Re: CXF-7005: NPE when converting a JWK to an RSA private key

Wed, 10 Aug 2016 06:45:51 -0700 

Np, I've committed a fix,
http://git-wip-us.apache.org/repos/asf/cxf/commit/baae01ab
The actual fix is a couple of lines of code where I update fromRSAPrivateKey to set a public exponent (as per the spec note). 
Just ended up also updating few utility code along the way.
toRSAPrivateKey will now throw JoseException if 'e' is missing - without it KeyFactory code throws NPE. 

Thanks, Sergey

On 10/08/16 11:46, Behrang Saeedzadeh wrote:

Thanks Sergey.

Best regards,
Behrang Saeedzadeh

On 10 August 2016 at 20:37, Sergey Beryozkin <[email protected]> wrote:


Hi

Thanks, let me look at it

Cheers, Sergey
On 10/08/16 10:03, Behrang Saeedzadeh wrote:


I had another look at the spec, and it says:

*The RSA Key blinding operation [Kocher], which is a defense against some
timing attacks, requires all of the RSA key values "n", "e", and "d".
However, some RSA private key representations do not include the public
exponent "e", but only include the modulus "n" and the private exponent
"d".  This is true, for instance, of the Java RSAPrivateKeySpec API, which
does not include the public exponent "e" as a parameter.  So as to enable
RSA key blinding, such representations should be avoided.  For Java, the
RSAPrivateCrtKeySpec API can be used instead.  Section 8.2.2(i) of the
Handbook of Applied Cryptography [HAC] discusses how to compute the
remaining RSA private key parameters, if needed, using only "n", "e", and
"d".*


As the spec says says representations that do not have the value "e"
*should* be avoided, rather than *must* be avoided, I assume CXF should
allow such keys to be used. Also:

   - If such keys must not be used, a more appropriate exception should be
   thrown rather than NPE.
   - Conversion of such keys to JWK should also throw an exception
(e.g. JwkUtils.fromRSAPrivateKey(privateKey,
   KeyAlgorithm.RSA_OAEP_256.getJwaName());).

Finally, even when using an RSA key representation that has the public
exponent, I still get NPE:
https://gist.github.com/behrangsa/24dd165b89e5d4f9f2adee3be58b84f6

*modulus* =
271025078213488744740617478062526953866062108128482957171010
259133074617782408090835347338911914691450188656398162487332
528375768272471754355497771935458887680533616869644549909012
004463369436911515146282350562986009361355370376607835496225
480756710646845910445075748695376234272096985784379898418957
430342001753977726968865257343494600721869492078494011096667
987870485207979939214280061370866629976052642340717657130549
849044304430367439294127952741888977148172851501994500132260
069877176375430119160217963286642548835482562138381319988686
074584934733987574293536867228034242744324221704093912026260
90616600948989663
*publicExponent* = 65537
*privateExponent* =
394232581688082793477319135506670957047953076397886389476363
092652333846730807990895733125081600127194508210849395454741
747868562635072285010140876125048381259216468501506247506387
451141996252815581105254993044684014715626401239025664248518
776882329462194190193769490869741007570670089488761092455852
599821516292148453161425842529808969601235424798411920605172
775776729898242957121521544998796092508964948197598432233733
888784909926416561355507548765363094728439366104195206981310
336273080313879884931851871630077404312193970751570537146278
715108236977734695473225083893507140959837704030226807144519
5912101145921985
*primeP* =
168565645866321463721757359494893586965844048573965891421831
251902170360925287024632232504341738302244181735765323813167
912402262029828812818816064242449683202965956327874665437958
752995615612700850215100753615532960278564880200378844344952
016806003712378420741928422029122293440530685345579952819949419356577
*primeQ* =
160783104303721082738621587159947127022228239307230113065333
132379355836939142594478872416309748726303605740321007079622
289527210126211593675937607269474776250841338770912932330909
766189328519015086351662333905791173139568145018928588087790
353257183867789540266903768114307418555716349558052766927945686741119
*prime* =
141957598404779196877050096666648867842880582402220508710403
443169272114381012885293836708723762460556035191729248392455
611659148968526356670218292226822755318951082009369646685869
348541038144806526467061977105276334645994672750039049347492
129813036252705949274280383121462954049922480211075404062417387935489
*primeExponentQ* =
810698945895671632680432480537780614378066156202972227328674
391485086841273474073356171170019324451943581746022503157928
888631865758374981006356444789934537926522733674842890104050
112718977205373076047222458140724982284362932717471839321456
92103447532097980653979202852393131302526004717119393367623864662103
*crtCoefficient* =

861513681064078028202912058802495465328339656182334240463237
267352065245409489246880924730648006404636674165669465403087
789442334526346319400850935685300524273893576599267764182635
202892134989255634440659383572788210390172204190543089709492
97813382895576848904365377490953604759526735834556224481913568643218
Exception in thread "main" java.lang.SecurityException:
java.lang.SecurityException: java.lang.NullPointerException
at
org.apache.cxf.rt.security.crypto.CryptoUtils.getRSAPrivateK
ey(CryptoUtils.java:184)
at
org.apache.cxf.rs.security.jose.jwk.JwkUtils.toRSAPrivateKey
(JwkUtils.java:414)
at org.apache.issues.Cxf7005.main(Cxf7005.java:73)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAcce
ssorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMe
thodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at com.intellij.rt.execution.application.AppMain.main(AppMain.java:144)
Caused by: java.lang.SecurityException: java.lang.NullPointerException
at
org.apache.cxf.rt.security.crypto.CryptoUtils.decodeSequence
(CryptoUtils.java:629)
at
org.apache.cxf.rt.security.crypto.CryptoUtils.getRSAPrivateK
ey(CryptoUtils.java:175)
... 7 more
Caused by: java.lang.NullPointerException
at org.apache.cxf.common.util.Base64Utility.decode(Base64Utilit
y.java:192)
at
org.apache.cxf.common.util.Base64UrlUtility.decode(Base64Url
Utility.java:41)
at
org.apache.cxf.rt.security.crypto.CryptoUtils.decodeSequence
(CryptoUtils.java:627)
... 8 more



On Wed, Aug 10, 2016 at 6:24 PM Behrang Saeedzadeh <[email protected]>
wrote:

Hi,


Am I using the CXF JOSE library in an incorrect way or is this a bug
https://issues.apache.org/jira/browse/CXF-7005?
--
Best regards,
Behrang Saeedzadeh











--
Sergey Beryozkin

Talend Community Coders
http://coders.talend.com/

Reply via email to