谷歌云终端:verifyToken:签名长度不正确 [英] Google Cloud Endpoints: verifyToken: Signature length not correct
问题描述
今天上午,以下异常已经开始存在的从我的Android应用程序的每个API请求我的谷歌云端点:
This morning the following exception has started occuring on every API request to my Google Cloud Endpoint from my Android app:
com.google.api.server.spi.auth.GoogleIdTokenUtils verifyToken: verifyToken:签名长度不正确:有256,但期待 128
com.google.api.server.spi.auth.GoogleIdTokenUtils verifyToken: verifyToken: Signature length not correct: got 256 but was expecting 128
呼叫还是从我的JavaScript的Web客户端完美的作品。我已经什么也没有改变在服务器端code或客户端code。
The call still works perfectly from my javascript web clients. I have changed nothing on the server side code or client code.
有什么最近改变的服务,可能使这种情况发生?
Has anything changed with the service recently that might make this occur?
更新:这样做的第一次出现似乎是在十一时17分07秒UTC
UPDATE: The first occurrence of this appears to have been at 11:17:07 UTC
更新:事情不工作包括生成针对Android和放一个新的客户端ID;更新到App Engine的SDK 22年9月1日
UPDATE: Things that don't work include generating a new Client ID for android & updating to App Engine SDK 1.9.22
推荐答案
原因
- RSA具有可变长度的签名,这取决于密钥的大小。
- 在谷歌更新它使用的签名密钥对,现在的关键对中的一个产生不同长度的签名与其他
-
java.security.Signature.verify(byte []的签名)抛出一个异常,如果长度错误的签名传递,而不是返回false,这是正常完成(当签名不匹配的密钥)
- RSA has variable length signatures, depending on the key size.
- Google updated the key pairs it uses for signing, and now one of the key pairs generates a different length signature from the other
java.security.Signature.verify(byte[] signature)throws an exception if a signature of the wrong length is passed (instead of returning false which is normally done when a signature does not match the key)
有关我的解决办法是换了验证调用(的try ... catch ),并返回false代替。
你也可以做对市民提早入住键入自己,如果签名的长度公钥模数的长度相匹配检查。
For me the solution was to wrap the verify call (try...catch), and return false instead.
You could also do an early check on the public key yourself, checking if the length of the signature matches the length of the public key modulus.
如果您使用库来检查签名,请确保您使用的最新版本。
If you use a library to check the signature, make sure you use the latest version.
看着上的http://android-developers.blogspot.nl/2013/01/verifying-back-end-calls-from-android.html,你必须改变这一点:
Looking at the example code on http://android-developers.blogspot.nl/2013/01/verifying-back-end-calls-from-android.html, you would have to change this:
GoogleIdToken token = GoogleIdToken.parse(mJFactory, tokenString);
到
JsonWebSignature jws = JsonWebSignature.parser(mJFactory).setPayloadClass(Payload.class).parse(tokenString);
GoogleIdToken token = new GoogleIdToken(jws.getHeader(), (Payload) jws.getPayload(), jws.getSignatureBytes(), jws.getSignedContentBytes()) {
public boolean verify(GoogleIdTokenVerifier verifier)
throws GeneralSecurityException, IOException {
try {
return verifier.verify(this);
} catch (java.security.SignatureException e) {
return false;
}
}
};
我遗憾的是没有一个确切的设置进行测试。
I unfortunately don't have an exact setup to test this.
对于那些使用谷歌云端点,像这个问题的国家,我觉得有非常小的你可以做的除了等待,直到谷歌修复它。幸运的是它已经得到解决。 (从技术上讲,你可以说改变了密钥,现在做的,是一种变通方法,并在库谷歌提供的需求是固定的,但它的工作原理,所以这是一个良好的开端)
For those using Google Cloud Endpoint, like the question states, I think there was very little you could do except wait until Google fixes it. Luckily it's fixed now. (Technically, you could argue changing the keys, as is done now, is a workaround, and the library Google provides needs to be fixed. But it works, so that's a good start)
这篇关于谷歌云终端:verifyToken:签名长度不正确的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
