1. Brian Campbell Avatar Brian Campbell
  2. Untitled project
  3. jose4j
  4. Issues

Signature padding problem?

Issue #161 resolved
Claude Brisson created an issue

I have a JWT token extraction method that works perfectly on my localhost tests, but which fails on production with the error message:

org.jose4j.jws.RsaUsingShaAlgorithm$RsaSha256 [debug] Problem verifying signature: java.security.SignatureException: Signature length not correct: got 511 but was expecting 512

The difference being only one character, I was wondering if it was some kind of padding issue, once the signature has been decoded from base64. I would also welcome any suggestion in trying to diagnose the problem (I can add some log, and even use a patched jose4j version for that matter, but I cannot put breakpoints in production).

Attached are the source of the JWT extraction method and the logs. Thanks for any help.

Comments (6)

  1. Brian Campbell repo owner

    I’m a bit perplexed to be honest. But it looks like it might be a problem with signer of the JWT.

    Was this a one-time thing? Intermittent? Consistent? All the time?

    Can you provide the public key used for verification too?

    What system or software or library or whatever is creating the JWT? Is that different between your tests and prod?

  2. Brian Campbell repo owner

    The length of an RSASSA-PKCS1-v1_5 signature is always equal to the size of the RSA modulus (per https://tools.ietf.org/html/rfc3447#section-8.2 and https://tools.ietf.org/html/rfc3447#section-4.1 which is what JWA/JWS/JWT reference for RS256 etc.) so assuming an 4096 bit RSA key was used here the length of the signature has to be 4096 bits as well (which is 512 bytes). The base64url encoded signature part of the ID token is 682 characters, which decodes to 511 bytes and isn't valid for the reasons previously stated.

  3. Brian Campbell repo owner

    In general, for JWT processing, you might want to consider using a JwtConsumer (see https://bitbucket.org/b_c/jose4j/wiki/JWT%20Examples) rather than directly using the JsonWebSignature class. Although that won’t help with what appears to be an invalid signature. Unless you set up the JwtConsumer to skip signature validation all together. And because it looks like you’re getting this ID token directly from the token endpoint, that might be okay to do.

  5. Claude Brisson reporter

    Bug found and fixed. Yes, the base64url encoded string was erroneously stripped down from its last character in the upstream code because of a buggy buffering implementation. Thanks for your help.

  7. Log in to comment
Assignee
Type
bug
Priority
major
Status
resolved
Votes
0
Watchers
1
Jira: the preferred issue tracker for Bitbucket. Join the team!