Description
Version(s) affected
3.1.3
Description
I am trying to use this library to verify a JWS token. Version 3.1.2 works successfully but when I updated to 3.1.3, it throws an exception:
openssl_verify(): Supplied key param cannot be coerced into a public key in /app/vendor/web-token/jwt-framework/src/SignatureAlgorithm/RSA/RSAPKCS1.php on line 25
I found the reason is because the public PEM data generated from the RSAKey class method "toPEM()" is not valid.
I'm not sure why but the content coming out of that method is drastically different:
Version 3.1.2 RSAKey->toPEM() result:
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAz62tHQzm4fDHipqlcrNh
C1gUdn0N38pmlcQbVlLvtZf1aRm1OO43cB9YQyWr1MsTrYH4nyWZDMPIGY/BsIfY
w1lp9fo2D1tpG2vtCaKRETVimu+N9DySQ9vYs6n8lG0vXy/spK7sGrOLFooijDSt
0LYrYrZY9UI3OkyEAKUbZLJhxi7nT3CPtMCYDUMIIt1LgWdR6+ha5fQQrWF7Ybyi
MNmITg64DZ9yof4+OfouNE2dFXGl3Nr92HaugXbMZF/pILpcB61NT215aql1ifVX
vEyGAsyPBnxIcjadfcgQ0UUtepN2BJRj/pq55jfQR2Nl0e11JeKEIPR3ypqvKeDI
10Cl+qr9GpU0rFfw2vcp8IHTNrAeam4nTRDVCmXGwiMaLifAKbvfGwxaA2mHbO5i
4669KiPf/lXAQz9FzAZZRwpdM1FTB9BlB5R+JgvtBabP5ZGhqlUOgkJM/4UfrpcI
kS8Ub4Y60QvPkInCGBMHNdUqpJUkLoA5Mddl8hVW+cMjC2qCckgT1KgZxIsZTgOJ
XCARX1IObFJNoinxYJ5SNX9bCSRtgefuBKE7BSNukAkHyBPf+++kEi9GbYXzlJr+
yCMAIsA0UoiEx264hkAF9zF+N1yRhS/QmrhzU5hpj1IE8WRCqyIZV8f/IbSGXBue
7MmgknLVRWHuGqehkTSfiNECAwEAAQ==
-----END PUBLIC KEY-----
Version 3.1.2 RSAKey->toPEM() result:
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAz62tHQzm4fDHipqlcrNhC1gUdn0N38pmlcQbVlLvtZf1aRm1OO43
cB9YQyWr1MsTrYH4nyWZDMPIGY/BsIfYw1lp9fo2D1tpG2vtCaKRETVimu+N9DyS
Q9vYs6n8lG0vXy/spK7sGrOLFooijDSt0LYrYrZY9UI3OkyEAKUbZLJhxi7nT3CP
tMCYDUMIIt1LgWdR6+ha5fQQrWF7YbyiMNmITg64DZ9yof4+OfouNE2dFXGl3Nr9
2HaugXbMZF/pILpcB61NT215aql1ifVXvEyGAsyPBnxIcjadfcgQ0UUtepN2BJRj
/pq55jfQR2Nl0e11JeKEIPR3ypqvKeDI10Cl+qr9GpU0rFfw2vcp8IHTNrAeam4n
TRDVCmXGwiMaLifAKbvfGwxaA2mHbO5i4669KiPf/lXAQz9FzAZZRwpdM1FTB9Bl
B5R+JgvtBabP5ZGhqlUOgkJM/4UfrpcIkS8Ub4Y60QvPkInCGBMHNdUqpJUkLoA5
Mddl8hVW+cMjC2qCckgT1KgZxIsZTgOJXCARX1IObFJNoinxYJ5SNX9bCSRtgefu
BKE7BSNukAkHyBPf+++kEi9GbYXzlJr+yCMAIsA0UoiEx264hkAF9zF+N1yRhS/Q
mrhzU5hpj1IE8WRCqyIZV8f/IbSGXBue7MmgknLVRWHuGqehkTSfiNECAwEAAQ==
-----END RSA PUBLIC KEY----
print_r of JWK
Jose\Component\Core\JWK Object
(
[values:Jose\Component\Core\JWK:private] => Array
(
[iss] => auth-service
[use] => sig
[kid] => 9c249846-1942-59d7-55f8-15c773019879
[kty] => RSA
[n] => z62tHQzm4fDHipqlcrNhC1gUdn0N38pmlcQbVlLvtZf1aRm1OO43cB9YQyWr1MsTrYH4nyWZDMPIGY_BsIfYw1lp9fo2D1tpG2vtCaKRETVimu-N9DySQ9vYs6n8lG0vXy_spK7sGrOLFooijDSt0LYrYrZY9UI3OkyEAKUbZLJhxi7nT3CPtMCYDUMIIt1LgWdR6-ha5fQQrWF7YbyiMNmITg64DZ9yof4-OfouNE2dFXGl3Nr92HaugXbMZF_pILpcB61NT215aql1ifVXvEyGAsyPBnxIcjadfcgQ0UUtepN2BJRj_pq55jfQR2Nl0e11JeKEIPR3ypqvKeDI10Cl-qr9GpU0rFfw2vcp8IHTNrAeam4nTRDVCmXGwiMaLifAKbvfGwxaA2mHbO5i4669KiPf_lXAQz9FzAZZRwpdM1FTB9BlB5R-JgvtBabP5ZGhqlUOgkJM_4UfrpcIkS8Ub4Y60QvPkInCGBMHNdUqpJUkLoA5Mddl8hVW-cMjC2qCckgT1KgZxIsZTgOJXCARX1IObFJNoinxYJ5SNX9bCSRtgefuBKE7BSNukAkHyBPf---kEi9GbYXzlJr-yCMAIsA0UoiEx264hkAF9zF-N1yRhS_QmrhzU5hpj1IE8WRCqyIZV8f_IbSGXBue7MmgknLVRWHuGqehkTSfiNE
[e] => AQAB
[exp] => 1672168479
)
)
How to reproduce
- Create a private and public RSA key
- Create a token that is signed by the RSA key
- Verify the JWT with the JWSVerifier->verifyWithKeySet() method
Possible Solution
No response
Additional Context
No response