreadEventExecutor$2.run(SingleThreadEventExecutor.java:112)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.security.InvalidKeyException: No installed provider supports this key: sun.security.rsa.RSAPrivateCrtKeyImpl
at javax.crypto.Mac.chooseProvider(Mac.java:376)
at javax.crypto.Mac.init(Mac.java:415)
at org.jose4j.mac.MacUtil.initMacWithKey(MacUtil.java:57)
... 38 more
Comments (6)
-
reporter
-
reporter
- edited description
-
The exception you're seeing is caused by a mismatch between key and algorithm - your giving it an RSA private key but telling it to use an HMAC algorithm.
If you want to use an RSA key, you need to use one of the RSA signature algorithms like AlgorithmIdentifiers.RSA_USING_SHA256.
If you want to use an HMAC algorithm like AlgorithmIdentifiers.HMAC_SHA256 you need to use a symmetric key like javax.crypto.SecretKey. OctJwkGenerator.generateJwk(256) is one way to generate such a key wrapped in a JWK. Or a new SecretKeySpec(...) if you have the raw key somewhere.
-
reporter
My bad, it works now - thanks!
-
repo owner
- changed status to resolved
glad to hear it's working now
-
repo owner
- changed status to closed
- Log in to comment
