Solved: signature verification failing in iloveapis2015-jw... - Page 2

peeyush_rahariy · 12-14-2016 04:37 PM

I an able to generate a JWT using ../jwt_signed/create-rs256 endpoing from the sample github iloveapis2015-jwt-jwe-jws project. Certificated being used are the default included in JAR file.

A sample JWT is :

eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJwcmltYXJ5bGFuZ3VhZ2UiOiJFbmdsaXNoIiwic3ViIjoiSmF2YVRlc3RTZWN1cml0eSIsImF1ZCI6Ik9wdGlvbmFsLVN0cmluZy1vci1VUkkiLCJzaG9lc2l6ZSI6IjguNSIsImlzcyI6Imh0dHA6XC9cL2Rpbm9jaGllc2EubmV0IiwibW90dG8iOiJJbG92ZWFwaXMiLCJleHAiOjE0ODE3NjM4NTYsImlhdCI6MTQ4MTc2MDI1Nn0.E-5gq53MNvoh32vgSy_xi_R0aO0G7Pkal5y6M_8IqRc_FxVpeYwvLZGaDZ33sY0SKsGPx3_on1Od2HUxp77ZGXZuzRkvDHtvVKSVI_CBLS_1yjsZihxGRPirAYjacKofR0Uip2iEUksqSMHSfkNEUe_LPkzL8RmtzWyfK0wL8DVWWviYLoUhqFJEyJJvEHFttWvNtdMzfYm3M6iCSAC6wEBgm32L8i8z2WdImIKuKZWyuChSDoBE3mwYdfG169E6PhasVPquLvLzemeact_S0_sbNNUKePuIvLxOoWejuh6xgRnx4cLOhM1JhmTHHBZeHkwcDELer007SRj1iK392w

you can visit https://jwt.io/ and verify this token using below public key (default key that came with the sample git hub project)

However, when a cal is made to ..jwt_signed/validate-rs256 endpoint, I get an exception:

com.google.common.util.concurrent.UncheckedExecutionException: java.lang.NullPointerException at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2203) at com.google.common.cache.LocalCache.get(LocalCache.java:3937) at com.google.common.cache.LocalCache.getOrLoad(LocalCache.java:3941) at com.google.common.cache.LocalCache$LocalLoadingCache.get(LocalCache.java:4824) at com.apigee.callout.jwtsigned.JwtParserCallout.getRsaVerifier(JwtParserCallout.java:280) at com.apigee.callout.jwtsigned.JwtParserCallout.getVerifier(JwtParserCallout.java:289) at com.apigee.callout.jwtsigned.JwtParserCallout.execute(JwtParserCallout.java:358) at com.apigee.steps.javacallout.JavaCalloutStepDefinition$ClassLoadWrappedExecution.execute(JavaCalloutStepDefinition.java:166) at com.apigee.steps.javacallout.JavaCalloutStepDefinition$SecurityWrappedExecution$1.run(JavaCalloutStepDefinition.java:231) at java.security.AccessController.doPrivileged(Native Method) at com.apigee.steps.javacallout.JavaCalloutStepDefinition$SecurityWrappedExecution.execute(JavaCalloutStepDefinition.java:228) at com.apigee.steps.javacallout.JavaCalloutStepDefinition$CallOutWrapper.execute(JavaCalloutStepDefinition.java:101) at com.apigee.messaging.runtime.steps.StepExecution.execute(StepExecution.java:146) at com.apigee.flow.execution.AbstractAsyncExecutionStrategy$AsyncExecutionTask.call(AbstractAsyncExecutionStrategy.java:74) at com.apigee.flow.execution.AbstractAsyncExecutionStrategy$AsyncExecutionTask.call(AbstractAsyncExecutionStrategy.java:45) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) Caused by: java.lang.NullPointerException at com.apigee.callout.jwtsigned.PublicKeySource.publicKeyStringToPublicKey(PublicKeySource.java:121) at com.apigee.callout.jwtsigned.PublicKeySource.pemFileStringToPublicKey(PublicKeySource.java:90) at com.apigee.callout.jwtsigned.PublicKeySource.getPublicKey(PublicKeySource.java:72) at com.apigee.callout.jwtsigned.JwtParserCallout$2.load(JwtParserCallout.java:98) at com.apigee.callout.jwtsigned.JwtParserCallout$2.load(JwtParserCallout.java:94) at com.google.common.cache.LocalCache$LoadingValueReference.loadFuture(LocalCache.java:3527) at com.google.common.cache.LocalCache$Segment.loadSync(LocalCache.java:2319) at com.google.common.cache.LocalCache$Segment.lockedGetOrLoad(LocalCache.java:2282) at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2197) ... 20 more

Can some please help with this?

other variables are included below:

request.formparam.jwt eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJwcmltYXJ5bGFuZ3VhZ2UiOiJFbmdsaXNoIiwic3ViIjoiSmF2YVRlc3RTZWN1cml0eSIsImF1ZCI6Ik9wdGlvbmFsLVN0cmluZy1vci1VUkkiLCJzaG9lc2l6ZSI6IjguNSIsImlzcyI6Imh0dHA6XC9cL2Rpbm9jaGllc2EubmV0IiwibW90dG8iOiJJbG92ZWFwaXMiLCJleHAiOjE0ODE3NjM4NTYsImlhdCI6MTQ4MTc2MDI1Nn0.E-5gq53MNvoh32vgSy_xi_R0aO0G7Pkal5y6M_8IqRc_FxVpeYwvLZGaDZ33sY0SKsGPx3_on1Od2HUxp77ZGXZuzRkvDHtvVKSVI_CBLS_1yjsZihxGRPirAYjacKofR0Uip2iEUksqSMHSfkNEUe_LPkzL8RmtzWyfK0wL8DVWWviYLoUhqFJEyJJvEHFttWvNtdMzfYm3M6iCSAC6wEBgm32L8i8z2WdImIKuKZWyuChSDoBE3mwYdfG169E6PhasVPquLvLzemeact_S0_sbNNUKePuIvLxOoWejuh6xgRnx4cLOhM1JhmTHHBZeHkwcDELer007SRj1iK392wjwt_isSigned truejwt_jwt eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJwcmltYXJ5bGFuZ3VhZ2UiOiJFbmdsaXNoIiwic3ViIjoiSmF2YVRlc3RTZWN1cml0eSIsImF1ZCI6Ik9wdGlvbmFsLVN0cmluZy1vci1VUkkiLCJzaG9lc2l6ZSI6IjguNSIsImlzcyI6Imh0dHA6XC9cL2Rpbm9jaGllc2EubmV0IiwibW90dG8iOiJJbG92ZWFwaXMiLCJleHAiOjE0ODE3NjM4NTYsImlhdCI6MTQ4MTc2MDI1Nn0.E-5gq53MNvoh32vgSy_xi_R0aO0G7Pkal5y6M_8IqRc_FxVpeYwvLZGaDZ33sY0SKsGPx3_on1Od2HUxp77ZGXZuzRkvDHtvVKSVI_CBLS_1yjsZihxGRPirAYjacKofR0Uip2iEUksqSMHSfkNEUe_LPkzL8RmtzWyfK0wL8DVWWviYLoUhqFJEyJJvEHFttWvNtdMzfYm3M6iCSAC6wEBgm32L8i8z2WdImIKuKZWyuChSDoBE3mwYdfG169E6PhasVPquLvLzemeact_S0_sbNNUKePuIvLxOoWejuh6xgRnx4cLOhM1JhmTHHBZeHkwcDELer007SRj1iK392wjwt_jwtheader {"typ":"JWT","alg":"RS256"}jwt_error com.google.common.util.concurrent.UncheckedExecutionException: java.lang.NullPointerExceptionjwt_reason java.lang.NullPointerExceptionjwt_isValid falsejwt_stacktrace com.google.common.util.concurrent.UncheckedExecutionException: java.lang.NullPointerException at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2203) at com.google.common.cache.LocalCache.get(LocalCache.java:3937) at com.google.common.cache.LocalCache.getOrLoad(LocalCache.java:3941) at com.google.common.cache.LocalCache$LocalLoadingCache.get(LocalCache.java:4824) at com.apigee.callout.jwtsigned.JwtParserCallout.getRsaVerifier(JwtParserCallout.java:280) at com.apigee.callout.jwtsigned.JwtParserCallout.getVerifier(JwtParserCallout.java:289) at com.apigee.callout.jwtsigned.JwtParserCallout.execute(JwtParserCallout.java:358) at com.apigee.steps.javacallout.JavaCalloutStepDefinition$ClassLoadWrappedExecution.execute(JavaCalloutStepDefinition.java:166) at com.apigee.steps.javacallout.JavaCalloutStepDefinition$SecurityWrappedExecution$1.run(JavaCalloutStepDefinition.java:231) at java.security.AccessController.doPrivileged(Native Method) at com.apigee.steps.javacallout.JavaCalloutStepDefinition$SecurityWrappedExecution.execute(JavaCalloutStepDefinition.java:228) at com.apigee.steps.javacallout.JavaCalloutStepDefinition$CallOutWrapper.execute(JavaCalloutStepDefinition.java:101) at com.apigee.messaging.runtime.steps.StepExecution.execute(StepExecution.java:146) at com.apigee.flow.execution.AbstractAsyncExecutionStrategy$AsyncExecutionTask.call(AbstractAsyncExecutionStrategy.java:74) at com.apigee.flow.execution.AbstractAsyncExecutionStrategy$AsyncExecutionTask.call(AbstractAsyncExecutionStrategy.java:45) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) Caused by: java.lang.NullPointerException at com.apigee.callout.jwtsigned.PublicKeySource.publicKeyStringToPublicKey(PublicKeySource.java:121) at com.apigee.callout.jwtsigned.PublicKeySource.pemFileStringToPublicKey(PublicKeySource.java:90) at com.apigee.callout.jwtsigned.PublicKeySource.getPublicKey(PublicKeySource.java:72) at com.apigee.callout.jwtsigned.JwtParserCallout$2.load(JwtParserCallout.java:98) at com.apigee.callout.jwtsigned.JwtParserCallout$2.load(JwtParserCallout.java:94) at com.google.common.cache.LocalCache$LoadingValueReference.loadFuture(LocalCache.java:3527) at com.google.common.cache.LocalCache$Segment.loadSync(LocalCache.java:2319) at com.google.common.cache.LocalCache$Segment.lockedGetOrLoad(LocalCache.java:2282) at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2197) ... 20 more

DChiesa

Sorry! This question slipped under the radar and has now been sitting for 7 months!

I just tried this JWT with the latest JWT JAR from the github repo, and it worked fine for me.

This is the policy configuration I used:

<JavaCallout name='JWT-Parse-RS256-1'>
  <DisplayName>JWT-Parse-RS256-1</DisplayName>
  <Properties>
    <Property name="algorithm">RS256</Property>
    <Property name="jwt">{request.formparam.jwt}</Property>
    <Property name="public-key">
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtxlohiBDbI/jejs5WLKe
Vpb4SCNM9puY+poGkgMkurPRAUROvjCUYm2g9vXiFQl+ZKfZ2BolfnEYIXXVJjUm
zzaX9lBnYK/v9GQz1i2zrxOnSRfhhYEb7F8tvvKWMChK3tArrOXUDdOp2YUZBY2b
sl1iBDkc5ul/UgtjhHntA0r2FcUE4kEj2lwU1di9EzJv7sdE/YKPrPtFoNoxmthI
OvvEC45QxfNJ6OwpqgSOyKFwE230x8UPKmgGDQmED3PNrio3PlcM0XONDtgBewL0
3+OgERo/6JcZbs4CtORrpPxpJd6kvBiDgG07pUxMNKC2EbQGxkXer4bvlyqLiVzt
bwIDAQAB
-----END PUBLIC KEY-----
    </Property>

    <!-- claims to verify -->
    <Property name="claim_iss">http://dinochiesa.net</Property>
    <Property name="claim_shoesize">8.5</Property>
  </Properties>

  <ClassName>com.apigee.callout.jwtsigned.JwtParserCallout</ClassName>
  <ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.9.jar</ResourceURL>
</JavaCallout>

When I import the attached proxy and then invoke the proxy with

curl -i https://ORG-ENV.apigee.net/ofs-jwt/t2 -d 'jwt=eyJ0eXAiOiJKV1QiLCJh...'

...it works as expected.

Actually the JWT is now expired. So the JAR throws an error, which is expected when the JWT is expired. If I include the wantVerify=false, like so:

  <Properties>
    <Property name="wantVerify">false</Property>
    ...

...then the JWT is successfully parsed, but the sig is not verified, and no exception is thrown. This is all as expected.

ofs-jwt.zip

View solution in original post

signature verification failing in iloveapis2015-jwt-jwe-jws under JWT-Parse-RS256 policy