Hello Together,
I moved egroupware to new docker server, now it is impossible to authenticate via oath.
in the nginx log I get several errors that indicate that the system cant parse the key:
2020/05/03 15:23:57 [error] 7#7: *9373 FastCGI sent in stderr: "
PHP message: An error happened (InvalidArgumentException): It was not possible to parse your key, reason: error:23077074:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 cipherfinal error
PHP message: #0 /var/www/egroupware/vendor/lcobucci/jwt/src/Signer/OpenSSL.php(47): Lcobucci\JWT\Signer\OpenSSL->validateKey(false)
PHP message: #1 /var/www/egroupware/vendor/lcobucci/jwt/src/Signer/OpenSSL.php(21): Lcobucci\JWT\Signer\OpenSSL->getPrivateKey(’-----BEGIN ENCR…’, ‘XXXXXX’)
PHP message: #2 /var/www/egroupware/vendor/lcobucci/jwt/src/Signer/BaseSigner.php(36): Lcobucci\JWT\Signer\OpenSSL->createHash(‘eyJ0eXAiOiJKV1Q…’, Object(Lcobucci\JWT\Signer\Key))
PHP message: #3 /var/www/egroupware/vendor/lcobucci/jwt/src/Builder.php(470): Lcobucci\JWT\Signer\BaseSigner->sign(‘eyJ0eXAiOiJKV1Q…’, Object(Lcobucci\JWT\Signer\Key))
PHP message: #4 /var/www/egroupware/vendor/lcobucci/jwt/src/Builder.php(450): Lcobucci\JWT\Builder->createSignature(Array, Object(Lcobucci\JWT\Signer\Rsa\Sha256), Object(Lcobucci\JWT\Signer\Key))
PHP message: #5 /var/www/egroupware/vendor/league/oauth2-server/src/Entities/Traits/AccessTokenTrait.php(41): Lcobucci\JWT\Builder->getToken()
PHP message: #6 /var/www/egroupware/vendor/league/oauth2-server/src/ResponseTypes/BearerTokenResponse.php(28): EGroupware\OpenID\Entities\AccessTokenEntity->convertToJWT(Object(League\OAuth2\Server\CryptKey))
PHP message: #7 /var/www/egroupware/openid/src/AuthorizationServer.php(247): League\OAuth2\Server\ResponseTypes\BearerTokenResponse->generateHttpResponse(Object(Slim\Http\Response))
PHP message: #8 /var/www/egroupware/openid/endpoint.php(170): EGroupware\OpenID\AuthorizationServer->respondToAccessTokenRequest(Object(Slim\Http\Request), Object(Slim\Http\Response))
PHP message: #9 [internal function]: Closure->{closure}(Object(Slim\Http\Request), Object(Slim\Http\Response), Array)
PHP message: #10 /var/www/egroupware/vendor/slim/slim/Slim/Handlers/Strategies/RequestResponse.php(40): call_user_func(Object(Closure), Obje
2020/05/03 16:06:06 [error] 7#7: *12350 FastCGI sent in stderr: "
PHP message: An error happened (InvalidArgumentException): It was not possible to parse your key, reason: error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt
PHP message: #0 /var/www/egroupware/vendor/lcobucci/jwt/src/Signer/OpenSSL.php(47): Lcobucci\JWT\Signer\OpenSSL->validateKey(false)
PHP message: #1 /var/www/egroupware/vendor/lcobucci/jwt/src/Signer/OpenSSL.php(21): Lcobucci\JWT\Signer\OpenSSL->getPrivateKey(’-----BEGIN ENCR…’, ‘docker’)
PHP message: #2 /var/www/egroupware/vendor/lcobucci/jwt/src/Signer/BaseSigner.php(36): Lcobucci\JWT\Signer\OpenSSL->createHash(‘eyJ0eXAiOiJKV1Q…’, Object(Lcobucci\JWT\Signer\Key))
PHP message: #3 /var/www/egroupware/vendor/lcobucci/jwt/src/Builder.php(470): Lcobucci\JWT\Signer\BaseSigner->sign(‘eyJ0eXAiOiJKV1Q…’, Object(Lcobucci\JWT\Signer\Key))
PHP message: #4 /var/www/egroupware/vendor/lcobucci/jwt/src/Builder.php(450): Lcobucci\JWT\Builder->createSignature(Array, Object(Lcobucci\JWT\Signer\Rsa\Sha256), Object(Lcobucci\JWT\Signer\Key))
PHP message: #5 /var/www/egroupware/vendor/league/oauth2-server/src/Entities/Traits/AccessTokenTrait.php(41): Lcobucci\JWT\Builder->getToken()
PHP message: #6 /var/www/egroupware/vendor/league/oauth2-server/src/ResponseTypes/BearerTokenResponse.php(28): EGroupware\OpenID\Entities\AccessTokenEntity->convertToJWT(Object(League\OAuth2\Server\CryptKey))
PHP message: #7 /var/www/egroupware/openid/src/AuthorizationServer.php(247): League\OAuth2\Server\ResponseTypes\BearerTokenResponse->generateHttpResponse(Object(Slim\Http\Response))
PHP message: #8 /var/www/egroupware/openid/endpoint.php(170): EGroupware\OpenID\AuthorizationServer->respondToAccessTokenRequest(Object(Slim\Http\Request), Object(Slim\Http\Response))
PHP message: #9 [internal function]: Closure->{closure}(Object(Slim\Http\Request), Object(Slim\Http\Response), Array)
PHP message: #10 /var/www/egroupware/vendor/slim/slim/Slim/Handlers/Strategies/RequestResponse.php(40): call_user_func(Object(Closure), Obj
and in the rocketchat the corresponding:
{“line”:“392”,“file”:“oauth_server.js”,“message”:“Error in OAuth Server: Failed to complete OAuth handshake with egroupware at https://egroupwarexxxxxx/egroupware/openid/endpoint.php/access_token. failed [500] It was not possible to parse your key, reason: error:0907B00D:PEM routines:PEM_read_bio_PrivateKey:ASN1 lib”,“time”:{"$date":1588519426121},“level”:“warn”}
Exception while invoking method ‘login’ Error: Failed to complete OAuth handshake with egroupware at https://egroupware.xxxxxxxxx/egroupware/openid/endpoint.php/access_token. failed [500] It was not possible to parse your key, reason: error:0907B00D:PEM routines:PEM_read_bio_PrivateKey:ASN1 lib
at CustomOAuth.getAccessToken (app/custom-oauth/server/custom_oauth_server.js:134:18)
at Object.handleOauthRequest (app/custom-oauth/server/custom_oauth_server.js:191:26)
at OAuth._requestHandlers. (packages/oauth2/oauth2_server.js:10:33)
at middleware (packages/oauth/oauth_server.js:161:5)
at /app/bundle/programs/server/npm/node_modules/meteor/promise/node_modules/meteor-promise/fiber_pool.js:43:40
I tried uninstalling and installing the egroupware oauth app and generated the client again. When I first try to log in via “Egroupware users click here” an the system asks me to grant access, I press ok but then again I get the same errors.
I found that this can be related to incompatible openssl versions and the used chipers,
The rocketchat container has the following: OpenSSL 1.1.0l 10 Sep 2019
And the ergoupware container: OpenSSL 1.1.1 11 Sep 2018
and in the /etc/ssl/openssl.conf files iI see the both use sha256…
I really don’t know where to search from here and hope you can help!
Thank you and
BR
Alex
