Expand my Community achievements bar.

Dive into Adobe Summit 2024! Explore curated list of AEM sessions & labs, register, connect with experts, ask questions, engage, and share insights. Don't miss the excitement.
SOLVED

InvalidKeyException while generating jwt in AEM 6.2

Avatar

Level 3

Hi,

I have created a OSGi service to generate JWT to connect ACS REST API. Following is my code

// Expiration time in seconds

        Long expirationTime = 86400L;

        // Metascopes associated to key

        String metascopes[] = new String[]{"ent_campaign_sdk"};

        String imsHost = "ims-na1.adobelogin.com";

        // Secret key as byte array. Secret key file should be in DER encoded format.

        byte[] privateKeyFileContent = Files.readAllBytes(Paths.get("/Users/divyas/Desktop/key/private.key"));

        // Create the private key

        KeyFactory keyFactory = KeyFactory.getInstance("RSA");

        KeySpec ks = new PKCS8EncodedKeySpec(privateKeyFileContent);

        RSAPrivateKey privateKey = (RSAPrivateKey) keyFactory.generatePrivate(ks);

        // Create JWT payload

        Map jwtClaims = new HashMap<>();

        jwtClaims.put("iss", ORG_ID);

        jwtClaims.put("sub", TECHNICAL_ACC_ID);

        jwtClaims.put("exp", expirationTime);

        jwtClaims.put("aud", "https://" + imsHost + "/c/" + API_KEY);

        for (String metascope : metascopes) {

            jwtClaims.put("https://" + imsHost + "/s/" + metascope, TRUE);

        }

   

        // Create the final JWT token

        String jwtToken = Jwts.builder().setClaims(jwtClaims).signWith(RS256, privateKey).compact();

i have stored private.key and certificate in my local and referring in service. But i am getting following error

java.security.spec.InvalidKeySpecException: java.security.InvalidKeyException: invalid key format

at sun.security.rsa.RSAKeyFactory.engineGeneratePrivate(RSAKeyFactory.java:217)

at java.security.KeyFactory.generatePrivate(KeyFactory.java:372)

Caused by: java.security.InvalidKeyException: invalid key format

at sun.security.pkcs.PKCS8Key.decode(PKCS8Key.java:331)

at sun.security.pkcs.PKCS8Key.decode(PKCS8Key.java:357)

at sun.security.rsa.RSAPrivateCrtKeyImpl.<init>(RSAPrivateCrtKeyImpl.java:91)

at sun.security.rsa.RSAPrivateCrtKeyImpl.newKey(RSAPrivateCrtKeyImpl.java:75)

at sun.security.rsa.RSAKeyFactory.generatePrivate(RSAKeyFactory.java:316)

at sun.security.rsa.RSAKeyFactory.engineGeneratePrivate(RSAKeyFactory.java:213)

am i missing any step? should i add my public certificate locally in cacerts?

Help me in this.

Thanks in advance

Divya

1 Accepted Solution

Avatar

Correct answer by
Community Advisor

Divya,

  As scott mentioned this more or like looks like your code issue than anything related to AEM. Just try to create a standalone JAVA code and make this work before applying it as OSGI bundle. As the error says it has something to do with the key format.

I don't know if this helps , but just did a search for that particular error java - InvalidKeySpecExeption when loadding the RSA private key from file - Stack Overflow

java.security.InvalidKeyException: invalid key format on generating RSA public key - Stack Overflow

https://stackoverflow.com/questions/25622894/java-security-invalidkeyexception-invalid-key-format-on...

View solution in original post

7 Replies

Avatar

Level 10

Can you get this code to work in only Eclipse? When using Java like this - make sure you can get this working outside of AEM before trying to get it running within an OSGi bundle.

Avatar

Level 3

I already tried making this code to work only in Eclipse. But i am getting the same error.

Avatar

Level 3

Trying a way to solve this issue and making this code to work only in Eclipse. Looking whether i should add any public certificate locally

Avatar

Level 10

Solve this outside of AEM and  then you can port to an OSGi.

Avatar

Correct answer by
Community Advisor

Divya,

  As scott mentioned this more or like looks like your code issue than anything related to AEM. Just try to create a standalone JAVA code and make this work before applying it as OSGI bundle. As the error says it has something to do with the key format.

I don't know if this helps , but just did a search for that particular error java - InvalidKeySpecExeption when loadding the RSA private key from file - Stack Overflow

java.security.InvalidKeyException: invalid key format on generating RSA public key - Stack Overflow

https://stackoverflow.com/questions/25622894/java-security-invalidkeyexception-invalid-key-format-on...

Avatar

Employee Advisor

I was getting the same problem. I solved it by using the following code

keyString  = keyString.replaceAll("\\n", "").replace("-----BEGIN PRIVATE KEY-----", "").replace("-----END PRIVATE KEY-----", "");

            System.out.println("The sanitized key string is "+keyString);

            // Create the private key

            KeyFactory keyFactory = KeyFactory.getInstance("RSA");

            System.out.println("The key factory algorithm is "+keyFactory.getAlgorithm());

            byte []byteArray = keyString.getBytes();

            System.out.println("The array length is "+byteArray.length);

            //KeySpec ks = new PKCS8EncodedKeySpec(Base64.getDecoder().decode(keyString));

            byte[] encoded = javax.xml.bind.DatatypeConverter.parseBase64Binary(keyString);

            //KeySpec ks = new PKCS8EncodedKeySpec(byteArray);

            KeySpec ks = new PKCS8EncodedKeySpec(encoded);

Do not use the Base64.getDecoder to decode. I used the DatatypeConverter and it seems to work fine

Avatar

Level 2

Is this solved? How did you generated the the private.key. In this line - byte[] privateKeyFileContent = Files.readAllBytes(Paths.get("/Users/divyas/Desktop/key/private.key"))