Hi all,

I'm doing OIDC id token encryption and now trying to decrypt the same in
playground app. I've written a servlet that accepts id token and client
private key and decrypt the id token. Code to decrypt is as follows.

protected void doPost(HttpServletRequest request, HttpServletResponse
response) throws ServletException, IOException {
    String idToken = request.getParameter("idToken");
    String privateKeyString = request.getParameter("privateKeyString");

    EncryptedJWT jwt = decryptJWE(idToken, privateKeyString);

    response.setContentType("application/json");

    ServletOutputStream out = response.getOutputStream();
    try {
        System.out.println(jwt.getJWTClaimsSet().getIssueTime());
        out.print(String.valueOf(jwt.getJWTClaimsSet().getIssueTime()));
    } catch (ParseException e) {
        e.printStackTrace();
    }
}

private EncryptedJWT decryptJWE(String JWE, String privateKeyString) {
    KeyFactory kf = null;
    EncryptedJWT jwt = null;
    PrivateKey privateKey = null;

    try {
        kf = KeyFactory.getInstance("RSA");
        // Remove EOF characters from key string and generate key object
        privateKeyString = privateKeyString.replace("\n", "").replace("\r", "");
        PKCS8EncodedKeySpec keySpecPKCS8 = new
PKCS8EncodedKeySpec(Base64.getDecoder().decode(privateKeyString));
        privateKey = kf.generatePrivate(keySpecPKCS8);

        jwt = EncryptedJWT.parse(JWE);

        // Create a decrypter with the specified private RSA key
        RSADecrypter decrypter = new RSADecrypter((RSAPrivateKey) privateKey);

        // Decrypt
        jwt.decrypt(decrypter);

    } catch (JOSEException | ParseException | InvalidKeySpecException
| NoSuchAlgorithmException e) {
        e.printStackTrace();
    }

    return jwt;
}

Following exception logs each time I try to decrypt from above code.

INFO: Deployment of web application directory
/opt/apache-tomcat-7.0.84/webapps/manager has finished in 301 ms
com.nimbusds.jose.JOSEException: class
"org.bouncycastle.crypto.params.AEADParameters"'s signer information does
not match signer information of other classes in the same package
    at com.nimbusds.jose.JWEObject.decrypt(JWEObject.java:442)
    at
org.wso2.sample.identity.oauth2.IDTokenDecrypterServlet.decryptJWE(IDTokenDecrypterServlet.java:91)
    at
org.wso2.sample.identity.oauth2.IDTokenDecrypterServlet.doPost(IDTokenDecrypterServlet.java:51)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:650)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
    at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
    at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
    at
org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
    at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
    at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
    at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219)
    at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:110)
    at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:506)
    at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)
    at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
    at
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:962)
    at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
    at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:445)
    at
org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1115)
    at
org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:637)
    at
org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:318)
    at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
    at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
    at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
    at java.lang.Thread.run(Thread.java:748)
Caused by: java.lang.SecurityException: class
"org.bouncycastle.crypto.params.AEADParameters"'s signer information does
not match signer information of other classes in the same package
    at java.lang.ClassLoader.checkCerts(ClassLoader.java:898)
    at java.lang.ClassLoader.preDefineClass(ClassLoader.java:668)
    at java.lang.ClassLoader.defineClass(ClassLoader.java:761)
    at
java.security.SecureClassLoader.defineClass(SecureClassLoader.java:142)
    at
org.apache.catalina.loader.WebappClassLoaderBase.findClassInternal(WebappClassLoaderBase.java:3125)
    at
org.apache.catalina.loader.WebappClassLoaderBase.findClass(WebappClassLoaderBase.java:1388)
    at
org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1876)
    at
org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1750)
    at com.nimbusds.jose.crypto.AESGCM.createAESGCMCipher(AESGCM.java:86)
    at com.nimbusds.jose.crypto.AESGCM.decrypt(AESGCM.java:176)
    at com.nimbusds.jose.crypto.RSADecrypter.decrypt(RSADecrypter.java:265)
    at com.nimbusds.jose.JWEObject.decrypt(JWEObject.java:428)
    ... 24 more

​I tried deleting the said jar and reimporting several times but nothing
changed. Please let me know​ if you have any clue regards to this.

Thanks,
Vihanga

-- 

Vihanga Liyanage

Software Engineer | WS*O₂* Inc.

M : +*94710124103* | http://wso2.com

[image: http://wso2.com/signature] <http://wso2.com/signature>
_______________________________________________
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Reply via email to