Solved: Need help setting up APIGEE JWT example from ilove... - Page 2

Report Inappropriate Content · 11-15-2016 07:09 AM

I am attempting to get the sample create JWT and parse / verify sample to work from (Iloveapis2015-jwt-jwe-jws). But no success with either the RS256 create or parse. I am using the keys provided in the github project as well as the pre-compiled java JARs. Here is my create using those components:

<JavaCallout async="false" continueOnError="false" enabled="true" name="JavaCallout-JWT-Create-RS256-2">
  <DisplayName>JavaCallout-JWT-Create-RS256-2</DisplayName>
  <Properties>
    <Property name="algorithm">RS256</Property>
    <!-- <Property name="pemfile">public-private-keypair1.pem</Property> -->
    <Property name="private-key-password">deecee123</Property>
    <Property name="private-key">
      -----BEGIN RSA PRIVATE KEY-----
      Proc-Type: 4,ENCRYPTED
      DEK-Info: DES-EDE3-CBC,049E6103F40FBE84
      EZVWs5v4FoRrFdK+YbpjCmW0KoHUmBAW7XLvS+vK3BdSM2Yx/hPhDO9URCVl9Oar
      ApEZC1CxzsyRfvKDtiKWfQKdYKLccl8pA4Jj0sCxVgL4MBFDNDDEau4vRfXBv2EF
      eGVZiG0/oaGbOUI9bgPKXmDsZQ3LHM9JONTOxaBapc06Gxcj0btkkzwB/dZQVRvb
      XQFMzySgly1OOcnVkl8CDfKI4TwOERlhXjnnjN8vsDrpZXuSqniR9ARJEK41ZDAV
      JpkvWnvEYl3oMozgF6NHCFXahefbP8lysMSknhtQwiJUaDZSkoBMMdMfQyfPpPME
      tgJ4nkPBbSmwpWlTMPSgfth1kAkFvtmYCdV1UVglS+CE1/VDeuTeqkj5f7X/MvEx
      FuWAkbZ3Gmqy04MvTOL8iy9A1wQo9E9U/6CgPqILcn49ZIOWilW6OzoGKK0F95KO
      mx5r7MOkq21ltzCTmjt200YM/D5fq78ST7UzqetTFqNbgfraZxawcZf9L0xL2cwa
      U9MJtPqCRLk4066+I2RkOZ8Zz1bro1nfCS99fayZ1AY/Ohw7+neviyuXIFSMTxsL
      eiyPVBi6rrWjXIFITafK1oIoELimMbUHS9UOgJt7wkbKVYazcC9sQ4B1am1UQRe1
      XQWtsYVySiId9iHA2UG+yc/l8GDmsKWAzlhFv5NyuCMAdfXbM1ERFaghPFx3RcZW
      qtSkso/kFWrH6369ADN8fUAh6GOLrVAC06W6STzLEhoxNDyyS6RW9s/i9qhJWIX9
      sMuDK2Zg+TRJ+nZbdljhglVLzMLPv3MCxhlji7H4y8YIVD738rpJLOY3LBqh9ilo
      1HHGlMNkfBDkaSIwT2cBHdC38USyV2fgqlcukzj3a3NvUdmvARtnfEL6gLeSXmHJ
      HNC6HqihWnBuizX9I9MwYaz9GQw7HN7oZJLBbBatsbxcP9ll/27VZY8BJwwLtuSy
      /JJRB1ALjBFVKeBo5nHSc7cKld0glnWt+E5yfgQcI/2kpgfqJRb0yAPcMjOQyLJ9
      xWKl7qDENSKSdy3VMKvj2xxqmkk7eTLbIFRfjioLLCnkfQsCPVdQMrG0Kt67W/F2
      rZlGqeJtTDIefiQCwSR18t/8SUTqm4SRKDvBFRKhpn6JOl561vp5j3PoD52+ZFCX
      160sbfqsKqJ/TqqP0BWdSOyYNSmlUQAn3JYZlj3dYM4dTQTADpCWo3ZmDAiFho/y
      dCwtNpnjWoICcDfyr34G01xCVeyEjkozePLMZ7chOmX87KfVEujgul1qAHHgMAid
      4l+btMOR8D0od2ZF+DdYllyDSU1fp1EQXXrbkYaFccgYVs8MtBQvCcJtSnayf3L+
      jUxp3vjF9HE3wVDVTFeCUJGacGIMuoD0RlsT2VFMOjOf4p0F7adPse7aLBhyoLMI
      N7GMYGDSG6jbWP18bNDWwFDrtPsvSXIZnirZeQNR7P8stVcxrWaphiPXivsHwJE2
      z9SnpM5YjEoVI/1Cr8XY4QySFR1S72gkOO2WRi6m0kc98F/C3iwCMJ/RXvKfBVrj
      7ZOF1UXVaoldDs+izZo5biVF/NNIBtg2FkZd4hh/cFlF1PV+M5+5mA==
      -----END RSA PRIVATE KEY-----
    </Property>
  </Properties>
  <ClassName>com.apigee.callout.jwtsigned.JwtCreatorCallout</ClassName>
  <ResourceURL>java://jwt-signed-edge-callout.jar</ResourceURL>
</JavaCallout><br>

Here is my parse using those components--although I do not have a JWT from the create to test with yet.

<JavaCallout async="false" continueOnError="false" enabled="true" name="JavaCallout-JWT-Parse-RS256"> 
  <DisplayName>JavaCallout-JWT-Parse-RS256</DisplayName> 
  <Properties> 
    <Property name="algorithm">RS256</Property> 
    <Property name="jwt">{request.header.jwt}</Property> 
    <Property name="timeAllowance">30000</Property>
    <!-- public-key used only for algorithm = RS256 -->
    <Property name="public-key">
      -----BEGIN PUBLIC KEY-----
      MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtxlohiBDbI/jejs5WLKe
      Vpb4SCNM9puY+poGkgMkurPRAUROvjCUYm2g9vXiFQl+ZKfZ2BolfnEYIXXVJjUm
      zzaX9lBnYK/v9GQz1i2zrxOnSRfhhYEb7F8tvvKWMChK3tArrOXUDdOp2YUZBY2b
      sl1iBDkc5ul/UgtjhHntA0r2FcUE4kEj2lwU1di9EzJv7sdE/YKPrPtFoNoxmthI
      OvvEC45QxfNJ6OwpqgSOyKFwE230x8UPKmgGDQmED3PNrio3PlcM0XONDtgBewL0
      3+OgERo/6JcZbs4CtORrpPxpJd6kvBiDgG07pUxMNKC2EbQGxkXer4bvlyqLiVzt
      bwIDAQAB
      -----END PUBLIC KEY-----
    </Property>

  </Properties>

  <ClassName>com.apigee.callout.jwtsigned.JwtParserCallout</ClassName>
  <ResourceURL>java://jwt-signed-edge-callout.jar</ResourceURL>
</JavaCallout>

jwt_error:
java.util.concurrent.ExecutionException: org.apache.commons.ssl.ProbablyNotPKCS8Exception: asn1 parse failure: java.io.IOException: DER length more than 4 bytes

jwt_reason:

org.apache.commons.ssl.ProbablyNotPKCS8Exception: asn1 parse failure: java.io.IOException: DER length more than 4 bytes

I am using the public-private-keypair1.pem in my create as Dino has in his example.

DChiesa

Sorry to hear you're having trouble. Also, sorry about the misunderstandings with Apigee Support. This is not something the support staff are currently supporting. We're working on embedding JWT verification and generation "officially" into the product rather than via sample code available on github. Until that time, community support is the way to go for that sample.

Now...regarding your problem.

You say you are getting an error. When? Which policy generates the error? The parse or the generation?

Under what circumstances?

You said you can get the example from github to work. That's good. The error you are mentioning indicates a failure to de-serialize the string from the base64 encoded version into a Java object that represents a public or private key. But I'm not clear whether you're doing the generation or verification when you see the error.

I recommend that you check and double-check the public and private key that you have embedded into these policies. The spacing should mostly not matter, but it is important to have a newline in the private key after the line that begins "DEK-Info". Follow the example in github. The pasted code you provided didn't really have correct formatting, but I suspect that was caused by the paste, and the code you are actually using is different.

I have seen that error when there are errors in the serialized keys.

Let me know.

View solution in original post

Need help setting up APIGEE JWT example from iloveapis2015 on github.