Key is of Invalid Type when parsing JWT Auth token in jwt-go

0
votes

I am setting up security middleware in a GoLang API and seem to have everything set up correctly, but I am getting an error ‘key is of invalid type’.

I have confirmed that my Signing algorithm is RS256 and the middleware options are configured @ SigningMethod: jwt.SigningMethodRS256

I have a valid token…everything else in the middleware passes.

The entry point to this error in the middleware is the jwt.ParseRSAPrivateKeyFromPEM method.

I’ve isolated the error down inside the package github.com/dgrijalva/jwt-go/rsa.go Verify() on line :62 is the ErrInvalidKeyType that is getting thrown. All the params up to the this point seem solid and appropriate (eg m|signingString|signature|key) but this key.(*rsa.PublicKey) is failing…in my debugger (GoLand) I inspect *rsa and am given the response ‘could not find symbol value for rsa’…

if rsaKey, ok = key.(*rsa.PublicKey); !ok {
    return ErrInvalidKeyType
}

please note…if it’s not already too obvious…i’m noob to GoLang

----- UPDATE -----

So at the most granular level the panic starts at go/1.12.8/libexec/src/crypto/rsa/rsa.go:49 with 

func (pub *PublicKey) Size() int {
    log.Printf("SIZE ::: %v :: %v",pub.N.BitLen(), pub.N)
    return (pub.N.BitLen() + 7) / 8
}

The pub is seen as a nil pointer dereference. I trace it back to mux -->

crypto/rsa.VerifyPKCS1v15(...) /usr/local/Cellar/go/1.12.8/libexec/src/crypto/rsa/pkcs1v15.go:275

github.com/dgrijalva/jwt-go.(*SigningMethodRSA).Verify(...) /Users/me/Sandbox/src/github.com/dgrijalva/jwt-go/rsa.go:73

github.com/dgrijalva/jwt-go.(*Parser).ParseWithClaims(...) /Users/me/Sandbox/src/github.com/dgrijalva/jwt-go/parser.go:77

github.com/dgrijalva/jwt-go.(*Parser).Parse(...) /Users/btschirhart/Sandbox/src/github.com/dgrijalva/jwt-go/parser.go:20

github.com/dgrijalva/jwt-go.Parse(...) /Users/me/Sandbox/src/github.com/dgrijalva/jwt-go/token.go:89

github.com/auth0/go-jwt-middleware.(*JWTMiddleware).CheckJWT(...) /Users/me/Sandbox/src/github.com/auth0/go-jwt-middleware/jwtmiddleware.go:203

github.com/auth0/go-jwt-middleware.(*JWTMiddleware).Handler.func1(...) /Users/me/Sandbox/src/github.com/auth0/go-jwt-middleware/jwtmiddleware.go:110

net/http.HandlerFunc.ServeHTTP(...) /usr/local/Cellar/go/1.12.8/libexec/src/net/http/server.go:1995

github.com/gorilla/mux.(*Router).ServeHTTP(...) /Users/me/Sandbox/src/github.com/gorilla/mux/mux.go:210 +0xe3

1
gojwtrsaauth0jwt-go
The obvious question is: did you pass in a KeyFunc to the parse function that returns an instance of rsa.PublicKey?Burak Serdar
I have followed, verbatim, the setup recommended by Auth0 for getting this all scaffolded up with jwtMiddleware --- auth0.com/docs/quickstart/backend/golang/01-authorizationbeauXjames
I wonder what the result of jwt.ParseRSAPublicKeyFromPEM([]byte(cert)) is. Maybe you can check the error instead of ignoring it, also printf the result to see if what it returns is really a public keyBurak Serdar
the result of that method is {*crypto/rsa.PrivateKey} nilbeauXjames
It is a private key, not a public key. Return key.Public() instead.Burak Serdar

1 Answers

1
votes

Found the answer. It's not a real answer, but it did fix the problem.

Instead of '-----BEGIN' and 'END-----' I had used '----BEGIN' and 'END----' to build the cert within my middleware.

In go/1.12.8/libexec/src/encoding/pem/pem.go:82 there is a check against '-----BEGIN' and if it fails it simply returns nil.

if bytes.HasPrefix(data, pemStart[1:]) {
    rest = rest[len(pemStart)-1 : len(data)]
} else if i := bytes.Index(data, pemStart); i >= 0 {
    rest = rest[i+len(pemStart) : len(data)]
} else {
    return nil, data
}