-
Notifications
You must be signed in to change notification settings - Fork 44
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add x5c and verify public key against x5c when extracting a public key from a JSON Web Key #24
Comments
Regarding the x5c material itself - it seems at the minimum, it would be nice to provide a feature to validate the certificate against the CAs known by the JVM |
I can take a look at adding that capability. |
Release 3.6.0 w/ validation for x5c. I'll keep this open to still look at adding certificate verification options. |
Hello @robotdan Came across this discussion while searching on the internet for the issue I am getting while trying to verify my Id Token. I am using fusionauth-jwt library to verify ID token signed by RSA SHA 256 key.
Getting issue at the time of creating verifier instance because the x5c element contains Base64Encoded value and not the .pem format value which begins with "-----BEGIN" Class "io.fusionauth.pem.PEMDecoder.java" expects "-----BEGIN" which is not present in key.x5c and hence throwing exception "throw new PEMDecoderException(new InvalidParameterException("Unexpected PEM Format")); Screenshot of PEMDecoder.java Please could you suggest how to fix it. |
@GokulMahajan20 - it looks like we are expect the key to be PEM encoded. The Could you just pass in the byte array instead?
Would that work for you? |
Issue
Inbound thread from Nightwatch Cybersecurity Research
Solution
Add the x5c to the JSON Web Key when parsing a certificate, and when extracting a public key from a JSON Web key, attempt to verify the public key against the x5c if possible.
Solution notes
From what I can gather, a consumer of the JWKs may just use the certificate directly if available in the x5c parameter and not trust or parse the public key components.
However, if we also verify the response has not been modified by verifying the key components such as
e
, andn
for RSA keys, or thex
andy
coordinates for an EC key, we should be able to detect when the public key represented by the JSON Web key does not match thex5c
parameter.With all that said, it seems to me if you are concerned about the thread of MITM when consuming JWKS, you should only accept JWKS from a TLS endpoint which has HSTS enabled. Or, only accept a JWK if it is published with the x5c and ignore the public key components in the JWK response.
If you were to be accepting a JSON Web Key from an endpoint that had been compromised by a MITM, it would seem to me the easier way to mess with someone is to remove the
x5c
parameter AND modify the public key components so it could not be verified. I do not know why you'd modify the public key components and NOT remove thex5c
.In any case, it doesn't hurt to perform some additional validation against the JSON Web Key to ensure the public key components match up with the certificate if found in the
x5c
parameter if we think it may help security some fashion.The text was updated successfully, but these errors were encountered: