Curve not supported: secp256k1

[TheBestOrNothing]

com.nimbusds.jose.JOSEException: Curve not supported: secp256k1 (1.3.132.0.10)         at com.nimbusds.jose.jwk.gen.ECKeyGenerator.generate(ECKeyGenerator.java:87)         at io.strimzi.kafka.oauth.common.WEB3.(WEB3.java:56)         at io.strimzi.kafka.oauth.common.WEB3.publicWEB3(WEB3.java:120)         at io.strimzi.examples.consumer.Bob.main(Bob.java:99) Caused by: java.security.InvalidAlgorithmParameterException: Curve not supported: secp256k1 (1.3.132.0.10)         at jdk.crypto.ec/sun.security.ec.ECKeyPairGenerator.ensureCurveIsSupported(ECKeyPairGenerator.java:136)         at jdk.crypto.ec/sun.security.ec.ECKeyPairGenerator.initialize(ECKeyPairGenerator.java:114)         at java.base/java.security.KeyPairGenerator$Delegate.initialize(KeyPairGenerator.java:698)         at java.base/java.security.KeyPairGenerator.initialize(KeyPairGenerator.java:436)         at com.nimbusds.jose.jwk.gen.ECKeyGenerator.generate(ECKeyGenerator.java:85)         ... 3 more

There is one issue occur when bob running.

[TheBestOrNothing]

Because of java can not find the BouncyCastle provider, although using Security.addProvider(new BouncyCastleProvider()). If using Security.addProvider(new BouncyCastleProvider()), you will find the BouncyCastleProvider added at the end of the providers and the BouncyCastleProvider priority is too low to be used. The providers list will be showed by the following code.

Provider[] providers = Security.getProviders();
for (Provider provider : providers) {
    System.out.println("Name: " + provider.getName());
    System.out.println("Version: " + provider.toString());
    System.out.println("Info: " + provider.getInfo());
    System.out.println("");
}

Name: SUN Version: SUN version 17 Info: SUN (DSA key/parameter generation; DSA signing; SHA-1, MD5 digests; SecureRandom; X.509 certificates; PKCS12, JKS & DKS keystores; PKIX CertPathValidator; PKIX CertPathBuilder; LDAP, Collection CertStores, JavaPolicy Policy; JavaLoginConfig Configuration)

Name: SunRsaSign Version: SunRsaSign version 17 Info: Sun RSA signature provider

Name: SunEC Version: SunEC version 17 Info: Sun Elliptic Curve provider

Name: SunJSSE Version: SunJSSE version 17 Info: Sun JSSE provider(PKCS12, SunX509/PKIX key/trust factories, SSLv3/TLSv1/TLSv1.1/TLSv1.2/TLSv1.3/DTLSv1.0/DTLSv1.2)

Name: SunJCE Version: SunJCE version 17 Info: SunJCE Provider (implements RSA, DES, Triple DES, AES, Blowfish, ARCFOUR, RC2, PBE, Diffie-Hellman, HMAC, ChaCha20)

Name: SunJGSS Version: SunJGSS version 17 Info: Sun (Kerberos v5, SPNEGO)

Name: SunSASL Version: SunSASL version 17 Info: Sun SASL provider(implements client mechanisms for: DIGEST-MD5, EXTERNAL, PLAIN, CRAM-MD5, NTLM; server mechanisms for: DIGEST-MD5, CRAM-MD5, NTLM)

Name: XMLDSig Version: XMLDSig version 17 Info: XMLDSig (DOM XMLSignatureFactory; DOM KeyInfoFactory; C14N 1.0, C14N 1.1, Exclusive C14N, Base64, Enveloped, XPath, XPath2, XSLT TransformServices)

Name: SunPCSC Version: SunPCSC version 17 Info: Sun PC/SC provider

Name: JdkLDAP Version: JdkLDAP version 17 Info: JdkLDAP Provider (implements LDAP CertStore)

Name: JdkSASL Version: JdkSASL version 17 Info: JDK SASL provider(implements client and server mechanisms for GSSAPI)

Name: SunPKCS11 Version: SunPKCS11 version 17 Info: Unconfigured and unusable PKCS11 provider

Name: BC Version: BC version 1.76 Info: BouncyCastle Security Provider v1.76

[TheBestOrNothing]

So add the BouncyCastleProvider at the begining of system providers list and have higest priority. Please add the following code in the main, let BouncyCastleProvider effective when application start to run.

    public static void main(String[] args) {

        // Register BouncyCastleProvider
        Security.insertProviderAt(new BouncyCastleProvider(), 1);
        ....
    }

[TheBestOrNothing]

bug fixed