Add Documentation on how the JWT profile works

[georgepadayatti]

While running the back-end server. I am running into the following issue,

The following is the console output excerpt that is relevant to the issue,

Caused by: org.springframework.beans.BeanInstantiationException: Failed to instantiate [javax.servlet.Filter]: Factory method 'springSecurityFilterChain' thre
w exception; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'jwtDecoder' defined in class path res
ource [org/dpppt/backend/sdk/ws/config/WSJWTConfig.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanIns
tantiationException: Failed to instantiate [org.springframework.security.oauth2.jwt.JwtDecoder]: Factory method 'jwtDecoder' threw exception; nested exception
 is java.security.spec.InvalidKeySpecException: java.security.InvalidKeyException: Missing key encoding                                                       
        at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:185)                            
        at org.springframework.beans.factory.support.ConstructorResolver.instantiate(ConstructorResolver.java:651)                                            
        ... 29 common frames omitted                                                                                                                          
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'jwtDecoder' defined in class path resource [org/dpppt/backe
nd/sdk/ws/config/WSJWTConfig.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: F
ailed to instantiate [org.springframework.security.oauth2.jwt.JwtDecoder]: Factory method 'jwtDecoder' threw exception; nested exception is java.security.spec
.InvalidKeySpecException: java.security.InvalidKeyException: Missing key encoding            

[ubamrein]

Can you try to either deactivate the JWT profile in the application.properties file for the web service, or define a valid publickey (you can find an example in the DPPPTControllerTest) in the application.properties.

We for sure need to add some documentation for this or remove the jwt profile from the default properties file.

[georgepadayatti]

@ubamrein :+1:

[zerjioang]

I've been trying to understand the logic behind the backend. So far so good. It supports 3 different profile modes (cloud, dev, prod and jwt) based on application.properties values, however im not sure about the differences between most of them. Bust the most intriguing thing is related to JWT tokens and PKI crypto. Whats the purpose of having such systems? To authenticate client request via JWT? to provide full e2e encrypted communication channel between clients and server?

Any advice is appreciated.

[0xjams]

I have tried using the commands here to generate a RSA public key, but I'm getting "Invalid key format". What's the correct way to generate the content of "ws.app.jwt.publickey"?

[cpepis]

@jorgejams88 There is a GenerateKeyPair file you can run and it will generate two files, one public one private. Then ws.app.jwt.publickey=file:/../generated_pub.pem

This is wat I did. I don't know if it's correct.

[0xjams]

@cpepi001 I tried that but the GenerateKeyPair file creates an elliptic curve key:

KeyPairGenerator generator = KeyPairGenerator.getInstance("ECDSA", "BC");

But the KeyFactory was expecting an RSA key:

KeyFactory kf = KeyFactory.getInstance("RSA");

[cpepis]

Oh, I didn't update. I'm using this version of the GenerateKeyPair: https://github.com/DP-3T/dp3t-sdk-backend/commit/7b3c07ee6339f08bbf59344769fec091d4cc9873

[0xjams]

@cpepi001 thank you!!!

[ubamrein]

Oh Sorry didn't realise that people are actually using it :D I will add both, EC and RSA GenerateKeyPair files!

[cpepis]

Shouldn't we? I'm actually trying to figure it out how to build a local server and connect the calibration app. One of the steps to compile the server was to generate a public key.

[ubamrein]

I would not use them in production, as we just used default values everywhere, so they are more meant to provide something to test the backend.

I think you should be careful on the parameters to use when you are deploying it in production. I will add that as well in the header of the file!

[0xjams]

@cpepi001 Not that you shouldn't, but you can avoid needing to set the key by changing the profile, if you want to use PostgreSQL as a database, you change the profile to this:

spring.profiles.active=prod

If you want to use HSQLDB, you change it to this:

spring.profiles.active=dev

[cpepis]

Thank you for point that out. For now is just for testing, to see if I can add any records to DB and understand how things works.

@jorgejams88 I have install PostgreSQL and by changing the profile, 3 tables were created. I think this is a good sign.

[ubamrein]

@cpepi001 On the develop branch are now both files