Open johnsnelson opened 7 years ago
luggage66
commented
7 years ago I had that error and it was (for me) because it was expecting PKCS#8 format and I had PKCS#1. This SO issue helped: https://stackoverflow.com/questions/18039401/how-can-i-transform-between-the-two-styles-of-public-key-format-one-begin-rsa/27930720#27930720
To convert from PKCS#1 to PKCS#8:
openssl rsa -RSAPublicKey_in -in <filename> -pubout
thesourav123
commented
6 years ago @johnsnelson I too have a x509 certificate which is giving the below error. Did you find a solution to this issue My Certificate Starts with
----BEGIN CERTIFICATE----
----END CERTIFICATE------java.security.InvalidKeyException: IOException: ObjectIdentifier() -- data isn't an object ID (tag = -96)
coffeeburrito
commented
5 years ago Trying to decode Azure JWTs, I kept getting "Invalid RSA public key encoding." both with and without BouncyCastle provider. For me, the solution was an alternate method of loading the public key. The 'RSASigner.cfc' file now looks like this:
public any function setPublicKeyFromText( required string newPublicKeyText ) {
testKey( newPublicKeyText );
var bais = createObject("java", "java.io.ByteArrayInputStream").init(
binaryDecode( stripKeyDelimiters( newPublicKeyText ), "base64" )
);
cf = createObject("java", "java.security.cert.CertificateFactory").getInstance("X.509");
cert = cf.generateCertificate(bais);
publicKey = cert.getPublicKey();
return( this );
}Edit: I just noticed there's a pull request to fix this already (#3)
Also, the Microsoft cert I was trying to load was this: "MIIDBTCCAe2gAwIBAgIQWcq84CdVhKVEcKbZdMOMGjANBgkqhkiG9w0BAQsFADAtMSswKQYDVQQDEyJhY2NvdW50cy5hY2Nlc3Njb250cm9sLndpbmRvd3MubmV0MB4XDTE5MDMxNDAwMDAwMFoXDTIxMDMxNDAwMDAwMFowLTErMCkGA1UEAxMiYWNjb3VudHMuYWNjZXNzY29udHJvbC53aW5kb3dzLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANGnwmoj3f8Zf3sGRnzpMSsGD3yOBH7tAjn82oyv4J74lpO8N0fvPA5m9I9uA0p9alUd6bQpwNfkFH1DMob5fKU+fre6EZCzT86dIVVfnQBt2aDGkhDFtMGqbIQOi1RkTqQZ3A5nOuocefrd3jhQNuH4in0Ir9kybYd2PY4R5y3uxgTqKJlmMf6SYhBt5oWBSLe7IWhMDXBI6N+L69Vls0ZvA/IKII6yVndZqMnhn7Vi8736fXu/UMB2Cb/dO70Gxa0+y2LsvIO/kacbo4LpsNpsewnsHAmV8D4mfq2jNwKdRYSDYhqXeZm22KxQwxSFgI1j1GOijb17XNuMlH2a+DECAwEAAaMhMB8wHQYDVR0OBBYEFIkZ5wrSV8lohIsreOmig7h5wQDkMA0GCSqGSIb3DQEBCwUAA4IBAQAd8sKZLwZBocM4pMIRKarK60907jQCOi1m449WyToUcYPXmU7wrjy9fkYwJdC5sniItVBJ3RIQbF/hyjwnRoIaEcWYMAftBnH+c19WIuiWjR3EHnIdxmSopezl/9FaTNghbKjZtrKK+jL/RdkMY9uWxwUFLjTAtMm24QOt2+CGntBA9ohQUgiML/mlUpf4qEqa2/Lh+bjiHl3smg4TwuIl0i/TMN9Rg7UgQ6BnqfgiuMl6BtBiatNollwgGNI2zJEi47MjdeMf8+C3tXs//asqqlqJCyVLwN7AN47ynYmkl89MleOfKIojhrGRxryZG2nRjD9u/kZbPJ8e3JE9px67"
tomchiverton
commented
1 year ago This no longer works anyway, because the private key has to be passed into decode() :(
tomchiverton
commented
1 year ago But you can do something like this, as long as you change setAlgorithm() to be public, which I think is an oversight that it's private.
var signer = createObject('JSONWebTokens_4dac726.lib.sign.RSASigner')
signer.setAlgorithm('SHA256withRSA')
signer.setPublicKeyFromText( public_key )
var jwt_lib = createObject('JSONWebTokens_4dac726.lib.client.JsonWebTokensClient');
jwt_lib.setJsonEncoder( new JSONWebTokens_4dac726.lib.encode.JsonEncoder() )
jwt_lib.setBase64urlEncoder( new JSONWebTokens_4dac726.lib.encode.Base64urlEncoder() )
jwt_lib.setSigner( signer )
var usr = jwt_lib.decode( token );
I'm working with an authentication system that has given me a x509 certificate for the public key and when I try to decode the token using this library, I get this error: "Invalid RSA public key encoding." I am able to successfully validate the signature on the jwt.io decoder so I'm pretty sure it's not a problem with the tokens or the certificate, but rather something in the Java being used by Coldfusion. I've tried tweaking it as much as I know how and I've gotten nowhere. Do you have any suggestions?
I'm pretty sure my code should work: <cfset jwt = new lib.JsonWebTokens()> <cfset payload = jwt.decode( token, "RS256", "#certString#" )> Or am I missing something? Thanks!