- edited description
Invalid RSASSA-PSS salt length parameter: Unsupported content digest algorithm: SHA256
Issue #298
invalid
Hello,
I want to validate signature of JWS structure with PS256 algorithm. So i use RSASSAVerifier. But when i want to verify, throws exception like below. Is something wrong with my code?
Here is my code;
fun jwsValidateSignature(jws: String): String {
val jwsObject: JWSObject
try {
jwsObject = JWSObject.parse(jws)
} catch (e: ParseException) {
throw RuntimeException("JWS parsing failed")
}
try {
val verifier: JWSVerifier?
val alg = jwsObject.header.algorithm
if (alg == JWSAlgorithm.PS256 || alg == JWSAlgorithm.RS256) {
val publicKey = X509CertUtils.parse(jwsObject.header.x509CertChain[0].decode()).publicKey as RSAPublicKey
verifier = RSASSAVerifier(publicKey)
} else if (alg == JWSAlgorithm.ES256) {
verifier = ECDSAVerifier(ECKey.parse(jwsObject.header.jwk.toJSONString()))
} else {
// unsupported algorithm
throw RuntimeException()
}
if (!jwsObject.verify(verifier)) {
throw RuntimeException("JWS validation failed.")
}
} catch (e: Exception) {
throw RuntimeException("JWS validation failed.")
}
return jwsObject.payload.toString()
}
Exception
java.security.InvalidAlgorithmParameterException: Unsupported content digest algorithm: SHA256
at com.android.org.conscrypt.OpenSSLSignature$RSAPSSPadding.engineSetParameter(OpenSSLSignature.java:386)
at java.security.Signature$Delegate.engineSetParameter(Signature.java:1398)
at java.security.Signature.setParameter(Signature.java:1021)
at com.nimbusds.jose.crypto.impl.RSASSA.getSignerAndVerifier(RSASSA.java:98)
at com.nimbusds.jose.crypto.RSASSAVerifier.verify(RSASSAVerifier.java:159)
at com.nimbusds.jose.JWSObject.verify(JWSObject.java:353)
at android.os.AsyncTask$2.call(AsyncTask.java:333)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:245)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1162)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:636)
at java.lang.Thread.run(Thread.java:764)
JWS Header
{
"x5c":[
"MIIFjjCCA3....",
"MIIF3jCCA8...."
],
"alg":"PS256"
}
Thank you.
Comments (7)
-
reporter
-
What is your Java runtime? Looks like Android?
-
reporter
Yes. I'm using Android library with Kotlin language support.
-
- changed status to invalid
Your version of Android apparently doesn't support PSS-crypto.
Get BouncyCastle or suitable crypto provider lib for Android and all shall be fine.
https://connect2id.com/products/nimbus-jose-jwt/jca-algorithm-support
-
reporter
Thank you for your response. It's worked.
-
Hello,
I am using the same algorithm to do JWS Validation in Android, I managed to make it support RSASSA-PSS , but its always returning SIGNED state, and not VERIFIED, knowing that my
jwsObjectis signed and verified , do i need to create a new issue for this ? -
@medlamine Semassel Yes, please, file a new ticket and include a test case / sample code.
- Log in to comment
