How to convert String to Private Key and set it to JsonWebSignature

Question

I already have a private key stored in a database as varchar2 and stored in a variable named Key as shown in code. Below is my piece of code to set this private key to JsonWebSignature but I am getting an error like

The method setKey(Key) in the type JsonWebStructure is not applicable for the arguments (String)

I don't want to generate a new RSA key as I already have it.

public static String getJWTToken(String userName) throws JoseException {

    JwtClaims claims = new JwtClaims();
    claims.setAudience(Constants.AUDIENCE);
    claims.setIssuer(InitialLoader.JWT_KEY);//Getting from config property file
    claims.setIssuedAtToNow();      
    NumericDate tokenExpDate = NumericDate.now();
    tokenExpDate.addSeconds(Constants.SECONDS);
    claims.setExpirationTime(tokenExpDate);

    if(userName!=null && !userName.isEmpty())
        claims.setClaim("userName", userName);

    System.out.println("Senders end :: " + claims.toJson());

    // SIGNING the token
    String key = "jxFd%asdjd";
    RsaJsonWebKey jsonSignKey = RsaJwkGenerator.generateJwk(2048);
    JsonWebSignature jws = new JsonWebSignature();
    //jws.setKey(jsonSignKey.getPrivateKey());
    jws.setKey(key);// Getting error here
    jws.setPayload(claims.toJson());
    jws.setHeader("typ", Constants.TYP);
    jws.setAlgorithmHeaderValue(AlgorithmIdentifiers.HMAC_SHA256);// Setting the algorithm to be used
    String signedJwt = jws.getCompactSerialization();// payload is signed using this compactSerialization
    System.out.println("Signed key for sender is::" + signedJwt);

    return signedJwt;
}

String key = "jxFd%asdjd"; This is the key i want to set – rahul kumar Sep 26 '18 at 08:47 — rahul kumar, Sep 26 '18 at 08:47

Bentaye · Answer 1 · 2018-09-26T10:44:31.257

0

You do:

String key = "jxFd%asdjd";
....
jws.setKey(key);// Getting error here

The signature of the setKey method is public void setKey(Key key) So you need to pass it a Key. You are passing it a String so it won't compile. You need to make a Key out of your String.

Not sure how to do that though.

EDIT:

I guess you could do something along these lines:

String keyString = "jxFd%asdjd";
PublicJsonWebKey originalKey = PublicJsonWebKey.Factory.newPublicJwk(keyString);

JsonWebSignature jws = new JsonWebSignature();
jws.setKey(originalKey.getPrivateKey());

But that won't work as the newPublicJwk method is expecting a JSON string. Did you get your key out of a JSON String?

edited Sep 26 '18 at 10:44

answered Sep 26 '18 at 09:40

Bentaye

9,403
5
32
45

Tried with the same:--String key = "jxFd%asdjd"; byte[] decodedKey = Base64.getDecoder().decode(key); SecretKey originalKey = new SecretKeySpec(decodedKey, 0, decodedKey.length, "HS256"); – rahul kumar Sep 26 '18 at 10:23
Getting exception : Exception in thread "main" java.lang.IllegalArgumentException: Illegal base64 character at byte[] decodedKey = Base64.getDecoder().decode(key); – rahul kumar Sep 26 '18 at 10:26
your string is not a valid Base64 string. See my last edit, did you get the key out of some JSON? – Bentaye Sep 26 '18 at 10:45

score 0 · Answer 2 · answered Sep 27 '18 at 05:22

I have got the solution to my problem. Below is my piece of code where "key" is "RSAPrivateKey".
public static String getJWTToken(String userName) throws JoseException {

    JwtClaims claims = new JwtClaims();
    claims.setAudience(Constants.AUDIENCE);
    claims.setIssuer(InitialLoader.JWT_KEY);
    claims.setIssuedAtToNow();      
    NumericDate tokenExpDate = NumericDate.now();
    tokenExpDate.addSeconds(Constants.SECONDS);
    claims.setExpirationTime(tokenExpDate);

    if(userName!=null && !userName.isEmpty())
        claims.setClaim("userName", userName);

    System.out.println("Senders end :: " + claims.toJson());

    // SIGNING the token
    PrivateKey privateKey = null;
    try {
        Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
        System.out.println("InitialLoader.RSAPrivateKey is::"+InitialLoader.RSAPrivateKey);
        byte[] content = Files.readAllBytes(Paths.get(InitialLoader.RSAPrivateKey));//from config file

        String pkcs8Pem = new String(content, StandardCharsets.UTF_8);
        byte[] pkcs8EncodedBytes = org.apache.commons.codec.binary.Base64.decodeBase64(pkcs8Pem);
        KeyFactory factory = KeyFactory.getInstance("RSA");
        PKCS8EncodedKeySpec privKeySpec = new PKCS8EncodedKeySpec(pkcs8EncodedBytes);
        privateKey = factory.generatePrivate(privKeySpec);
    } catch (FileNotFoundException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    } catch (NoSuchAlgorithmException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    } catch (InvalidKeySpecException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    } catch (IOException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    }

    JsonWebSignature jws = new JsonWebSignature();
    jws.setKey(privateKey);
    jws.setPayload(claims.toJson());
    jws.setHeader("typ", Constants.TYP);
    jws.setAlgorithmHeaderValue(AlgorithmIdentifiers.HMAC_SHA256);// Setting the algorithm to be used
    String signedJwt = jws.getCompactSerialization();// payload is signed using this compactSerialization
    System.out.println("Signed key for sender is::" + signedJwt);

    return signedJwt;
}

How to convert String to Private Key and set it to JsonWebSignature

2 Answers2