webpush-java icon indicating copy to clipboard operation
webpush-java copied to clipboard
verified publisher icon web-push-libs

java.security.InvalidKeyException: Not an EC key: ECDH

Open ghost opened this issue 6 years ago • 9 comments

I'm getting this error using the CLI send-notification :+1:

java.security.InvalidKeyException: Not an EC key: ECDH
        at sun.security.ec.ECKeyFactory.checkKey(ECKeyFactory.java:121)
        at sun.security.ec.ECKeyFactory.toECKey(ECKeyFactory.java:90)
        at sun.security.ec.ECDHKeyAgreement.engineInit(ECDHKeyAgreement.java:67)
        at javax.crypto.KeyAgreement.implInit(KeyAgreement.java:346)
        at javax.crypto.KeyAgreement.chooseProvider(KeyAgreement.java:378)
        at javax.crypto.KeyAgreement.init(KeyAgreement.java:470)
        at javax.crypto.KeyAgreement.init(KeyAgreement.java:441)
        at webpush.HttpEce.extractDH(HttpEce.java:360)
        at webpush.HttpEce.extractSecretAndContext(HttpEce.java:229)
        at webpush.HttpEce.deriveKeyAndNonce(HttpEce.java:256)
        at webpush.HttpEce.encrypt(HttpEce.java:70)
        at webpush.PushService.encrypt(PushService.java:94)
        at webpush.PushService.preparePost(PushService.java:179)
        at webpush.PushService.sendAsync(PushService.java:150)
        at webpush.PushService.send(PushService.java:132)
        at webpush.PushService.send(PushService.java:136)
        at webpush.cli.handlers.SendNotificationHandler.run(SendNotificationHandler.java:27)
        at webpush.cli.Cli.main(Cli.java:43)

any idea what could cause this ? (I checked all parameters)

ghost avatar Sep 22 '19 20:09 ghost

Can you post the arguments that you used to invoke the CLI application?

martijndwars avatar Sep 23 '19 19:09 martijndwars 

java webpush/cli/Cli send-notification --endpoint="https://fcm.googleapis.com/fcm/send/e5ttgjf9uWw:APA91bF4xCa6nTcXfF3tcPvzKYjP-zYhfMtKEX7XJloZk8gWOOOMLVUOeZ8CHlcrKkNTF0QqnmfmJnswz0xD_mKtTkAI-ATHdQODTTlkG8gVTwuCCT9UbMbiRKC5G8C8Y8n4WYdzNTAv" --key="BHWgeGLDZZP8j8TkFDPOHq7T5wnUJhCxWPY0vYXYoql12-gDBvReiZTu-Q1_LcGfX_cCtF1upttWkR7toVZOUYQ" --auth="4crAtv3v_HcZaMu1O-U_XA" --publicKey="BC-p8CjeOtt6pbAtWMsxOQeSvBOyAotvDWksFAgPKts97nfMPfb1StxVvR-KTevXsRddVHZi8Cs6-Z7_mGXglDA=" --privateKey="AIAv1vSgF2OvSKIUm0EToZugo-J_8mgBA1CGvMZ64WaB" --payload="Hello the World"

ghost avatar Sep 23 '19 21:09 ghost

any idea ?

ghost avatar Sep 26 '19 21:09 ghost

@zacoben @MartijnDwars Any luck with this? I'm stuck too on this for quite some time.

iyashsoni avatar Oct 14 '19 07:10 iyashsoni

@zacoben @iyashsoni if I run the the following:

./gradlew run --args 'send-notification --endpoint="https://fcm.googleapis.com/fcm/send/e5ttgjf9uWw:APA91bF4xCa6nTcXfF3tcPvzKYjP-zYhfMtKEX7XJloZk8gWOOOMLVUOeZ8CHlcrKkNTF0QqnmfmJnswz0xD_mKtTkAI-ATHdQODTTlkG8gVTwuCCT9UbMbiRKC5G8C8Y8n4WYdzNTAv" --key="BHWgeGLDZZP8j8TkFDPOHq7T5wnUJhCxWPY0vYXYoql12-gDBvReiZTu-Q1_LcGfX_cCtF1upttWkR7toVZOUYQ" --auth="4crAtv3v_HcZaMu1O-U_XA" --publicKey="BC-p8CjeOtt6pbAtWMsxOQeSvBOyAotvDWksFAgPKts97nfMPfb1StxVvR-KTevXsRddVHZi8Cs6-Z7_mGXglDA=" --privateKey="AIAv1vSgF2OvSKIUm0EToZugo-J_8mgBA1CGvMZ64WaB" --payload="Hello the World"'

It outputs:

> Task :run
SLF4J: Failed to load class "org.slf4j.impl.StaticLoggerBinder".
SLF4J: Defaulting to no-operation (NOP) logger implementation
SLF4J: See http://www.slf4j.org/codes.html#StaticLoggerBinder for further details.
HTTP/1.1 410 Gone [Content-Type: text/plain; charset=utf-8, X-Content-Type-Options: nosniff, X-Frame-Options: SAMEORIGIN, X-Xss-Protection: 0, Date: Wed, 16 Oct 2019 20:18:55 GMT, Content-Length: 47, Alt-Svc: quic=":443"; ma=2592000; v="46,43",h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000] [Content-Length: 47,Chunked: false]

BUILD SUCCESSFUL in 5s
2 actionable tasks: 1 executed, 1 up-to-date

Can you provide more info so I can reproduce the issue?

martijndwars avatar Oct 16 '19 20:10 martijndwars

I have the same issue as OP. When I run the same code with same vapid locally, everything works (only once appeared exception mentioned in original post). When I run it on the server, this exception appears every time code tries to send notification. I think there could be issue with some incompatible overlapping dependencies, but I'll have to do some further investigation.

Ersmipe avatar Sep 20 '21 19:09 Ersmipe

When I run it on the server, this exception appears every time code tries to send notification.

@Ersmipe how do you run the application locally vs. on your server? Do you build/package your application as a fat/uber/shadow JAR? I've seen reports where people packaged their application as a fat/uber/shadow JAR, which then breaks the signature on the BouncyCastle JAR. As a consequence, the JVM won't load the BouncyCastle provider, and hence won't be able to load ECDH keys.

Another possibility: Java 7 and Java 8 require different versions of BouncyCastle. If you run Java 8 locally and Java 7 on the server, but don't change the version of BouncyCastle, you may run into this problem. See this report.

martijndwars avatar Sep 20 '21 19:09 martijndwars

Oh, yes I am using shaded jar on server, so this will be the issue. Thank you very much for pointing me to the right direction. Java version is the same on both.

Ersmipe avatar Sep 20 '21 19:09 Ersmipe

I tried using openjdk 13 and the problem went away, but I didn't understand why it throws an exception on jdk 17

wwwAiru avatar Sep 05 '22 18:09 wwwAiru