0

I want to expose public keys on a URL, I think something like this:

return keySet.toJson(OutputControlLevel.PUBLIC_ONLY);

but when I try to consume from the URL:

HttpsJwks keyUrl = new HttpsJwks("https://dmdcggwvwj.execute-api.ca-central-1.amazonaws.com/authBeta/z/key");
List<JsonWebKey> keySet = keyUrl.getJsonWebKeys();

I get this exception:

java.lang.ClassCastException: java.lang.String cannot be cast to org.jose4j.json.JsonUtil$DupeKeyDisallowingLinkedHashMap

What am I missing here?

4

1 回答 1

0

https://dmdcggwvwj.execute-api.ca-central-1.amazonaws.com/authBeta/z/key返回的内容如下所示,所有引号都已转义(似乎有一轮 JSON 转义或应用到它的处理):

"{\"keys\":[{\"kty\":\"RSA\",\"n\":\"iCSHtMjeCc0RTNw1uVAlciaBtGOgOV7dhtbbjfzfWYdVxQN9tB4Z0gI_4nIcrzLvzg_Sm_iJKUsZuU29JM0tgFvXwfb_pkFL8E7HmbiKaLtL8QofGHkGPbCTCyJ-8YPu3uVLgUmyCKGmShBqWIm_VOSGGivZwYjK4-ONbYC5DrVO0yIzRKnF7ZtfCCxVkkI3D8_-_0anViVmSnsQimLCFfPJwgOmoRFFZENQOFYEyHmGTcQkDEDDePvWAwb32FTZBKgs09CuLiP-n7GhqtUW6RbnL8hwPm9GlLEYa3MahjVEeI23j6r_dlttzVZyW99gXdUUqrkRmrRrYOJnmtQzKQ\",\"e\":\"AQAB\"}]}"

jose4j 中的小 JSON 解析器将整个内容解析为单个字符串。错误消息可能要好得多,但基本上它期望一个 JSON 对象将被解析为 Map,并且在将解析的对象转换为 Map 时失败。

而直接来自的输出keySet.toJson(OutputControlLevel.PUBLIC_ONLY)将是这样的:

{"keys":[{"kty":"RSA","n":"iCSHtMjeCc0RTNw1uVAlciaBtGOgOV7dhtbbjfzfWYdVxQN9tB4Z0gI_4nIcrzLvzg_Sm_iJKUsZuU29JM0tgFvXwfb_pkFL8E7HmbiKaLtL8QofGHkGPbCTCyJ-8YPu3uVLgUmyCKGmShBqWIm_VOSGGivZwYjK4-ONbYC5DrVO0yIzRKnF7ZtfCCxVkkI3D8_-_0anViVmSnsQimLCFfPJwgOmoRFFZENQOFYEyHmGTcQkDEDDePvWAwb32FTZBKgs09CuLiP-n7GhqtUW6RbnL8hwPm9GlLEYa3MahjVEeI23j6r_dlttzVZyW99gXdUUqrkRmrRrYOJnmtQzKQ","e":"AQAB"}]}

jose4j 可以解析/处理它。

我认为您需要查看 authBeta/z/key 端点上发生的情况,并找到并停止进行额外的转义。

于 2017-10-25T16:26:16.130 回答