Decrypt my privateKey.pem file with passphrase within Quarkus

  Kiến thức lập trình

I’m writing a prototype application to explore JWT authentication with Quarkus, and see how I could eventually do JWT auth on a live website.

1/ My situation is that I can’t figure out how to get Quarkus to decrypt my privateKey.pem file in order to sign JWTs.

My application.property file contains the following:

mp.jwt.verify.issuer=https://nicholaskolatsis.com/issuer
smallrye.jwt.sign.key.location=jwt/private-key.pem
mp.jwt.verify.publickey.location=jwt/public-key.pem

I would like to add something like the following line to the configuration:

smallrye.jwt.sign.key.passphrase={reference-container-environment-variable}

The encrypted private key is causing the following error, which goes away when I manually decrypt it:

io.smallrye.jwt.build.JwtSignatureException: SRJWT05009: 
  at io.smallrye.jwt.build.impl.JwtSignatureImpl.sign(JwtSignatureImpl.java:109)
  at com.nicholaskolatsis.auth.AuthService.lambda$authenticate$0(AuthService.java:42)
....
Caused by: java.lang.IllegalArgumentException: SRJWT05028: Signing key can not be created from the loaded content
  at io.smallrye.jwt.build.impl.JwtSignatureImpl.sign(JwtSignatureImpl.java:102)
  ... 97 more

In the logs, we see (AuthService.java:42), which is the .sign() in the following:

            return Jwt.issuer(issuer)
                .upn(user.email)
                .groups(new HashSet<>(user.roles))
                .expiresIn(Duration.ofHours(1L))
                .sign();

2/ If you feel that the passphrase / environment variable approach to securing a private key is poor practice, feel free to suggest another approach for me to look into later.

  • jwt
  • quarkus
  • smallrye

Theme wordpress giá rẻ Theme wordpress giá rẻ Thiết kế website Kho Theme wordpress Kho Theme WP Theme WP

LEAVE A COMMENT