8000 Error on import of a public key (pem) · Issue #37066 · keycloak/keycloak · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content
Error on import of a public key (pem) #37066
New issue
New issue
Closed
#37462
Closed
Error on import of a public key (pem)#37066
#37462
Assignees
ssilvertagagancarczyk
Labels
area/admin/uiarea/authenticationIndicates an issue on Authentication areakind/bugCategorizes a PR related to a bugkind/regressionpriority/blockerHighest Priority. Has a deadline and it blocks other tasksrelease/26.1.3team/ui
Milestone
 
26.2.0
@peni4142

Description

@peni4142
peni4142
opened on Feb 4, 2025

Before reporting an issue

  • I have read and understood the above terms for submitting issues, and I understand that my issue may be closed without action if I do not follow them.

Area

authentication

Describe the bug

When I generate a public key by:

openssl genrsa -out test_key.pem 2048
openssl rsa -in test_key.pem -outform PEM -pubout -out test_key.pem.pub

The public key:

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0SW73wEevwlkoYqqabcx
jmafLB8W0O1KkxAOi8YvE/c+AY8BsKuQn8CCOQCAebr1OAZtLwEVed9037JXr2vv
Ll6qw1yZHklMq61/IommayvqIR661Gh+2SJIfBJl35ScnalJS87DV9VX8u8fo4St
nySi00CLThnb5fhC4ulf+hd54lF5RkXs9orl2wMzpuOy9G96n1UWqxkZVdoieTwq
sbXyweABL+h8amOPUeOHhGW4/Xm/iYviR4J9a/dl7/DHfL0LLliUHiDL1MQ8hq5I
y+TfBcnskowkbkq3qwfdlYGHSPCmNYzfy+Z31NN0QveC3pqxp5z7+Tw7X9Uq4Q6N
1wIDAQAB
-----END PUBLIC KEY-----

When I try to import the public key, then I get an popup what tells me about an unknown error and I should have look to the logs.
Same when I add it to the client and try to authenticate, then I get an error that it could not read the key.

Error from log:

2025-02-04 20:58:12,674 ERROR [org.keycloak.services.error.KeycloakErrorHandler] (executor-thread-95) Uncaught server error: java.lang.RuntimeException: org.keycloak.common.util.PemException: java.security.spec.InvalidKeySpecException: encoded key spec not recognized: failed to construct sequence from byte[]: corrupted stream - out of bounds length found: 126 >= 119
at org.keycloak.models.utils.KeycloakModelUtils.getPublicKey(KeycloakModelUtils.java:182)
at org.keycloak.services.resources.admin.ClientAttributeCertificateResource.updateCertFromRequest(ClientAttributeCertificateResource.java:206)
at org.keycloak.services.resources.admin.ClientAttributeCertificateResource.uploadJksCertificate(ClientAttributeCertificateResource.java:175)
at org.keycloak.services.resources.admin.ClientAttributeCertificateResource$quarkusrestinvoker$uploadJksCertificate_62d135313d8c52032b6783eec5ca70e1fff2cc65.invoke(Unknown Source)
at org.jboss.resteasy.reactive.server.handlers.InvocationHandler.handle(InvocationHandler.java:29)
at io.quarkus.resteasy.reactive.server.runtime.QuarkusResteasyReactiveRequestContext.invokeHandler(QuarkusResteasyReactiveRequestContext.java:141)
at org.jboss.resteasy.reactive.common.core.AbstractResteasyReactiveContext.run(AbstractResteasyReactiveContext.java:147)
at io.quarkus.vertx.core.runtime.VertxCoreRecorder$14.runWith(VertxCoreRecorder.java:635)
at org.jboss.threads.EnhancedQueueExecutor$Task.doRunWith(EnhancedQueueExecutor.java:2516)
at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2495)
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1521)
at org.jboss.threads.DelegatingRunnable.run(DelegatingRunnable.java:11)
at org.jboss.threads.ThreadLocalResettingRunnable.run(ThreadLocalResettingRunnable.java:11)
at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
at java.base/java.lang.Thread.run(Thread.java:1583)
Caused by: org.keycloak.common.util.PemException: java.security.spec.InvalidKeySpecException: encoded key spec not recognized: failed to construct sequence from byte[]: corrupted stream - out of bounds length found: 126 >= 119
at org.keycloak.common.crypto.PemUtilsProvider.decodePublicKey(PemUtilsProvider.java:92)
at org.keycloak.crypto.def.BCPemUtilsProvider.decodePublicKey(BCPemUtilsProvider.java:78)
at org.keycloak.common.util.PemUtils.decodePublicKey(PemUtils.java:65)
at org.keycloak.models.utils.KeycloakModelUtils.getPublicKey(KeycloakModelUtils.java:180)
... 14 more
Caused by: java.security.spec.InvalidKeySpecException: encoded key spec not recognized: failed to construct sequence from byte[]: corrupted stream - out of bounds length found: 126 >= 119
at org.bouncycastle.jcajce.provider.asymmetric.util.BaseKeyFactorySpi.engineGeneratePublic(Unknown Source)
at org.bouncycastle.jcajce.provider.asymmetric.rsa.KeyFactorySpi.engineGeneratePublic(Unknown Source)
at java.base/java.security.KeyFactory.generatePublic(KeyFactory.java:345)
at org.keycloak.common.util.DerUtils.decodePublicKey(DerUtils.java:69)
at org.keycloak.common.crypto.PemUtilsProvider.decodePublicKey(PemUtilsProvider.java:90)
... 17 more

Version

26.1.0

Regression

  • The issue is a regression

Expected behavior

That it accepts the public pem key.

Actual behavior

Does not accept the public key

How to Reproduce?

Generate a key

openssl genrsa -out test_key.pem 2048
openssl rsa -in test_key.pem -outform PEM -pubout -out test_key.pem.pub

and import it on the ui.

Anything else?

No response

Metadata

Metadata

Assignees

Labels

area/admin/uiarea/authenticationIndicates an issue on Authentication areakind/bugCategorizes a PR related to a bugkind/regressionpriority/blockerHighest Priority. Has a deadline and it blocks other tasksrelease/26.1.3team/ui

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions
    0