Skip to content
This repository was archived by the owner on May 31, 2022. It is now read-only.

JwkSetConverter fails when public key use is "enc" #1470

Closed
troyhart opened this issue Aug 31, 2018 · 2 comments
Closed

JwkSetConverter fails when public key use is "enc" #1470

troyhart opened this issue Aug 31, 2018 · 2 comments
Assignees
@jgrandja
Labels
type: bug
Milestone
2.3.5

Comments

@troyhart
Copy link

I am trying to implement a standalone resource server that validates JWTs. My authorization server is provided by GLUU. The jwks endpoint for my GLUU server returns the following:

{
"keys": [
{
"kid": "2f2963f5-2e69-448d-8d4b-a0c573a0ae12",
"kty": "RSA",
"use": "sig",
"alg": "RS256",
"exp": 1561073429125,
"n": "1i27yldjaqy1E43560by_mWC9weI9jilYGIHIYc_1nSM0QdVMg3OU-NVBfAcDZhw0ghJ4uZIyjnVVUBp-QqZfvQ9nMVPcYDb3Fycbag3jQ2zYJfU_lAVOoSQquq_Tk8pa4NlJWIbiEFCpkLlNZVZdP8950aZVJX5Z5AzZq6CognrnItuyjNxyA25r244dZyDiShvQ7AC3nX8u04AKTSu-bVBMuZEtJVb7wH3KDxUzgPSj-xZ2ddA9Af9I-GNKpIj5lM7KVun3GMKoVh_NsLVODAbBsJZpG_wKcN0IuHdtoJG3pCD95JmpaSUIlYbvnHH9y19tC45v5dHXUEyv1x8bw",
"e": "AQAB",
"x5c": [
"MIIDBDCCAeygAwIBAgIhALFTvUWtPFdT9hBmo/5AlANq9RBZggZYbYW/2adHb50XMA0GCSqGSIb3DQEBCwUAMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwHhcNMTgwNjIwMjMzMDE5WhcNMTkwNjIwMjMzMDI5WjAhMR8wHQYDVQQDDBZveEF1dGggQ0EgQ2VydGlmaWNhdGVzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1i27yldjaqy1E43560by/mWC9weI9jilYGIHIYc/1nSM0QdVMg3OU+NVBfAcDZhw0ghJ4uZIyjnVVUBp+QqZfvQ9nMVPcYDb3Fycbag3jQ2zYJfU/lAVOoSQquq/Tk8pa4NlJWIbiEFCpkLlNZVZdP8950aZVJX5Z5AzZq6CognrnItuyjNxyA25r244dZyDiShvQ7AC3nX8u04AKTSu+bVBMuZEtJVb7wH3KDxUzgPSj+xZ2ddA9Af9I+GNKpIj5lM7KVun3GMKoVh/NsLVODAbBsJZpG/wKcN0IuHdtoJG3pCD95JmpaSUIlYbvnHH9y19tC45v5dHXUEyv1x8bwIDAQABoycwJTAjBgNVHSUEHDAaBggrBgEFBQcDAQYIKwYBBQUHAwIGBFUdJQAwDQYJKoZIhvcNAQELBQADggEBAGvDX4s66Vd6Ca7yVZrRwprICYfD2+UWHhXzWZ1cDxH0nM74tHlKn2F5j5M7lDkr9nNkMGwWRzdUpRSmqBW6b3E4Z4JeZqdlOp3GOwV+FK7R1SL0HY4XVUlBh2WJ+WjPubK9G7PUVhKqFYb7yHHPjZsvTtxxr11J0w3xnUvnBdTmPu4ByawpzhEMwWfREMhKFuTdB1eqg72he5C4cYJy48mAs/OJ25hmG58UDgTcT/qSnKsstsaTbhpnf0ky/TuoT05bjHg4yl8sOlJyPmorScj+PCHmfysrp5GKZ682jL/ffuZUSpv5pwVtzI5pG0Be0DbVmUUcMXWOie0uvGIEWI4="
]
},
{
"kid": "e9b10352-37f4-4421-9019-8507b3f41c90",
"kty": "RSA",
"use": "sig",
"alg": "RS384",
"exp": 1561073429125,
"n": "jrl0mOjX6-yqiDKAAGJnGqnxXu_H4EaqoLdlmYjHOtZ8o0GpgXLP0zk9ez6EVb5Guav3SuJvBwnHlZjSNv60EZmjHRWmyr6BBMzTjJh48ofHWcd8TBuNL7UZWo0JU11jeghFIv8zWb7Iny2ovffhSBV03Bf_6K8DAYbgwJsEU4MKNerk2hF0RoBWOC7MBkgFcawTOtyU_Q2M6EGgz0zCFFT5Gg_K0LJTFF9H5R4HxGxYkNsGutEALUSRqgKcvcqFLMP6jOJxa_Gt_EZuNUimniwWtrzGWZ0p0ZCp4uvcuAAjO7_C7D8_O-FPl6iBb44ZlfM8bEPMiOBD3r7CQ8LTqQ",
"e": "AQAB",
"x5c": [
"MIIDBDCCAeygAwIBAgIhAKMEhiRjhQYeSYCmTIhRpdOm4UcwNWdKELSjOkiLK9B1MA0GCSqGSIb3DQEBDAUAMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwHhcNMTgwNjIwMjMzMDE5WhcNMTkwNjIwMjMzMDI5WjAhMR8wHQYDVQQDDBZveEF1dGggQ0EgQ2VydGlmaWNhdGVzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjrl0mOjX6+yqiDKAAGJnGqnxXu/H4EaqoLdlmYjHOtZ8o0GpgXLP0zk9ez6EVb5Guav3SuJvBwnHlZjSNv60EZmjHRWmyr6BBMzTjJh48ofHWcd8TBuNL7UZWo0JU11jeghFIv8zWb7Iny2ovffhSBV03Bf/6K8DAYbgwJsEU4MKNerk2hF0RoBWOC7MBkgFcawTOtyU/Q2M6EGgz0zCFFT5Gg/K0LJTFF9H5R4HxGxYkNsGutEALUSRqgKcvcqFLMP6jOJxa/Gt/EZuNUimniwWtrzGWZ0p0ZCp4uvcuAAjO7/C7D8/O+FPl6iBb44ZlfM8bEPMiOBD3r7CQ8LTqQIDAQABoycwJTAjBgNVHSUEHDAaBggrBgEFBQcDAQYIKwYBBQUHAwIGBFUdJQAwDQYJKoZIhvcNAQEMBQADggEBAIgz69L3jReBq0yKPsZa53LGsL2Fvf68a5tY8NAoDarMkrfv9FTPz5rnkFOr7OV1tH62EXeATzXKcHeICHZlaEYfgIgkOu3WBEKBoTX3ZJDBW8JTaWe6E0aseeXYHz4hnSlWixjcXCTHDQWsM9BraeijZJmw3OEjiZngoU1tXJb5+lRB/0eZPtjY3XB6KxZSSXTREvdpgr7ZAr52+ixav5oAEukdNQcNpV31kurGkzSc4xorKDAZiUJQOdffqXA1p8OzknaaEEVjOmN3Xxmagx95O+IYwUWFAE997l/iV7TdYiR3PKpOcu3buXoA3Z92YqCCGxwzqm8AXjy6c55Y+Nc="
]
},
{
"kid": "009b8c46-1323-4c4b-b78a-355949d39dde",
"kty": "RSA",
"use": "sig",
"alg": "RS512",
"exp": 1561073429125,
"n": "tUrE7ywuZrjrS2oNGG55WBOvhcFqsLDSZ3UcIIMmzUxeQzUDQqwDZcgvBtA0cCWtsNYnaXopHj-BRI-Ka-5WHM2OcS_aat-gwouiXMpZn9EoVitP9vmA2iys66StqNI8QmTTth5mSp6TW6qB-MOSddclIFnypQ7OZ2-cLsi_xZhGGqIrSpDRisr4qfKLVtV_0EnlE232RhDssrdEIIzZtx08cA9nyBOwWCVqgjH4SAthiLoUdvZhCFN9q2sGKfBJkwAnLDlXg2kfIlUNgVzGcLPuOA0MGGKPJ3DTlR3wluAljShfF17VBtPtFZWMAKrkoX4Y-OmITLLNUscotKtLhw",
"e": "AQAB",
"x5c": [
"MIIDAzCCAeugAwIBAgIgRF8BQ4cKWAQBhO9MB3GYaZuUT8G8g0uSiHrZz+t8TvYwDQYJKoZIhvcNAQENBQAwITEfMB0GA1UEAwwWb3hBdXRoIENBIENlcnRpZmljYXRlczAeFw0xODA2MjAyMzMwMjBaFw0xOTA2MjAyMzMwMjlaMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1SsTvLC5muOtLag0YbnlYE6+FwWqwsNJndRwggybNTF5DNQNCrANlyC8G0DRwJa2w1idpeikeP4FEj4pr7lYczY5xL9pq36DCi6Jcylmf0ShWK0/2+YDaLKzrpK2o0jxCZNO2HmZKnpNbqoH4w5J11yUgWfKlDs5nb5wuyL/FmEYaoitKkNGKyvip8otW1X/QSeUTbfZGEOyyt0QgjNm3HTxwD2fIE7BYJWqCMfhIC2GIuhR29mEIU32rawYp8EmTACcsOVeDaR8iVQ2BXMZws+44DQwYYo8ncNOVHfCW4CWNKF8XXtUG0+0VlYwAquShfhj46YhMss1Sxyi0q0uHAgMBAAGjJzAlMCMGA1UdJQQcMBoGCCsGAQUFBwMBBggrBgEFBQcDAgYEVR0lADANBgkqhkiG9w0BAQ0FAAOCAQEAqlT2BrvMDKZzaKtW1zdr1CmUQI6oFY9+xUcfb6mXjC0xv44fENOnWsGp5YKNeQjamVIzucQOwZJ+wGvzgg+uxvG4IxeB/WX4tMZ/2JcRWHYd+rlzvSz5ZwvB46SuuK9TE+GPlyS9IvA72c8rzLR3bPN/r1PjHSDQmZm4pOCFdUg2OIXEldhIHfhG9yhm/EQzRm/Yw+uNL/2s2AM/uNCl37zSP5FSCGK96+vyNSrNApjCod7KvO50txFdf9kuA3TseyWq8nzwJGQXAeeBmL4g78160cfRVGeEWoTHFcV02EIVcH4Tq+U0rmMmn/KyeuztKpkjkvUEid9djpnP7IzYww=="
]
},
{
"kid": "d99f2757-b2e5-4d14-bf21-e4a8f9ea6398",
"kty": "EC",
"use": "sig",
"alg": "ES256",
"exp": 1561073429125,
"crv": "P-256",
"x": "80bFoP-e2PtnJF6iTyy5iWm90rhshnZ5tfOjEJQYDC0",
"y": "dyFd0A2UWTrJ-PS_j-d8XzRHybZ2x2OA_4bG3uvPK9o",
"x5c": [
"MIIBdzCCAR2gAwIBAgIgRhyihKWwMRIKCVL2hAh7vzqQ60GVbxBj1vqfoacHSzQwCgYIKoZIzj0EAwIwITEfMB0GA1UEAwwWb3hBdXRoIENBIENlcnRpZmljYXRlczAeFw0xODA2MjAyMzMwMjBaFw0xOTA2MjAyMzMwMjlaMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATzRsWg/57Y+2ckXqJPLLmJab3SuGyGdnm186MQlBgMLXchXdANlFk6yfj0v4/nfF80R8m2dsdjgP+Gxt7rzyvaoycwJTAjBgNVHSUEHDAaBggrBgEFBQcDAQYIKwYBBQUHAwIGBFUdJQAwCgYIKoZIzj0EAwIDSAAwRQIgWgaZZflS+D68jXKGhWPQgG53/VA6maHA3FibGW2ptQACIQDOsOA+9IWRwvFGfS/MtZffhZEpgR2KoLw5GitNLZp29g=="
]
},
{
"kid": "7344a82f-931d-4ce0-a1c2-65f7a8bc5e32",
"kty": "EC",
"use": "sig",
"alg": "ES384",
"exp": 1561073429125,
"crv": "P-384",
"x": "2d4XocbehdxgoBLsdeJogqncTwHH-k5EavRRTnbwMu0fextydt64KzsZkuY4V7_J",
"y": "yJgLRYQ0-QBZMbb9wcMkUuphZ9xpxTjLercNcKjCu4pgy8opmwBwI_QwLF3BvctM",
"x5c": [
"MIIBtDCCATqgAwIBAgIgWYtvQySU8orYLrK1bscchtbI5h5/Ym9BfVI6c/HKeFYwCgYIKoZIzj0EAwMwITEfMB0GA1UEAwwWb3hBdXRoIENBIENlcnRpZmljYXRlczAeFw0xODA2MjAyMzMwMjBaFw0xOTA2MjAyMzMwMjlaMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATZ3hehxt6F3GCgEux14miCqdxPAcf6TkRq9FFOdvAy7R97G3J23rgrOxmS5jhXv8nImAtFhDT5AFkxtv3BwyRS6mFn3GnFOMt6tw1wqMK7imDLyimbAHAj9DAsXcG9y0yjJzAlMCMGA1UdJQQcMBoGCCsGAQUFBwMBBggrBgEFBQcDAgYEVR0lADAKBggqhkjOPQQDAwNoADBlAjEAkKJsUiggBnv5F/kBRFnaBnsARflIWdAQNiXSCo9EEZAFM+ekSC6NA1DpAjK1Vu9xAjAkgthSvjuNZskKKCNOiQ+js2SfkUhbWR9DrfTPCfxse4OIyOt4R3hZbohO5J9sOd8="
]
},
{
"kid": "63338c83-6bda-4882-982b-03630e138243",
"kty": "EC",
"use": "sig",
"alg": "ES512",
"exp": 1561073429125,
"crv": "P-521",
"x": "fiy38Wv1OO_aD8DZfU1DkMA88SGbj3J6CMUV4ecBjVIh74pLiH8SFkqRp0odhl0RqpO4iy610Ia-_tCEw1zIVko",
"y": "X0HlVWdlosnb_rOslW3_ezegml3bsGwgwCV7Nz5KAvHdDUMiF8yQJ5WkPHlMiMjscc7SR_ETjbiSPBVt0-YhxSA",
"x5c": [
"MIIB/zCCAWCgAwIBAgIgLKYJjILWuhkqSOBGpyENrlIPe7HePbRWEOYeLHyKeI4wCgYIKoZIzj0EAwQwITEfMB0GA1UEAwwWb3hBdXRoIENBIENlcnRpZmljYXRlczAeFw0xODA2MjAyMzMwMjBaFw0xOTA2MjAyMzMwMjlaMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYABAB+LLfxa/U479oPwNl9TUOQwDzxIZuPcnoIxRXh5wGNUiHvikuIfxIWSpGnSh2GXRGqk7iLLrXQhr7+0ITDXMhWSgBfQeVVZ2Wiydv+s6yVbf97N6CaXduwbCDAJXs3PkoC8d0NQyIXzJAnlaQ8eUyIyOxxztJH8RONuJI8FW3T5iHFIKMnMCUwIwYDVR0lBBwwGgYIKwYBBQUHAwEGCCsGAQUFBwMCBgRVHSUAMAoGCCqGSM49BAMEA4GMADCBiAJCAac8gRQAl3Uxjj9VdNZFAW+H2t6zShxPhmPDGrozSriR7O+sKSVGybF2O1sG+iJv7eID0Fm3DGnHyKfiJQ4G6+0LAkIBkm+Rd0GW7ueXXP2jESVWEGH5z5bq54EY2jOVo4gZbqVEEORhF4f+ZCigVwaPR88oncISvDvlrmhcEIVOLZsML3o="
]
},
{
"kid": "4e40e28f-3c23-4703-a4e5-256701729b9d",
"kty": "RSA",
"use": "enc",
"alg": "RS256",
"exp": 1561073429125,
"n": "rVyl3F36BIXhSNK2ed4BtuptJNc2VC-PbTBp1_EvzKdOZH6hoYAS7aOlZyzSGBJ653jH1omFwwB2m3bABrSrkJWwW2bw4z-20ZuuZTXkhjGTVJF971jXAz7WWu5x2JGNx_Y6xPeE1ikZD81JYKwSYFGJBKxW7P_H_CsmufPbXUty6LAt49BqJTOApP-pInmoJAwEwexoKwZ5lg9pid6bOFAQb_38yX4wlFJ5sIm9xi1zhvOJfLti2-T9Kfldi3hyTTLbt8p2nWZpNydWTlu4Eo6tixl5TdWY2izTNOooll5ix-Y0weV648jAz5nZ61HC0QZzP9phce7D4rVozz-1Qw",
"e": "AQAB",
"x5c": [
"MIIDBDCCAeygAwIBAgIhAI4ioYhsQvP+TfanCQ5cBFIMgWTgw1Zz6ZRdKXyaKtx8MA0GCSqGSIb3DQEBCwUAMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwHhcNMTgwNjIwMjMzMDIwWhcNMTkwNjIwMjMzMDI5WjAhMR8wHQYDVQQDDBZveEF1dGggQ0EgQ2VydGlmaWNhdGVzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArVyl3F36BIXhSNK2ed4BtuptJNc2VC+PbTBp1/EvzKdOZH6hoYAS7aOlZyzSGBJ653jH1omFwwB2m3bABrSrkJWwW2bw4z+20ZuuZTXkhjGTVJF971jXAz7WWu5x2JGNx/Y6xPeE1ikZD81JYKwSYFGJBKxW7P/H/CsmufPbXUty6LAt49BqJTOApP+pInmoJAwEwexoKwZ5lg9pid6bOFAQb/38yX4wlFJ5sIm9xi1zhvOJfLti2+T9Kfldi3hyTTLbt8p2nWZpNydWTlu4Eo6tixl5TdWY2izTNOooll5ix+Y0weV648jAz5nZ61HC0QZzP9phce7D4rVozz+1QwIDAQABoycwJTAjBgNVHSUEHDAaBggrBgEFBQcDAQYIKwYBBQUHAwIGBFUdJQAwDQYJKoZIhvcNAQELBQADggEBABhoycn6/mX07QTWcJ5G9neSjwur7iJxzcI2I3oXvewHQ+Hd5WI5YDh0zIBK5wAmaveUGWVTLHQayh1eOape0u+cHjaK1uoyB9j/PmRXgvVihpxG+oRHR6vWIb2BUzSNZ9zZLlDFhov3ZLeT4qtetj3Zp5WYd4mnTbmqZDHoXOu/ApXvIqCR0wnMZs90fK9ye/gImur2eLi145yyp2t1Q7HP6MqFhyX6lBXETyzJrgIxekJr0gOBrtAx4/DC8gODMsfDJI94QSso/l0EBp5Gmb1auwVT8g8B1yesOJmavcmnDADsqc3GjZTUt4DfDBl5sIulX4lcwEuYAyJV8BhgkNs="
]
},
{
"kid": "3f8a2a59-feb4-4ee7-8ba8-6f5f07d8f7a2",
"kty": "RSA",
"use": "enc",
"alg": "RS384",
"exp": 1561073429125,
"n": "pULgKLTWg88gD4YTKM8No1V4iGCMD5kIx7upx2-u1P7Q0i-jxtAlI_RsB88Lo19CSG5ThdVgDlCr7UVayeQgT1929wzBEdH7P19aumsTHi5yvhaqsVQICsjvdYLIkmClOUFB_rFrI-cSeLOXEjAZ4NEiyK878eGecQP4KUgDSSnjd8FMFMjbwr6CbCnPEPs-VHfTDC3g3kEZFtUsqLUbEiVyRASfK8rmNEUgWZJLkpdQjTRoObkey8L55NjYuITbuCJYsEJLUZE_-nTBDoM6FBnpM31nUmbfEDV5jCVhKBbIbnyE2Re06QRgou45OxTHSOmJqbxDDblE_-3HIqhAbQ",
"e": "AQAB",
"x5c": [
"MIIDAzCCAeugAwIBAgIgBS7A/cCZHMv5Mw8OO+MWNOz0HKVS6BNNhmtlkiPnNu0wDQYJKoZIhvcNAQEMBQAwITEfMB0GA1UEAwwWb3hBdXRoIENBIENlcnRpZmljYXRlczAeFw0xODA2MjAyMzMwMjBaFw0xOTA2MjAyMzMwMjlaMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQClQuAotNaDzyAPhhMozw2jVXiIYIwPmQjHu6nHb67U/tDSL6PG0CUj9GwHzwujX0JIblOF1WAOUKvtRVrJ5CBPX3b3DMER0fs/X1q6axMeLnK+FqqxVAgKyO91gsiSYKU5QUH+sWsj5xJ4s5cSMBng0SLIrzvx4Z5xA/gpSANJKeN3wUwUyNvCvoJsKc8Q+z5Ud9MMLeDeQRkW1SyotRsSJXJEBJ8ryuY0RSBZkkuSl1CNNGg5uR7Lwvnk2Ni4hNu4IliwQktRkT/6dMEOgzoUGekzfWdSZt8QNXmMJWEoFshufITZF7TpBGCi7jk7FMdI6YmpvEMNuUT/7cciqEBtAgMBAAGjJzAlMCMGA1UdJQQcMBoGCCsGAQUFBwMBBggrBgEFBQcDAgYEVR0lADANBgkqhkiG9w0BAQwFAAOCAQEAF4+jsQVuqNrLi2kYsg0ujeXhOmv4D1V91m0bBx3aViyqLehOBiVq4rUHGqLYuGo5CjCJ+xahBr8JvmXA52I83XViShxopgTNmbTMfB39VcBmcaO/BPXwZ51kVVZNXoSMKNa0jERDTBhPLBUT6k6LMFpvSPpnezyW9X98ZU6xiLGrfPLz3/OxRlHQM8+U1ph0/zTBgExcquf0FvncHJknElhlWAT84PR5X/9JtqGarufNZ6ssC9zMgb8xCs/6RcSiAOORGMpSweEADfXiQhWGSR+1FPW/WcLNpPlvmtWY5+1+wk7zy6eRwJKEN5Qmx4IMLmTy6WYZQmJVuw+zRmUKJA=="
]
},
{
"kid": "609dd2cc-df78-4a8a-9923-81b171e070cd",
"kty": "RSA",
"use": "enc",
"alg": "RS512",
"exp": 1561073429125,
"n": "vXopfonpYStQEruhiZ_Ja_Ku11QL_dTaQT8lTeXfKX6dqi0OUxJYRjKDyf20tFCAjoyW182YU-N8c-Pq4t-AweAna2_-3e9mn32djBDuN-bvQqAjX3JFW-sp4ZDLlddfbrMgM6XKc2CS1aL3xeH_66V5IWjHH5PMgT110UDzjYNUQryYFZcCZ5KgnmGk24SCc_A4_GpZ4U95Vv5XGqKhloQjbH7bFneUbZbC0vghkTeu8g0Z-o8F3-orC80YDk5ZN_9Nh3Mrg9nUBbDBcZJzSdCeoV-uz6QZQ0k49_LZocqRr7h3LEKFptHSCrYjkGJ345srVHD-BH4ECNc437ch9w",
"e": "AQAB",
"x5c": [
"MIIDBDCCAeygAwIBAgIhALG6Qyp6HnHP/cLGFL6wsYU/7oniV2JdJU56Wf0GBbenMA0GCSqGSIb3DQEBDQUAMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwHhcNMTgwNjIwMjMzMDIwWhcNMTkwNjIwMjMzMDI5WjAhMR8wHQYDVQQDDBZveEF1dGggQ0EgQ2VydGlmaWNhdGVzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvXopfonpYStQEruhiZ/Ja/Ku11QL/dTaQT8lTeXfKX6dqi0OUxJYRjKDyf20tFCAjoyW182YU+N8c+Pq4t+AweAna2/+3e9mn32djBDuN+bvQqAjX3JFW+sp4ZDLlddfbrMgM6XKc2CS1aL3xeH/66V5IWjHH5PMgT110UDzjYNUQryYFZcCZ5KgnmGk24SCc/A4/GpZ4U95Vv5XGqKhloQjbH7bFneUbZbC0vghkTeu8g0Z+o8F3+orC80YDk5ZN/9Nh3Mrg9nUBbDBcZJzSdCeoV+uz6QZQ0k49/LZocqRr7h3LEKFptHSCrYjkGJ345srVHD+BH4ECNc437ch9wIDAQABoycwJTAjBgNVHSUEHDAaBggrBgEFBQcDAQYIKwYBBQUHAwIGBFUdJQAwDQYJKoZIhvcNAQENBQADggEBAIvn/AYi52CPwI/e61DIn92QLg/IBu+kJrlGKtP9kgYA+Lryanr0oUEstvisRDhXRT5ldETnmNZRORAiDgkrYYB+d5Q4ZPlOmkCI9+AXscZlVo2BBkcCQz+P7QdKMce6klyJuDSLWITSNrI8K8EwzuBOAKI2sGkDLqDGjULjYQSFiBFfxG7LNDysBF55KlirxGUo9RPV79rqoZu6ktZDYu5o3nahnr+ihM2mPdLcCQ5UTU6SFyHg9JloWIYTKlJAZMF6TCeugAHeyMA1lw0LtBj6Lnmw2hLTop9efh5lx4BUD7EC9wmAjXzEOeXQvlfgUlXCM6aEcHdjQto6FJYqhXo="
]
},
{
"kid": "6cfe3619-575c-4fc8-bc2e-93c4679e9597",
"kty": "EC",
"use": "enc",
"alg": "ES256",
"exp": 1561073429125,
"crv": "P-256",
"x": "ygYaHEJ_K6BsyytrhwpZhCUhxbqdhlrvAQxNiXVCcqU",
"y": "ueQdTEJKhVztvwvZ1PP9JxsJnUr3tpa__6EB6847Jxo",
"x5c": [
"MIIBeTCCAR6gAwIBAgIhANyU/vc997Sdp1P+5Um3SSq5Nb1/8zA+I8U62PfyAf3kMAoGCCqGSM49BAMCMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwHhcNMTgwNjIwMjMzMDIwWhcNMTkwNjIwMjMzMDI5WjAhMR8wHQYDVQQDDBZveEF1dGggQ0EgQ2VydGlmaWNhdGVzMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEygYaHEJ/K6BsyytrhwpZhCUhxbqdhlrvAQxNiXVCcqW55B1MQkqFXO2/C9nU8/0nGwmdSve2lr//oQHrzjsnGqMnMCUwIwYDVR0lBBwwGgYIKwYBBQUHAwEGCCsGAQUFBwMCBgRVHSUAMAoGCCqGSM49BAMCA0kAMEYCIQDo09q+5BQTRYH0S5+PK+EtRoVU15zI6Ft4uKPybYJWFgIhAM6o3ii31FywgTVtfXDkum6bhWDQKRs5RhuFfGYdOc8q"
]
},
{
"kid": "8ee2b879-5dfe-42ca-b742-1aa93fceff29",
"kty": "EC",
"use": "enc",
"alg": "ES384",
"exp": 1561073429125,
"crv": "P-384",
"x": "Ih1ypqTnXBLPrglExe8sqdcFz3rrr03DbvR5_Xvw_IwsM2kzce6Hd-Hc790K1s-q",
"y": "hknuOyqeyjQwclOfx4jMKRGFmpNWmpFEqQAe662VXCxG593cuQu30nhVmCN73JmF",
"x5c": [
"MIIBtTCCATugAwIBAgIhAPV82DRA3dvertyMp55hHrRb9wpV3o0cd0so18r5GhunMAoGCCqGSM49BAMDMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwHhcNMTgwNjIwMjMzMDIwWhcNMTkwNjIwMjMzMDI5WjAhMR8wHQYDVQQDDBZveEF1dGggQ0EgQ2VydGlmaWNhdGVzMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEIh1ypqTnXBLPrglExe8sqdcFz3rrr03DbvR5/Xvw/IwsM2kzce6Hd+Hc790K1s+qhknuOyqeyjQwclOfx4jMKRGFmpNWmpFEqQAe662VXCxG593cuQu30nhVmCN73JmFoycwJTAjBgNVHSUEHDAaBggrBgEFBQcDAQYIKwYBBQUHAwIGBFUdJQAwCgYIKoZIzj0EAwMDaAAwZQIxAIbLx3RPOZDHMasFfWsvK6nR7WrCks8jHK+MQu5HGJ9K5puaHYTsHwW8FBTu470U4AIwTE7rkPkVWU2sWVQiJ2wdbTfy5KHGngonuntiX/Xhs/UM9ZHgsf8NFyNwztgFUzKZ"
]
},
{
"kid": "1e67353e-462c-4e12-894a-4abd90c1f00c",
"kty": "EC",
"use": "enc",
"alg": "ES512",
"exp": 1561073429125,
"crv": "P-521",
"x": "Acw4HDVc5NzzRz0YkfNh2j-X17lNsubsfKw3-xsAvgkSQQR7HL0CcHFprUuEbNWdOQJR5Mhy3EzckMCUkCA2_c1j",
"y": "zGaAsv7hJE-Vf7LNQKkfL5Al7NwcPc_qGMa1xvWIIKMukmbVs_06TAxc63FBp1RDR5A2d4OpsokKEZOD7wGfH04",
"x5c": [
"MIIB/zCCAWCgAwIBAgIgW7V/nO5c7fxR3JAke8t6XA4w8l3eUsYlL53M2r9i3PowCgYIKoZIzj0EAwQwITEfMB0GA1UEAwwWb3hBdXRoIENBIENlcnRpZmljYXRlczAeFw0xODA2MjAyMzMwMjBaFw0xOTA2MjAyMzMwMjlaMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYABAHMOBw1XOTc80c9GJHzYdo/l9e5TbLm7HysN/sbAL4JEkEEexy9AnBxaa1LhGzVnTkCUeTIctxM3JDAlJAgNv3NYwDMZoCy/uEkT5V/ss1AqR8vkCXs3Bw9z+oYxrXG9Yggoy6SZtWz/TpMDFzrcUGnVENHkDZ3g6myiQoRk4PvAZ8fTqMnMCUwIwYDVR0lBBwwGgYIKwYBBQUHAwEGCCsGAQUFBwMCBgRVHSUAMAoGCCqGSM49BAMEA4GMADCBiAJCAIob2prewofAo0dxNl/RtsP9UKVQhIkBTWkIsSzQjawBzrCMlUD0VeJN7mP5nZmRVAFiP0p2wGKeorHE73IpEou+AkIB+eugeCV4b7gKpgosC9ERkAxGGVtJ5FRHcvisBrasVebhFdw3VwtfV0Nr/3tjLAOlCtXbLaprpchali+Kn+qCh/8="
]
}
]
}

In this resource you can see that for kty = RSA it includes both use == sig and use == enc.

When the JwkSetConverter parses this file it ends up failing when it encounters an RSA key with use == enc. Refer to: org.springframework.security.oauth2.provider.token.store.jwk.JwkSetConverter.createRsaJwkDefinition(Map<String, String>)

Why does the implementation explicitly fail when use != sig?
@msamusenka
Copy link
Contributor

Just faced the same issue on Gluu integration.

@troyhart were you able to find a work-around for it without recompiling from spring sources?

msamusenka added a commit to msamusenka/spring-security-oauth that referenced this issue Dec 21, 2018
@msamusenka
closes spring-attic#1470
2d5e8ea 
skip unsupported public key use (enc) without discarding the entire set
@msamusenka msamusenka mentioned this issue Dec 21, 2018
Closed
@jgrandja jgrandja self-assigned this Feb 18, 2019
@jgrandja jgrandja added this to the 2.3.5 milestone Feb 18, 2019
@jgrandja jgrandja changed the title JwkSetConverter fails when (RSA) key definition includes use: "enc" JwkSetConverter fails when public key use is "enc" Feb 18, 2019
@jgrandja
Copy link
Contributor

@troyhart This is now fixed via 1e5536a. Thanks for the report.

@jgrandja jgrandja mentioned this issue Feb 18, 2019
Closed
jgrandja pushed a commit that referenced this issue Feb 18, 2019
@msamusenka @jgrandja
JwkSetConverter excludes enc keys
799fb1a 
skip unsupported public key use (enc) without discarding the entire set

Fixes gh-1470
@jgrandja jgrandja mentioned this issue Feb 18, 2019
Closed
jgrandja pushed a commit that referenced this issue Feb 18, 2019
@msamusenka @jgrandja
JwkSetConverter excludes enc keys
96f85b0 
skip unsupported public key use (enc) without discarding the entire set

Fixes gh-1470
@jgrandja jgrandja mentioned this issue Feb 18, 2019
Closed
jgrandja pushed a commit that referenced this issue Feb 18, 2019
@msamusenka @jgrandja
JwkSetConverter excludes enc keys
35bc0f2 
skip unsupported public key use (enc) without discarding the entire set

Fixes gh-1470
@jgrandja jgrandja mentioned this issue May 28, 2020
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@jgrandja jgrandja

Labels
type: bug
Milestone
2.3.5
Development

No branches or pull requests
3 participants
@troyhart @jgrandja @msamusenka