How to Decode JWT RS256 token using .cer file Provided?

Question

I converting Certificate to publickey and passing to JwtConsumer using below Code:

  jwt = "eU13VUDPQsLv2fvbCPEyeuQubditVOguIa2UWvaMhx2ES7cMlTL8F6IgplgpG_H7bXpduPnFUncn7zUYRXmvw_Bts8EfqICeGa5db6RGmofeA01OqowgCfxhWLwmU786riJIT0twMFe...............................BzR7DOvqsahbsx93yKqB_5Q";
            // read public key from a file or config or something
            String publicKeyPEM =
                    "-----BEGIN CERTIFICATE-----\n" +
                            "MIIFuDCCBKCgAwIBAgIQXQ/D2sE/XdZYvdViF83mMzANBgkqhkiG9w0BAQsFADB+\n" +
.........................................................................................................                                                      "saQRa7TBj6gAdlYwJVR+4hpLngANpwAG+bXHuEs+Ns/dE/s+b7aUb8/IJTWNtaaQ\n" +
                            "lMvr/4xtT6ZNCiaIM3uvIvzHqPxCn3sWa94FP9FIg3mbIia1ZbUx8NyMpETOjxaO\n" +
                            "X242VTjKf7mLCqibyn3kj93zZjgNa0AlbF/QdE9z4tQ58BwoDVlNK4mGv7Uq2nca\n" +
                            "2qTrgWcVVKyhKMnytiQ4LTs5O45R/YNbnEH7CA==\n" +
                            "-----END CERTIFICATE-----";


            RsaKeyUtil rsaKeyUtil = new RsaKeyUtil();
            PublicKey publicKey = rsaKeyUtil.fromPemEncoded(publicKeyPEM);

            // create a JWT consumer
            JwtConsumer jwtConsumer = new JwtConsumerBuilder()
                    .setRequireExpirationTime()
                    .setVerificationKey(publicKey)
                    .build();

            // validate and decode the jwt
            JwtClaims jwtDecoded = jwtConsumer.processToClaims(jwt);

However I get the below error while creating a PublicKey instance.

Starting Applicationjava.security.InvalidKeyException: IOException: ObjectIdentifier() -- data isn't an object ID (tag = -96)

What could be the reason for this? JWT.IO shows Signature is valid.

The certificate recived is in .cer format.

score 5 · Accepted Answer · answered Oct 31 '17 at 06:14

-----BEGIN CERTIFICATE----- means you have a certificate, not a public key. A certificate contains the public key

InputStream is = new          ByteArrayInputStream(pemString.getBytes("UTF-8));
CertificateFactory cf = CertificateFactory.getInstance("X.509");
Certificate cert = cf.generateCertificate(is);
PublicKey publicKey= cert.getPublicKey();

score 0 · Answer 2 · answered Oct 31 '17 at 05:54

0

If I remember correctly you have to:

Remove -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----
Remove all the \n occurrences

This is what I had to do to read a certificate using JCE API.

answered Oct 31 '17 at 05:54

chkal

5,598
21
26

I tried removing above 2 things But I get the below error : String index out of range: -26 – Balu mallisetty Oct 31 '17 at 06:00
CertificateFactory can read either PEM _or_ DER. If you want to convert PEM to DER even though it's unnecessary, you must remove the BEGIN and END lines _and convert base64 to binary ignoring the linebreaks_; some base64 decoders ignore the linebreaks automatically while others require you remove them first. _KeyFactory_ instances handling "X.509" (really SPKI) and "PKCS#8" require DER so _those_ you must convert. – dave_thompson_085 Oct 31 '17 at 08:10

How to Decode JWT RS256 token using .cer file Provided?

2 Answers2