search

Thalhammer / jwt-cpp

A header only library for creating and validating json web tokens in c++
https://thalhammer.github.io/jwt-cpp/
MIT License
855 stars 233 forks source link

Exception on examples: jwt::error::signature_verification_exception #284

Open clobotorre opened 1 year ago

clobotorre commented 1 year ago

What happened?

Trying to solve Exception 'jwt::error::signature_verification_exception' while running examples jwks-verify and private-claims

This is on Ubuntu 18.04 OpenSSL 1.1.1

How To Reproduce?

cd jwt-cpp-0.6.0
mkdir build
cd build
cmake ..
cmake --build .
./example/jwks-verify
terminate called after throwing an instance of 'jwt::error::signature_verification_exception'
      what():  failed to verify signature: VerifyFinal failed
    Aborted (core dumped)

Version

0.6.0

What OS are you seeing the problem on?

Linux

What compiler are you seeing the problem on?

GCC

Relevant log output

cmake .. output
-- The C compiler identification is GNU 7.5.0
-- The CXX compiler identification is GNU 7.5.0
-- Detecting C compiler ABI info
-- Detecting C compiler ABI info - done
-- Check for working C compiler: /usr/bin/cc - skipped
-- Detecting C compile features
-- Detecting C compile features - done
-- Detecting CXX compiler ABI info
-- Detecting CXX compiler ABI info - done
-- Check for working CXX compiler: /usr/bin/c++ - skipped
-- Detecting CXX compile features
-- Detecting CXX compile features - done
-- Found OpenSSL: /usr/lib/x86_64-linux-gnu/libcrypto.so (found suitable version "1.1.1", minimum required is "1.0.1")
-- Could NOT find jsoncons (missing: jsoncons_DIR)
-- Could NOT find nlohmann_json (missing: nlohmann_json_DIR)
-- Configuring done (1.6s)
-- Generating done (0.0s)
-- Build files have been written to: /jwt-cpp-0.6.0/build

cmake --build . output
[  6%] Building CXX object example/CMakeFiles/print-claims.dir/print-claims.cpp.o
[ 12%] Linking CXX executable print-claims
[ 12%] Built target print-claims
[ 18%] Building CXX object example/CMakeFiles/private-claims.dir/private-claims.cpp.o
[ 25%] Linking CXX executable private-claims
[ 25%] Built target private-claims
[ 31%] Building CXX object example/CMakeFiles/rsa-create.dir/rsa-create.cpp.o
[ 37%] Linking CXX executable rsa-create
[ 37%] Built target rsa-create
[ 43%] Building CXX object example/CMakeFiles/rsa-verify.dir/rsa-verify.cpp.o
[ 50%] Linking CXX executable rsa-verify
[ 50%] Built target rsa-verify
[ 56%] Building CXX object example/CMakeFiles/jwks-verify.dir/jwks-verify.cpp.o
[ 62%] Linking CXX executable jwks-verify
[ 62%] Built target jwks-verify
[ 68%] Building CXX object example/CMakeFiles/es256k.dir/es256k.cpp.o
[ 75%] Linking CXX executable es256k
[ 75%] Built target es256k
[ 81%] Building CXX object example/traits/CMakeFiles/boost_json.dir/private-boost-json.cpp.o
In file included from /usr/local/include/boost/json/storage_ptr.hpp:14:0,
                 from /usr/local/include/boost/json/array.hpp:16,
                 from /usr/local/include/boost/json.hpp:15,
                 from /usr/local/include/boost/json/src.hpp:27,
                 from /jwt-cpp-0.6.0/build/example/traits/private-boost-json.cpp:1:
/usr/local/include/boost/json/memory_resource.hpp:23:4: warning: #warning Support for std::memory_resource is required to use Boost.JSON standalone, using std::experimental::memory_resource as fallback [-Wcpp]
 #  warning Support for std::memory_resource is required to use Boost.JSON standalone, using std::experimental::memory_resource as fallback
    ^~~~~~~
[ 87%] Linking CXX static library libboost_json.a
[ 87%] Built target boost_json
[ 93%] Building CXX object example/traits/CMakeFiles/boost-json.dir/boost-json.cpp.o
In file included from /usr/local/include/boost/json/storage_ptr.hpp:14:0,
                 from /usr/local/include/boost/json/array.hpp:16,
                 from /usr/local/include/boost/json.hpp:15,
                 from /jwt-cpp-0.6.0/include/jwt-cpp/traits/boost-json/traits.h:7,
                 from /jwt-cpp-0.6.0/example/traits/boost-json.cpp:1:
/usr/local/include/boost/json/memory_resource.hpp:23:4: warning: #warning Support for std::memory_resource is required to use Boost.JSON standalone, using std::experimental::memory_resource as fallback [-Wcpp]
 #  warning Support for std::memory_resource is required to use Boost.JSON standalone, using std::experimental::memory_resource as fallback
    ^~~~~~~
[100%] Linking CXX executable boost-json
[100%] Built target boost-json

Code of Conduct

prince-chrismc commented 1 year ago

/usr/local/include/boost/json/

What version of boost are you using? And How did you install it into your system?

clobotorre commented 1 year ago

I use boost version 1_76, and to compile it in my system I use:

./#{build_tool} --build-dir=/tmp/#{node.boost.filename} --build-type=complete --layout=versioned --with-date_time --with-filesystem --with-iostreams --with-program_options --with-regex --with-random --with-serialization --with-system --with-thread --with-test threading=multi link=shared install || exit 1

Note: build_tool is b2

prince-chrismc commented 1 year ago

The Boost.JSON support was introduced with 1.77 in https://github.com/Thalhammer/jwt-cpp/commit/4c2ea57d7c87e63505462e769a66f0636994495c and was only tested with the C++17 standalone mode not with a whole Boost installation.

My suspicious is this might be an untested configuration which is why we are seeing this. Boost also removed this mode so newer version do not work either sadly :(

Are you able to test this with a newer version of boost?

clobotorre commented 1 year ago

I'm afraid, we are currently using boost version 1_76 for a lot of components, and cannot use a newer version.

Maybe there is a way to use a non hole boost to compile this library?

I see in the README.md: "There is no hard dependency on a JSON library" and "or your convience there are serval traits implementation which provide some popular JSON libraries"

I installed nlohmann: apt-get install nlohmann-json3-dev

After that I tried to build this library: cmake ..

And I got same warning: -- Could NOT find nlohmann_json (missing: nlohmann_json_DIR)

What can I do to use, for example, nlohmann json instead boost json to compile this library?

prince-chrismc commented 1 year ago

Sorry its hard to help since this is so system dependent. I don't use apt so I don't know what files that would be installed. I work on Conan which is a c++ package manager :)

You can check the CI for the installation https://github.com/Thalhammer/jwt-cpp/blob/c2b43e67c171cae332f7bc87b8e2a3fed7dc8e5a/.github/actions/install/nlohmann-json/action.yml#L1