java.security.InvalidKeyException: Not an EC key: ECDH

[ghost]

I'm getting this error using the CLI send-notification 👍

java.security.InvalidKeyException: Not an EC key: ECDH
        at sun.security.ec.ECKeyFactory.checkKey(ECKeyFactory.java:121)
        at sun.security.ec.ECKeyFactory.toECKey(ECKeyFactory.java:90)
        at sun.security.ec.ECDHKeyAgreement.engineInit(ECDHKeyAgreement.java:67)
        at javax.crypto.KeyAgreement.implInit(KeyAgreement.java:346)
        at javax.crypto.KeyAgreement.chooseProvider(KeyAgreement.java:378)
        at javax.crypto.KeyAgreement.init(KeyAgreement.java:470)
        at javax.crypto.KeyAgreement.init(KeyAgreement.java:441)
        at webpush.HttpEce.extractDH(HttpEce.java:360)
        at webpush.HttpEce.extractSecretAndContext(HttpEce.java:229)
        at webpush.HttpEce.deriveKeyAndNonce(HttpEce.java:256)
        at webpush.HttpEce.encrypt(HttpEce.java:70)
        at webpush.PushService.encrypt(PushService.java:94)
        at webpush.PushService.preparePost(PushService.java:179)
        at webpush.PushService.sendAsync(PushService.java:150)
        at webpush.PushService.send(PushService.java:132)
        at webpush.PushService.send(PushService.java:136)
        at webpush.cli.handlers.SendNotificationHandler.run(SendNotificationHandler.java:27)
        at webpush.cli.Cli.main(Cli.java:43)

any idea what could cause this ? (I checked all parameters)

[martijndwars]

Can you post the arguments that you used to invoke the CLI application?

[ghost]

java webpush/cli/Cli send-notification --endpoint="https://fcm.googleapis.com/fcm/send/e5ttgjf9uWw:APA91bF4xCa6nTcXfF3tcPvzKYjP-zYhfMtKEX7XJloZk8gWOOOMLVUOeZ8CHlcrKkNTF0QqnmfmJnswz0xD_mKtTkAI-ATHdQODTTlkG8gVTwuCCT9UbMbiRKC5G8C8Y8n4WYdzNTAv" --key="BHWgeGLDZZP8j8TkFDPOHq7T5wnUJhCxWPY0vYXYoql12-gDBvReiZTu-Q1_LcGfX_cCtF1upttWkR7toVZOUYQ" --auth="4crAtv3v_HcZaMu1O-U_XA" --publicKey="BC-p8CjeOtt6pbAtWMsxOQeSvBOyAotvDWksFAgPKts97nfMPfb1StxVvR-KTevXsRddVHZi8Cs6-Z7_mGXglDA=" --privateKey="AIAv1vSgF2OvSKIUm0EToZugo-J_8mgBA1CGvMZ64WaB" --payload="Hello the World"

[ghost]

any idea ?

[iyashsoni]

@zacoben @martijndwars Any luck with this? I'm stuck too on this for quite some time.

[martijndwars]

@zacoben @iyashsoni if I run the the following:

./gradlew run --args 'send-notification --endpoint="https://fcm.googleapis.com/fcm/send/e5ttgjf9uWw:APA91bF4xCa6nTcXfF3tcPvzKYjP-zYhfMtKEX7XJloZk8gWOOOMLVUOeZ8CHlcrKkNTF0QqnmfmJnswz0xD_mKtTkAI-ATHdQODTTlkG8gVTwuCCT9UbMbiRKC5G8C8Y8n4WYdzNTAv" --key="BHWgeGLDZZP8j8TkFDPOHq7T5wnUJhCxWPY0vYXYoql12-gDBvReiZTu-Q1_LcGfX_cCtF1upttWkR7toVZOUYQ" --auth="4crAtv3v_HcZaMu1O-U_XA" --publicKey="BC-p8CjeOtt6pbAtWMsxOQeSvBOyAotvDWksFAgPKts97nfMPfb1StxVvR-KTevXsRddVHZi8Cs6-Z7_mGXglDA=" --privateKey="AIAv1vSgF2OvSKIUm0EToZugo-J_8mgBA1CGvMZ64WaB" --payload="Hello the World"'

It outputs:

> Task :run
SLF4J: Failed to load class "org.slf4j.impl.StaticLoggerBinder".
SLF4J: Defaulting to no-operation (NOP) logger implementation
SLF4J: See http://www.slf4j.org/codes.html#StaticLoggerBinder for further details.
HTTP/1.1 410 Gone [Content-Type: text/plain; charset=utf-8, X-Content-Type-Options: nosniff, X-Frame-Options: SAMEORIGIN, X-Xss-Protection: 0, Date: Wed, 16 Oct 2019 20:18:55 GMT, Content-Length: 47, Alt-Svc: quic=":443"; ma=2592000; v="46,43",h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000] [Content-Length: 47,Chunked: false]

BUILD SUCCESSFUL in 5s
2 actionable tasks: 1 executed, 1 up-to-date

Can you provide more info so I can reproduce the issue?

[Ersmipe]

I have the same issue as OP. When I run the same code with same vapid locally, everything works (only once appeared exception mentioned in original post). When I run it on the server, this exception appears every time code tries to send notification. I think there could be issue with some incompatible overlapping dependencies, but I'll have to do some further investigation.

[martijndwars]

When I run it on the server, this exception appears every time code tries to send notification.

@Ersmipe how do you run the application locally vs. on your server? Do you build/package your application as a fat/uber/shadow JAR? I've seen reports where people packaged their application as a fat/uber/shadow JAR, which then breaks the signature on the BouncyCastle JAR. As a consequence, the JVM won't load the BouncyCastle provider, and hence won't be able to load ECDH keys.

Another possibility: Java 7 and Java 8 require different versions of BouncyCastle. If you run Java 8 locally and Java 7 on the server, but don't change the version of BouncyCastle, you may run into this problem. See this report.

[Ersmipe]

Oh, yes I am using shaded jar on server, so this will be the issue. Thank you very much for pointing me to the right direction. Java version is the same on both.

[wwwAiru]

I tried using openjdk 13 and the problem went away, but I didn't understand why it throws an exception on jdk 17