search

zalando-stups / planb-provider

Plan B OpenID Connect Provider issuing JWT tokens
http://planb.readthedocs.org/
Other
16 stars 11 forks source link

"ES256" key not working #17

Closed hjacobs closed 8 years ago

hjacobs commented 8 years ago

I'm not sure where the problem lies (key was generated by openssl), but I get an error after inserting an "ES256" JWK:

Feb 17 20:00:59 ip-172-31-146-14 docker/db14c1c40e47[886]: 2016-02-17 20:00:59.117 ERROR 13 --- [pool-9-thread-1] o.zalando.planb.provider.OIDCKeyHolder   : Could not update key list.
 Feb 17 20:00:59 ip-172-31-146-14 docker/db14c1c40e47[886]: 
 Feb 17 20:00:59 ip-172-31-146-14 docker/db14c1c40e47[886]: com.nimbusds.jose.JOSEException: The EC key curve is not supported, must be P256, P384 or P521
 Feb 17 20:00:59 ip-172-31-146-14 docker/db14c1c40e47[886]: #011at com.nimbusds.jose.crypto.ECDSA.resolveAlgorithm(ECDSA.java:56) ~[nimbus-jose-jwt-4.12.jar!/:4.12]
 Feb 17 20:00:59 ip-172-31-146-14 docker/db14c1c40e47[886]: #011at com.nimbusds.jose.crypto.ECDSA.resolveAlgorithm(ECDSA.java:38) ~[nimbus-jose-jwt-4.12.jar!/:4.12]
 Feb 17 20:00:59 ip-172-31-146-14 docker/db14c1c40e47[886]: #011at com.nimbusds.jose.crypto.ECDSASigner.<init>(ECDSASigner.java:56) ~[nimbus-jose-jwt-4.12.jar!/:4.12]
 Feb 17 20:00:59 ip-172-31-146-14 docker/db14c1c40e47[886]: #011at org.zalando.planb.provider.OIDCKeyHolder.loadKeys(OIDCKeyHolder.java:202) ~[planb-provider.jar!/:na]
 Feb 17 20:00:59 ip-172-31-146-14 docker/db14c1c40e47[886]: #011at org.zalando.planb.provider.OIDCKeyHolder.checkKeys(OIDCKeyHolder.java:86) ~[planb-provider.jar!/:na]
 Feb 17 20:00:59 ip-172-31-146-14 docker/db14c1c40e47[886]: #011at sun.reflect.GeneratedMethodAccessor106.invoke(Unknown Source) ~[na:na]
 Feb 17 20:00:59 ip-172-31-146-14 docker/db14c1c40e47[886]: #011at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_66-internal]
 Feb 17 20:00:59 ip-172-31-146-14 docker/db14c1c40e47[886]: #011at java.lang.reflect.Method.invoke(Method.java:497) ~[na:1.8.0_66-internal]
 Feb 17 20:00:59 ip-172-31-146-14 docker/db14c1c40e47[886]: #011at org.springframework.scheduling.support.ScheduledMethodRunnable.run(ScheduledMethodRunnable.java:65) [spring-context-4.2.4.RELEASE.jar!/:4.2.4.RELEASE]
 Feb 17 20:00:59 ip-172-31-146-14 docker/db14c1c40e47[886]: #011at org.springframework.scheduling.support.DelegatingErrorHandlingRunnable.run(DelegatingErrorHandlingRunnable.java:54) [spring-context-4.2.4.RELEASE.jar!/:4.2.4.RELEASE]
 Feb 17 20:00:59 ip-172-31-146-14 docker/db14c1c40e47[886]: #011at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) [na:1.8.0_66-internal]
 Feb 17 20:00:59 ip-172-31-146-14 docker/db14c1c40e47[886]: #011at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308) [na:1.8.0_66-internal]
 Feb 17 20:00:59 ip-172-31-146-14 docker/db14c1c40e47[886]: #011at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:180) [na:1.8.0_66-internal]
 Feb 17 20:00:59 ip-172-31-146-14 docker/db14c1c40e47[886]: #011at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:294) [na:1.8.0_66-internal]
 Feb 17 20:00:59 ip-172-31-146-14 docker/db14c1c40e47[886]: #011at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [na:1.8.0_66-internal]
 Feb 17 20:00:59 ip-172-31-146-14 docker/db14c1c40e47[886]: #011at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [na:1.8.0_66-internal]
 Feb 17 20:00:59 ip-172-31-146-14 docker/db14c1c40e47[886]: #011at java.lang.Thread.run(Thread.java:745) [na:1.8.0_66-internal]
hjacobs commented 8 years ago

Apparently I used the wrong curve: the OpenSSL name is "prime256v1"