JWT Authentication is not working and throws InvalidKeyException

[Felix36]

Hey,

I'm using the version of this SDK which is in the maven repo under version 2.8.1 and I compile in Java 8.
I try to authenticate with the json file which information is stored in a BoxConfig object.

Reader reader = new FileReader("../config/testBoxConfig.json")
BoxConfig boxConfig = BoxConfig.readFrom(reader);
BoxDeveloperEditionAPIConnection serviceAccountClient = BoxDeveloperEditionAPIConnection.getAppEnterpriseConnection(boxConfig);

I get an BoxAPIException which is caused by an illegal key size in a deeper dependency, which is the Cipher class. It seems that something down there cuts the size of the key(s).

Exception in thread "main" com.box.sdk.BoxAPIException: Error parsing PKCS private key for Box Developer Edition.
	at com.box.sdk.BoxDeveloperEditionAPIConnection.decryptPrivateKey(BoxDeveloperEditionAPIConnection.java:467)
	at com.box.sdk.BoxDeveloperEditionAPIConnection.constructJWTAssertion(BoxDeveloperEditionAPIConnection.java:405)
	at com.box.sdk.BoxDeveloperEditionAPIConnection.authenticate(BoxDeveloperEditionAPIConnection.java:315)
	at com.box.sdk.BoxDeveloperEditionAPIConnection.getAppEnterpriseConnection(BoxDeveloperEditionAPIConnection.java:174)
	at com.box.sdk.BoxDeveloperEditionAPIConnection.getAppEnterpriseConnection(BoxDeveloperEditionAPIConnection.java:206)
...
Caused by: org.bouncycastle.pkcs.PKCSException: unable to read encrypted data: 1.2.840.113549.1.5.13 not available: Illegal key size
	at org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo.decryptPrivateKeyInfo(Unknown Source)
	at com.box.sdk.BoxDeveloperEditionAPIConnection.decryptPrivateKey(BoxDeveloperEditionAPIConnection.java:456)
	... 10 more
Caused by: org.bouncycastle.operator.OperatorCreationException: 1.2.840.113549.1.5.13 not available: Illegal key size
	at org.bouncycastle.openssl.jcajce.JceOpenSSLPKCS8DecryptorProviderBuilder$1.get(Unknown Source)
	... 12 more
Caused by: java.security.InvalidKeyException: Illegal key size
	at javax.crypto.Cipher.checkCryptoPerm(Cipher.java:1039)
	at javax.crypto.Cipher.checkCryptoPerm(Cipher.java:1060)
	at javax.crypto.Cipher.init(Cipher.java:1536)
	at javax.crypto.Cipher.init(Cipher.java:1470)
	... 13 more

[towns]

Hi there,

Have you followed the instructions in the QuickStart? It looks like the issue you are experiencing could be the result of not having the necessary dependencies installed. Here's the link to the QuickStart: https://github.com/box/box-java-sdk#quickstart

[Felix36]

It seems that I worked around this problem with a hack I found in the internet:

// hack for JCE Unlimited Strength
Field field = Class.forName("javax.crypto.JceSecurity").getDeclaredField("isRestricted");
field.setAccessible(true);
Field modifiersField = Field.class.getDeclaredField("modifiers");
modifiersField.setAccessible(true);
modifiersField.setInt(field, field.getModifiers() & ~Modifier.FINAL);
field.set(null, false);