[Update] Maven dependency tree is as follows when executed within the playground app directory.
[INFO] Scanning for projects... [INFO] [INFO] ------------------------------------------------------------------------ [INFO] Building OAuth 2.0 Playground App with WSO2 Identity Server 5.2.0 5.4.1 [INFO] ------------------------------------------------------------------------ [INFO] [INFO] --- maven-dependency-plugin:2.9:tree (default-cli) @ playground2 --- [INFO] org.wso2.is:playground2:war:5.4.1 [INFO] +- commons-codec:commons-codec:jar:1.8:compile [INFO] +- junit:junit:jar:3.8.1:test [INFO] +- javax.servlet:servlet-api:jar:2.5:provided [INFO] +- org.apache.axis2.wso2:axis2:jar:1.6.1.wso2v12:compile [INFO] +- com.google.gdata.wso2:gdata-core:jar:1.47.0.wso2v1:compile [INFO] +- com.google.common.wso2:google-collect:jar:1.0.0.wso2v2:compile [INFO] | \- com.google.collections:google-collections:jar:1.0:compile [INFO] +- org.apache.ws.commons.axiom.wso2:axiom:jar:1.2.11.wso2v10:compile [INFO] | +- org.apache.geronimo.specs.wso2:geronimo-stax-api_1.0_spec:jar:1.0.1.wso2v2:compile [INFO] | | \- org.apache.geronimo.specs:geronimo-stax-api_1.0_spec:jar:1.0.1:compile [INFO] | +- org.codehaus.woodstox:woodstox-core-asl:jar:4.2.0:compile [INFO] | \- org.codehaus.woodstox:stax2-api:jar:3.1.1:compile [INFO] | \- javax.xml.stream:stax-api:jar:1.0-2:compile [INFO] +- org.apache.oltu.oauth2:org.apache.oltu.oauth2.client:jar:1.0.0:compile [INFO] | +- org.apache.oltu.oauth2:org.apache.oltu.oauth2.common:jar:1.0.0:compile [INFO] | | \- org.json:json:jar:20131018:compile [INFO] | \- org.slf4j:slf4j-api:jar:1.6.1:compile [INFO] +- org.wso2.carbon.identity.inbound.auth.oauth2:org.wso2.carbon.identity.oauth.stub:jar:5.5.180:compile [INFO] +- org.wso2.carbon:org.wso2.carbon.utils:jar:4.4.22:compile [INFO] | +- org.wso2.orbit.org.bouncycastle:bcprov-jdk15on:jar:1.52.0.wso2v1:compile [INFO] | +- org.wso2.carbon:org.wso2.carbon.user.api:jar:4.4.22:compile [INFO] | +- org.wso2.carbon:org.wso2.carbon.logging:jar:4.4.22:compile [INFO] | | +- org.apache.log4j.wso2:log4j:jar:1.2.17.wso2v1:compile [INFO] | | | \- log4j:log4j:jar:1.2.17:compile [INFO] | | +- commons-logging:commons-logging:jar:1.1.1:compile [INFO] | | \- org.wso2.carbon:org.wso2.carbon.bootstrap:jar:4.4.22:compile [INFO] | | \- wrapper:wrapper:jar:3.2.3:compile [INFO] | +- org.wso2.carbon:org.wso2.carbon.queuing:jar:4.4.22:compile [INFO] | +- org.wso2.carbon:org.wso2.carbon.base:jar:4.4.22:compile [INFO] | | +- org.wso2.securevault:org.wso2.securevault:jar:1.0.0:compile [INFO] | | | +- org.apache.ws.commons.axiom:axiom-api:jar:1.2.11-wso2v6:compile [INFO] | | | | +- org.apache.geronimo.specs:geronimo-activation_1.1_spec:jar:1.0.2:compile [INFO] | | | | \- org.apache.geronimo.specs:geronimo-javamail_1.4_spec:jar:1.6:compile [INFO] | | | +- org.apache.ws.commons.axiom:axiom-impl:jar:1.2.12:compile [INFO] | | | | \- org.codehaus.woodstox:wstx-asl:jar:3.2.9:compile [INFO] | | | +- jline:jline:jar:0.9.94:compile [INFO] | | | +- commons-cli:commons-cli:jar:1.0:compile [INFO] | | | | \- commons-lang:commons-lang:jar:2.6:compile [INFO] | | | \- commons-io:commons-io:jar:2.0:compile [INFO] | | +- org.wso2.carbon:org.wso2.carbon.securevault:jar:4.4.22:compile [INFO] | | | \- org.eclipse.osgi:org.eclipse.osgi.services:jar:3.3.100.v20130513-1956:compile [INFO] | | +- org.testng:testng:jar:6.1.1:test [INFO] | | | +- org.beanshell:bsh:jar:2.0b4:test [INFO] | | | +- com.beust:jcommander:jar:1.12:test [INFO] | | | \- org.yaml:snakeyaml:jar:1.6:test [INFO] | | \- org.mockito:mockito-core:jar:2.8.9:compile [INFO] | | +- net.bytebuddy:byte-buddy:jar:1.6.14:runtime [INFO] | | +- net.bytebuddy:byte-buddy-agent:jar:1.6.14:runtime [INFO] | | \- org.objenesis:objenesis:jar:2.5:runtime [INFO] | +- org.eclipse.osgi:org.eclipse.osgi:jar:3.9.1.v20130814-1242:compile [INFO] | +- org.igniterealtime.smack.wso2:smack:jar:3.0.4.wso2v1:compile [INFO] | +- org.igniterealtime.smack.wso2:smackx:jar:3.0.4.wso2v1:compile [INFO] | +- jaxen:jaxen:jar:1.1.1:compile [INFO] | | +- dom4j:dom4j:jar:1.6.1:compile [INFO] | | +- jdom:jdom:jar:1.0:compile [INFO] | | +- xml-apis:xml-apis:jar:1.3.02:compile [INFO] | | +- xerces:xercesImpl:jar:2.8.1:compile [INFO] | | \- xom:xom:jar:1.0:compile [INFO] | | +- xerces:xmlParserAPIs:jar:2.6.2:compile [INFO] | | \- xalan:xalan:jar:2.7.1:compile [INFO] | | \- xalan:serializer:jar:2.7.1:compile [INFO] | +- org.wso2.orbit.commons-fileupload:commons-fileupload:jar:1.3.2.wso2v1:compile [INFO] | +- org.apache.ant.wso2:ant:jar:1.7.0.wso2v1:compile [INFO] | | \- org.apache.ant:ant:jar:1.7.0:compile [INFO] | | \- org.apache.ant:ant-launcher:jar:1.7.0:compile [INFO] | +- org.eclipse.equinox:javax.servlet:jar:3.0.0.v201112011016:compile [INFO] | +- org.wso2.orbit.commons-httpclient:commons-httpclient:jar:3.1.0.wso2v6:compile [INFO] | +- org.wso2.carbon:org.wso2.carbon.registry.api:jar:4.4.22:compile [INFO] | \- commons-lang.wso2:commons-lang:jar:2.6.0.wso2v1:compile [INFO] +- com.googlecode.json-simple:json-simple:jar:1.1:compile [INFO] +- com.nimbusds:nimbus-jose-jwt:jar:2.26.1:compile [INFO] | +- net.jcip:jcip-annotations:jar:1.0:compile [INFO] | +- net.minidev:json-smart:jar:1.1.1:compile [INFO] | \- org.bouncycastle:bcprov-jdk15on:jar:1.50:compile [INFO] +- org.apache.ws.commons.schema.wso2:XmlSchema:jar:1.4.7.wso2v3:compile [INFO] +- wsdl4j.wso2:wsdl4j:jar:1.6.2.wso2v2:compile [INFO] | \- wsdl4j:wsdl4j:jar:1.6.2:compile [INFO] +- org.wso2.orbit.org.apache.neethi:neethi:jar:2.0.4.wso2v5:compile [INFO] +- org.apache.httpcomponents.wso2:httpcore:jar:4.3.3.wso2v1:compile [INFO] \- bouncycastle:bcprov-jdk15:jar:132:compile The last *bouncycastle:bcprov-jdk15:jar:132:compile* Seems to be the problem, which came from the parent pom in product IS. Then we commented out following part in pom file located in ~/.m2/repository/org/wso2/is/identity-server-parent/5.4.1 and rebuild the project and the error was gone. <profile> <id>jdk15</id> <activation> <activeByDefault>true</activeByDefault> <jdk>1.5</jdk> </activation> <dependencies> <dependency> <groupId>bouncycastle</groupId> <artifactId>bcprov-jdk15</artifactId> <version>${bcprov.jdk15.version}</version> </dependency> </dependencies> </profile> This is not a permanent solution though. Still couldn't figure out how to exclude this dependency from the playground app. Thanks, Vihanga. On Mon, Feb 12, 2018 at 7:42 PM, Vihanga Liyanage <viha...@wso2.com> wrote: > Hi all, > > I'm doing OIDC id token encryption and now trying to decrypt the same in > playground app. I've written a servlet that accepts id token and client > private key and decrypt the id token. Code to decrypt is as follows. > > protected void doPost(HttpServletRequest request, HttpServletResponse > response) throws ServletException, IOException { > String idToken = request.getParameter("idToken"); > String privateKeyString = request.getParameter("privateKeyString"); > > EncryptedJWT jwt = decryptJWE(idToken, privateKeyString); > > response.setContentType("application/json"); > > ServletOutputStream out = response.getOutputStream(); > try { > System.out.println(jwt.getJWTClaimsSet().getIssueTime()); > out.print(String.valueOf(jwt.getJWTClaimsSet().getIssueTime())); > } catch (ParseException e) { > e.printStackTrace(); > } > } > > private EncryptedJWT decryptJWE(String JWE, String privateKeyString) { > KeyFactory kf = null; > EncryptedJWT jwt = null; > PrivateKey privateKey = null; > > try { > kf = KeyFactory.getInstance("RSA"); > // Remove EOF characters from key string and generate key object > privateKeyString = privateKeyString.replace("\n", "").replace("\r", > ""); > PKCS8EncodedKeySpec keySpecPKCS8 = new > PKCS8EncodedKeySpec(Base64.getDecoder().decode(privateKeyString)); > privateKey = kf.generatePrivate(keySpecPKCS8); > > jwt = EncryptedJWT.parse(JWE); > > // Create a decrypter with the specified private RSA key > RSADecrypter decrypter = new RSADecrypter((RSAPrivateKey) privateKey); > > // Decrypt > jwt.decrypt(decrypter); > > } catch (JOSEException | ParseException | InvalidKeySpecException | > NoSuchAlgorithmException e) { > e.printStackTrace(); > } > > return jwt; > } > > Following exception logs each time I try to decrypt from above code. > > INFO: Deployment of web application directory > /opt/apache-tomcat-7.0.84/webapps/manager > has finished in 301 ms > com.nimbusds.jose.JOSEException: class > "org.bouncycastle.crypto.params.AEADParameters"'s > signer information does not match signer information of other classes in > the same package > at com.nimbusds.jose.JWEObject.decrypt(JWEObject.java:442) > at org.wso2.sample.identity.oauth2.IDTokenDecrypterServlet.decryptJWE( > IDTokenDecrypterServlet.java:91) > at org.wso2.sample.identity.oauth2.IDTokenDecrypterServlet.doPost( > IDTokenDecrypterServlet.java:51) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:650) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:731) > at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter( > ApplicationFilterChain.java:303) > at org.apache.catalina.core.ApplicationFilterChain.doFilter( > ApplicationFilterChain.java:208) > at org.apache.tomcat.websocket.server.WsFilter.doFilter( > WsFilter.java:52) > at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter( > ApplicationFilterChain.java:241) > at org.apache.catalina.core.ApplicationFilterChain.doFilter( > ApplicationFilterChain.java:208) > at org.apache.catalina.core.StandardWrapperValve.invoke( > StandardWrapperValve.java:219) > at org.apache.catalina.core.StandardContextValve.invoke( > StandardContextValve.java:110) > at org.apache.catalina.authenticator.AuthenticatorBase.invoke( > AuthenticatorBase.java:506) > at org.apache.catalina.core.StandardHostValve.invoke( > StandardHostValve.java:169) > at org.apache.catalina.valves.ErrorReportValve.invoke( > ErrorReportValve.java:103) > at org.apache.catalina.valves.AccessLogValve.invoke( > AccessLogValve.java:962) > at org.apache.catalina.core.StandardEngineValve.invoke( > StandardEngineValve.java:116) > at org.apache.catalina.connector.CoyoteAdapter.service( > CoyoteAdapter.java:445) > at org.apache.coyote.http11.AbstractHttp11Processor.process( > AbstractHttp11Processor.java:1115) > at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler. > process(AbstractProtocol.java:637) > at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor. > run(JIoEndpoint.java:318) > at java.util.concurrent.ThreadPoolExecutor.runWorker( > ThreadPoolExecutor.java:1149) > at java.util.concurrent.ThreadPoolExecutor$Worker.run( > ThreadPoolExecutor.java:624) > at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run( > TaskThread.java:61) > at java.lang.Thread.run(Thread.java:748) > Caused by: java.lang.SecurityException: class > "org.bouncycastle.crypto.params.AEADParameters"'s > signer information does not match signer information of other classes in > the same package > at java.lang.ClassLoader.checkCerts(ClassLoader.java:898) > at java.lang.ClassLoader.preDefineClass(ClassLoader.java:668) > at java.lang.ClassLoader.defineClass(ClassLoader.java:761) > at java.security.SecureClassLoader.defineClass( > SecureClassLoader.java:142) > at org.apache.catalina.loader.WebappClassLoaderBase.findClassInternal( > WebappClassLoaderBase.java:3125) > at org.apache.catalina.loader.WebappClassLoaderBase.findClass( > WebappClassLoaderBase.java:1388) > at org.apache.catalina.loader.WebappClassLoaderBase.loadClass( > WebappClassLoaderBase.java:1876) > at org.apache.catalina.loader.WebappClassLoaderBase.loadClass( > WebappClassLoaderBase.java:1750) > at com.nimbusds.jose.crypto.AESGCM.createAESGCMCipher(AESGCM.java:86) > at com.nimbusds.jose.crypto.AESGCM.decrypt(AESGCM.java:176) > at com.nimbusds.jose.crypto.RSADecrypter.decrypt( > RSADecrypter.java:265) > at com.nimbusds.jose.JWEObject.decrypt(JWEObject.java:428) > ... 24 more > > I tried deleting the said jar and reimporting several times but nothing > changed. Please let me know if you have any clue regards to this. > > Thanks, > Vihanga > > -- > > Vihanga Liyanage > > Software Engineer | WS*O₂* Inc. > > M : +*94710124103* | http://wso2.com > > [image: http://wso2.com/signature] <http://wso2.com/signature> > -- Vihanga Liyanage Software Engineer | WS*O₂* Inc. M : +*94710124103* | http://wso2.com [image: http://wso2.com/signature] <http://wso2.com/signature>
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev