【发布时间】:2016-07-31 12:27:36
【问题描述】:
我移植了一个有效的 Java 代码,用于验证使用 SHA-2 ES256 私钥的椭圆曲线数字签名 (ECDSA) 签名的 JWT。
以下异常,如果我理解正确的话,表明底层运行时平台不支持 ES256。
我很惊讶,因为 AWS Lambda 可以在最近的 Java 8 开放 jdk 上运行,而且我认为加密是预先安装的。
我错过了什么?
这是 JOSE4J 中的错误吗? AWS Lambda 基础设施的限制?
Caused by: org.jose4j.lang.UnresolvableKeyException: Unable to find a suitable verification key for JWS w/ header {"kid":"staging_0","alg":"ES256"} due to an unexpected exception (org.jose4j.lang.InvalidAlgorithmException: ES256 is an unknown, unsupported or unavailable alg algorithm (not one of [none, HS256, HS384, HS512, RS256, RS384, RS512]).) selecting from keys: [org.jose4j.jwk.EllipticCurveJsonWebKey{kty=EC, kid=staging_0, x=jz84fmrLuG5T9cnT-ydQdGjqk2iX2PsVYIcABTkXiqc, y=6oGYrjWEjhUSea5q7izitbcp5o7QlkArnm49OA0cPlI, crv=P-256}, org.jose4j.jwk.EllipticCurveJsonWebKey{kty=EC, kid=prod_0, x=cd5u73HnAueI1mgjuk9JSvU0ekonRCafffwaG-_D5VM, y=QjOMm1fqw3Aevkzzd-RVmlcmGMwPS9uajFN4nLnTwFc, crv=P-256}]
at org.jose4j.keys.resolvers.JwksVerificationKeyResolver.resolveKey(JwksVerificationKeyResolver.java:54)
at org.jose4j.jwt.consumer.JwtConsumer.processContext(JwtConsumer.java:190)
... 6 more
Caused by: org.jose4j.lang.InvalidAlgorithmException: ES256 is an unknown, unsupported or unavailable alg algorithm (not one of [none, HS256, HS384, HS512, RS256, RS384, RS512]).
at org.jose4j.jwa.AlgorithmFactory.getAlgorithm(AlgorithmFactory.java:51)
at org.jose4j.jws.JsonWebSignature.getAlgorithm(JsonWebSignature.java:142)
at org.jose4j.jws.JsonWebSignature.getAlgorithm(JsonWebSignature.java:35)
at org.jose4j.jwk.SelectorSupport.commonFilterForInbound(SelectorSupport.java:49)
at org.jose4j.jwk.VerificationJwkSelector.selectList(VerificationJwkSelector.java:39)
at org.jose4j.jwk.VerificationJwkSelector.select(VerificationJwkSelector.java:33)
at org.jose4j.keys.resolvers.JwksVerificationKeyResolver.resolveKey(JwksVerificationKeyResolver.java:47)
... 7 more
【问题讨论】:
标签: java jwt aws-lambda jose4j