Hi all,
I'm doing OIDC id token encryption and now trying to decrypt the same in
playground app. I've written a servlet that accepts id token and client
private key and decrypt the id token. Code to decrypt is as follows.
protected void doPost(HttpServletRequest request, HttpServletResponse
response) throws ServletException, IOException {
String idToken = request.getParameter("idToken");
String privateKeyString = request.getParameter("privateKeyString");
EncryptedJWT jwt = decryptJWE(idToken, privateKeyString);
response.setContentType("application/json");
ServletOutputStream out = response.getOutputStream();
try {
System.out.println(jwt.getJWTClaimsSet().getIssueTime());
out.print(String.valueOf(jwt.getJWTClaimsSet().getIssueTime()));
} catch (ParseException e) {
e.printStackTrace();
}
}
private EncryptedJWT decryptJWE(String JWE, String privateKeyString) {
KeyFactory kf = null;
EncryptedJWT jwt = null;
PrivateKey privateKey = null;
try {
kf = KeyFactory.getInstance("RSA");
// Remove EOF characters from key string and generate key object
privateKeyString = privateKeyString.replace("\n", "").replace("\r", "");
PKCS8EncodedKeySpec keySpecPKCS8 = new
PKCS8EncodedKeySpec(Base64.getDecoder().decode(privateKeyString));
privateKey = kf.generatePrivate(keySpecPKCS8);
jwt = EncryptedJWT.parse(JWE);
// Create a decrypter with the specified private RSA key
RSADecrypter decrypter = new RSADecrypter((RSAPrivateKey) privateKey);
// Decrypt
jwt.decrypt(decrypter);
} catch (JOSEException | ParseException | InvalidKeySpecException
| NoSuchAlgorithmException e) {
e.printStackTrace();
}
return jwt;
}
Following exception logs each time I try to decrypt from above code.
INFO: Deployment of web application directory
/opt/apache-tomcat-7.0.84/webapps/manager has finished in 301 ms
com.nimbusds.jose.JOSEException: class
"org.bouncycastle.crypto.params.AEADParameters"'s signer information does
not match signer information of other classes in the same package
at com.nimbusds.jose.JWEObject.decrypt(JWEObject.java:442)
at
org.wso2.sample.identity.oauth2.IDTokenDecrypterServlet.decryptJWE(IDTokenDecrypterServlet.java:91)
at
org.wso2.sample.identity.oauth2.IDTokenDecrypterServlet.doPost(IDTokenDecrypterServlet.java:51)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:650)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at
org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:110)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:506)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
at
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:962)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:445)
at
org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1115)
at
org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:637)
at
org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:318)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)
Caused by: java.lang.SecurityException: class
"org.bouncycastle.crypto.params.AEADParameters"'s signer information does
not match signer information of other classes in the same package
at java.lang.ClassLoader.checkCerts(ClassLoader.java:898)
at java.lang.ClassLoader.preDefineClass(ClassLoader.java:668)
at java.lang.ClassLoader.defineClass(ClassLoader.java:761)
at
java.security.SecureClassLoader.defineClass(SecureClassLoader.java:142)
at
org.apache.catalina.loader.WebappClassLoaderBase.findClassInternal(WebappClassLoaderBase.java:3125)
at
org.apache.catalina.loader.WebappClassLoaderBase.findClass(WebappClassLoaderBase.java:1388)
at
org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1876)
at
org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1750)
at com.nimbusds.jose.crypto.AESGCM.createAESGCMCipher(AESGCM.java:86)
at com.nimbusds.jose.crypto.AESGCM.decrypt(AESGCM.java:176)
at com.nimbusds.jose.crypto.RSADecrypter.decrypt(RSADecrypter.java:265)
at com.nimbusds.jose.JWEObject.decrypt(JWEObject.java:428)
... 24 more
I tried deleting the said jar and reimporting several times but nothing
changed. Please let me know if you have any clue regards to this.
Thanks,
Vihanga
--
Vihanga Liyanage
Software Engineer | WS*O₂* Inc.
M : +*94710124103* | http://wso2.com
[image: http://wso2.com/signature] <http://wso2.com/signature>
_______________________________________________
Dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/dev
