Google OAuth2 JWT token verification exception

Question

I'm facing OAuth2 JWT token verification exception last hour (so no one can access my application):

java.security.SignatureException: Signature length not correct: got 256 but was expecting 128. I'm using google-http-client 1.20.0 and Java 1.7.0. Same configuration worked so far - any ideas?

Stacktrace

java.security.SignatureException: Signature length not correct: got 256 but was expecting 128
    at sun.security.rsa.RSASignature.engineVerify(Unknown Source) ~[na:1.7.0_45]
    at java.security.Signature$Delegate.engineVerify(Unknown Source) ~[na:1.7.0_45]
    at java.security.Signature.verify(Unknown Source) ~[na:1.7.0_45]
    at com.google.api.client.util.SecurityUtils.verify(SecurityUtils.java:164) ~[google-http-client-1.20.0.jar:1.20.0]

I'm getting this on Google app engine when using access tokens from the google account manager account. (Just started getitng them an hour ago) — Erik Živković, Jun 11 '15 at 12:25
@user3686724 What's the Audience you set for the GoogleIdTokenVerifier? Do you use client id or token id? (We're been experiencing the same issue for the past 60 minutes) — orrsella, Jun 11 '15 at 12:41
I have the same problem, looks like a Google API issue. Do you know where to complain and find information about this? — peveuve, Jun 11 '15 at 12:49
Thanks everyone for the reports and workarounds. This is acknowledged as a Google issue and treated with highest priority by our backend team. — John Hjelmstad, Jun 11 '15 at 17:17
apparently it is solved now since Google updated its keys to all use the same key length — beetstra, Jun 11 '15 at 19:29

score 7 · Accepted Answer · edited May 23 '17 at 12:07

Same problem here, I added the source code of GoogleIdTokenVerifier to my project and changed the method:

 public boolean verify(GoogleIdToken googleIdToken) throws GeneralSecurityException, IOException {
    // check the payload
    if (!super.verify(googleIdToken)) {
      return false;
    }
    // verify signature
    for (PublicKey publicKey : publicKeys.getPublicKeys()) {
      try {
        if (googleIdToken.verifySignature(publicKey)) {
            return true;
          }
    } catch (Exception e) {
        System.err.println("Verify Token:" + e);
    }
    }
    return false;
  }

just handle the exception, the second certificate works fine.

Edit: you can subclass as Erik-z suggested if you want to make it more clean:

Edit 2: I can't make it work using the code below, I will stick to the ugly hack above.

package com.my.project.package;

import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.PublicKey;

import com.google.api.client.auth.openidconnect.IdTokenVerifier;
import com.google.api.client.googleapis.auth.oauth2.GoogleIdToken;
import com.google.api.client.googleapis.auth.oauth2.GoogleIdTokenVerifier;
import com.google.api.client.http.HttpTransport;
import com.google.api.client.json.JsonFactory;

// Remember to remove this class later by making it deprecated
@Deprecated
public class GoogleIdTokenVerifier2 extends GoogleIdTokenVerifier {

    // Add constructors as needed
    public GoogleIdTokenVerifier2(HttpTransport transport, JsonFactory jsonFactory) {
        super(transport, jsonFactory);
    }

    @Override
    public boolean verify(GoogleIdToken googleIdToken) throws GeneralSecurityException, IOException {
        // check the payload
        if (!((IdTokenVerifier)this).verify(googleIdToken)) {
            return false;
        }
        // verify signature
        for (PublicKey publicKey : getPublicKeysManager().getPublicKeys()) {
            try {
                if (googleIdToken.verifySignature(publicKey)) {
                    return true;
                }
            } catch (Exception e) {
                System.err.println("Verify Token:" + e);
            }
        }
        return false;
    }
}

score 5 · Answer 2 · answered Jun 11 '15 at 13:53

5

Don't think it's the final solution but a temporary work-around which definitely works is to change the audience of the verifier to the tokenId.

GoogleIdTokenVerifier verifier = new GoogleIdTokenVerifier.Builder(transport, jsonFactory).setAudience(Arrays.asList(clientId)).build();

to

GoogleIdTokenVerifier verifier = new GoogleIdTokenVerifier.Builder(transport, jsonFactory)
                    .setAudience(Arrays.asList(tokenResponse.getIdToken())).build();

answered Jun 11 '15 at 13:53

Ittai

5,625
14
60
97

1

Thanks, Ittai! This workaround is working my code, too. Good stopgap for a serious production issue for my company. – kennbrodhagen Jun 11 '15 at 15:03
glad to hear :-) I think, but not sure, that effectively this just turns off verification. It's possible that google has hardened it's certificate checks and that's what caused the sudden surge. – Ittai Jun 11 '15 at 18:14

Gábor AUTH · Answer 3 · 2015-06-11T15:47:35.907

The root cause is on the Google side, the certs in the JSON is in bad order:

https://www.googleapis.com/oauth2/v1/certs

You can adjust the order of them, like this:

http://test.gacivs.info/frontend/certs.json

After, you can specify your custom URL (or using mine :) of the JSON with the GooglePublicKeysManager.setPublicCertsEncodedUrl(...) method:

final GoogleIdToken idToken = GoogleIdToken.parse(JSON_FACTORY, token);
final GooglePublicKeysManager manager = new GooglePublicKeysManager.Builder(HTTP_TRANSPORT, JSON_FACTORY).setPublicCertsEncodedUrl(CUSTOM_CERTS_URL).build();
final GoogleIdTokenVerifier verifier = new GoogleIdTokenVerifier.Builder(manager).setAudience(Arrays.asList(CLIENT_ID)).build();
verifier.verify(idToken);

...and it works.

I hope, the Google fix the issue soon... :)

score 0 · Answer 4 · edited May 23 '17 at 12:07

This is copied from my answer here, but more relevant for those not using Google Cloud Endpoint (matching this question). The problem is caused by this:

RSA has variable length signatures, depending on the key size.
Google updated the key pairs it uses for signing, and now one of the key pairs generates a different length signature from the other
java.security.Signature.verify(byte[] signature) throws an exception if a signature of the wrong length is passed (instead of returning false which is normally done when a signature does not match the key)

The simplest solution is to wrap the verify call (try...catch), and return false if you get an exception

Looking at the example code on http://android-developers.blogspot.com/2013/01/verifying-back-end-calls-from-android.html, it looks like you can change this line:

GoogleIdToken token = GoogleIdToken.parse(mJFactory, tokenString);

to

JsonWebSignature jws = JsonWebSignature.parser(mJFactory).setPayloadClass(Payload.class).parse(tokenString);
GoogleIdToken token = new GoogleIdToken(jws.getHeader(), (Payload) jws.getPayload(), jws.getSignatureBytes(), jws.getSignedContentBytes()) {
   public boolean verify(GoogleIdTokenVerifier verifier)
  throws GeneralSecurityException, IOException {
       try {
           return verifier.verify(this);
       } catch (java.security.SignatureException e) {
           return false;
       }
   }
};

I unfortunately don't have an exact setup to test this, let me know if this works for you.

score 0 · Answer 5 · answered Jun 11 '15 at 17:01

It looks to me like the libraries may be behaving badly. As an alternative to offline token verification, you can use Google's OAuth2 endpoints for verifying tokens. A basic example from the API explorer can be seen here.

You can check a token with a curl command curl https://www.googleapis.com/oauth2/v2/tokeninfo?id_token=[id_token], for example:

curl https://www.googleapis.com/oauth2/v2/tokeninfo?id_token=eyJhbGciOiJSUzI1NiIsImtpZCI6IjRlYjczOTg0MzBkNTNjZjZjNGZkMGU5YmM4NzkzZWViZWNkMWY1NWUifQ.eyJpc3MiOiJhY2NvdW50cy5nb29nbGUuY29tIiwic3ViIjoiMTA3Mzc3MTkxNjgxODAyNjY5ODY2IiwiYXpwIjoiMTE2MjY4ODY3NTIuYXBwcy5nb29nbGV1c2VyY29udGVudC5jb20iLCJhdF9oYXNoIjoieGJSVGJOdFJYRnJzcUJHTkRtRTR6USIsImF1ZCI6IjExNjI2ODg2NzUyLmFwcHMuZ29vZ2xldXNlcmNvbnRlbnQuY29tIiwiY19oYXNoIjoiU3JFa25WczRUejhQSWJicExnNXF2QSIsImlhdCI6MTQzNDA0MTY5OSwiZXhwIjoxNDM0MDQ1Mjk5fQ.vqQXCTFfbDqpTYnfFrDD7m68oEuGqd8NWa4s9wstOrrcyuVKUsqFXM_2bH-un_4C8UBvqtQEyzU_-53DxgvhCHQ7S0W-wtQ9YMoJcy7iL1wDjcy1p7aFVoeGCoqxWv1vzlWTUDu_FnD9oIBSAawyDexvRwwGxN8O1D8nzyj__1DQ_ivxIMF-j1W89mc7adK4p5B8ioZA_PI-AGawX2Nm8t58yBMIYrTk0XExr9Pf4eHHRGbrQxcd0ERGHbRMYuG6k-MzdnVNHIScgZ3Cixx9v15PbQ5hXExNvleifG_Wk3Thnz0j6Uacr4fbi-mO93-h8c0r3BSvQ270_JqlpL5q5Q

score 0 · Answer 6 · answered Jun 11 '15 at 17:05

If you don't want to (or can't) change the source of the google library, you can just extend the GoogleIdTokenVerifier. (you have to duplicate another method which accesses some private variables - fortunately all of them are accessible via get-members). This works for me:

GoogleIdTokenVerifier myVerifier = new GoogleIdTokenVerifier(httpTransport, jsonFactory) {

    public boolean superVerify(IdToken idToken) {
              return (getIssuer()== null || idToken.verifyIssuer(getIssuer()))
                  && (getAudience() == null || idToken.verifyAudience(getAudience()))
                  && idToken.verifyTime(getClock().currentTimeMillis(), getAcceptableTimeSkewSeconds());
    }


    @Override
  public boolean verify(GoogleIdToken googleIdToken) throws GeneralSecurityException, IOException {
      // check the payload
      if (!superVerify(googleIdToken)) {
          log.info("superVerify returned false");
        return false;
      }
      // verify signature
      for (PublicKey publicKey : getPublicKeysManager().getPublicKeys()) {
              try {
                      if (googleIdToken.verifySignature(publicKey)) {
                              log.info("verifySignature: success!");
                              return true;
                      }
              } catch (Exception e) {
                      log.info("error verifying!", e);
              }
      }
      return false;
    }

};

Google OAuth2 JWT token verification exception

6 Answers6