search

eclipse-vertx / vertx-auth

Apache License 2.0
158 stars 150 forks source link

[JWT Auth provider] PubSecKeyOptions creation fails when using JsonObject #596

Open dprincethg opened 1 year ago

dprincethg commented 1 year ago

Version

vertx 4.3.4

Context

When I use the code from this Doc page/

JWTAuth jwtAuth = JWTAuth.create(vertx, new JWTAuthOptions() .addPubSecKey(new PubSecKeyOptions() .setAlgorithm("ES256") .setBuffer( "-----BEGIN PUBLIC KEY-----\n" + "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEraVJ8CpkrwTPRCPluUDdwC6b8+m4\n" + "dEjwl8s+Sn0GULko+H95fsTREQ1A2soCFHS4wV3/23Nebq9omY3KuK9DKw==\n" + "-----END PUBLIC KEY-----")));

The JWTAuth creation is OK.

However when I try to use a JsonObject to build PubSecKeyOptions, like this:

JWTAuth jwtAuth = JWTAuth.create(vertx, new JWTAuthOptions() .addPubSecKey(new PubSecKeyOptions(new JsonObject() .put("algorithm","ES256") .put("buffer", "-----BEGIN PUBLIC KEY-----\n" + "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEraVJ8CpkrwTPRCPluUDdwC6b8+m4\n" + "dEjwl8s+Sn0GULko+H95fsTREQ1A2soCFHS4wV3/23Nebq9omY3KuK9DKw==\n" + "-----END PUBLIC KEY-----"))));

This exception is raised

Caused by: java.lang.IllegalArgumentException: Illegal base64 character 2d at java.util.Base64$Decoder.decode0(Base64.java:743) ~[?:?] at java.util.Base64$Decoder.decode(Base64.java:535) ~[?:?] at java.util.Base64$Decoder.decode(Base64.java:558) ~[?:?] at io.vertx.ext.auth.PubSecKeyOptionsConverter.fromJson(PubSecKeyOptionsConverter.java:30) ~[vertx-auth-common-4.3.4.jar:4.3.4] at io.vertx.ext.auth.PubSecKeyOptions.(PubSecKeyOptions.java:52) ~[vertx-auth-common-4.3.4.jar:4.3.4]

Extra

Root cause seems to be related to PubSecKeyOptionsConverter - line 30

obj.setBuffer(io.vertx.core.buffer.Buffer.buffer(BASE64_DECODER.decode((String)member.getValue())));

As a BASE64_DECODER is used to set the buffer when JsonObject is used,

But in PubSecKeyOptions buffer is set without Base64 decoding

this.buffer = Buffer.buffer(buffer, "UTF-8");

pmlopes commented 1 year ago

This is a codegen issue, types are getting mixed as we have overload's for that field which was named buffer and also has a buffer input argument.

dprincethg commented 1 year ago

I do not understand why the key format should be different in both cases, so why same value cannot be used :/ I guess the multiline format of the Key might not be adapted to Json...

Then, What is format of the pub key "buffer" to provide in JsonObject to make it works?

Edit: I've called the PubSecKeyOptions.toJson() from instance created with POJO setters:

{ "algorithm" : "ES256", "buffer" : "LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUZrd0V3WUhLb1pJemowQ0FRWUlLb1pJemowREFRY0RRZ0FFcmFWSjhDcGtyd1RQUkNQbHVVRGR3QzZiOCttNApkRWp3bDhzK1NuMEdVTGtvK0g5NWZzVFJFUTFBMnNvQ0ZIUzR3VjMvMjNOZWJxOW9tWTNLdUs5REt3PT0KLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0t", "certificate" : false, "symmetric" : false }

The buffer format is in fact the Base64URL encoding of "buffer" provided using POJO method:

-----BEGIN PUBLIC KEY----- MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEraVJ8CpkrwTPRCPluUDdwC6b8+m4 dEjwl8s+Sn0GULko+H95fsTREQ1A2soCFHS4wV3/23Nebq9omY3KuK9DKw== -----END PUBLIC KEY-----