search

yourkarma / JWT

A JSON Web Token implementation in Objective-C.
MIT License
351 stars 105 forks source link

RS256 verification fails with valid public key #139

Closed mitchellthomas186 closed 7 years ago

mitchellthomas186 commented 7 years ago

New Issue Checklist

Issue Info

Info Value
Platform Name e.g. ios / osx / tvos / watchos
Platform Version e.g. 8.0
CocoaLumberjack Version e.g. 2.3.0
Integration Method e.g. carthage / cocoapods / manually
Xcode Version e.g. Xcode 7.3
Repro rate e.g. all the time (100%) / sometimes x% / only once
Demo project link e.g. link to a demo project that highlights the issue

Issue Description and Steps

Verification fails when calling verifyPublicKeyPemString function with a valid public key from decodePubKey function.

The token and public key have both been verified on jwt.io.

All I want to do is verify that the signature is valid - is there an error in my code, or is there a different way of doing this?

public key from .pem file:

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlyT86d6Stui8i8ZpzzbF
HE+WVx/77fU+rglC6CMAslBr3WZO0xibQJJtBCTEkw7r6LkLaEOTkvHdjE1/cUnA
Fw4M7iIy238gx5gRoELZ7g+nh9C6v8HuQJovabaOFed+wnayw8D0YV5+JG6HJ4Ex
OO/3TmAum1yacBAzYFHcxOO/glbJY0/41K1kU7d5bFK9gs7DsMyBOInXDdIiTO9X
rmN8zY3zncnsgYiwlrVwm5lfJIBnE38gOWen7EnFossogJqrn84SPao9Kslr9064
PJN74AWh1ricU/A1zYH0QAFHSI2WGlyoH9V9ZbOWm8gn1IqCypVyg1YCrwaqThjE
SQIDAQAB
-----END PUBLIC KEY-----
-(void)decodePubKey;
{
    NSString* token = @"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJodHRwOlwvXC93d3cuY3JhY2tlZC5jb20iLCJhdWQiOiJjcmFja2VkIGFwcCIsInN1YiI6ImNyYWNrZWQgYXBwIiwiZXhwIjoxNTA0OTEzMTY2LCJ1aWQiOiI3Nzk3MiIsInNhbHQiOiI0NTQ3YjQ0ZTA2OTAyOTE3OTJiMjM0MjcwOWY5NTU4ZmQ2MTE3MGExIiwiYXBwX2FkIjpmYWxzZSwiYXBwX3ZvdGVfY29tbWVudCI6dHJ1ZX0.Bqllr9A2ULTlncb0EKLNjTn0qWKG_8NX6mwjf2S1GdS3JH9D7uGGVioxhHN24OZS5QCN9q6rcuYSQzMn-Vz4fAKtDOQws6LZLm7OFwe7uLYXlrK0w3GIxs6nRuGWGIzyxiwjOcy5Vs0HlKAZF7bE8aDUtW5WpbBz4JvgvKc2kmAc3IAMhxs8zRF0jaaiAye7Z7EMjtztmuW8eUosnwKPSa-P2zC-ElcAA67WJ7otYThlbqYDEnVhHrSxj3i3LdgRk0dwumf1zmIikCxFJBDClIroSat9J3hBYFTs6R8EL1YAUc387H_XXLMItLWeHPIMwmXx5wVzr6G_biWlaSyK1w";

    // get public key file
    NSString* pubKey = [self pemKeyStringFromFileWithName:@"pkey_crackedlite" inBundle:[NSBundle mainBundle]];

    // verify token with public key
    [self verifyPublicKeyPemString:pubKey withToken:token];

}

// Verify JWT Signature
- (void)verifyPublicKeyPemString:(NSString *)publicKey withToken:(NSString*)token;
{
    NSString* algorithmName = JWTAlgorithmNameRS256;

    id <JWTAlgorithmDataHolderProtocol> verifyDataHolder = [JWTAlgorithmRSFamilyDataHolder new].keyExtractorType([JWTCryptoKeyExtractor publicKeyWithPEMBase64].type).algorithmName(algorithmName).secret(publicKey);

    JWTCodingBuilder *verifyBuilder = [JWTDecodingBuilder decodeMessage:token].addHolder(verifyDataHolder);
    JWTCodingResultType *verifyResult = verifyBuilder.result;

    if (verifyResult.successResult) {
        // success
        NSLog(@"%@ success: %@", self.debugDescription, verifyResult.successResult.payload);
        token = verifyResult.successResult.encoded;
    }
    else {
        // error
        NSLog(@"%@ error: %@", self.debugDescription, verifyResult.errorResult.error);
    }
}

// Load keys
- (NSString *)pemKeyStringFromFileWithName:(NSString *)name inBundle:(NSBundle *)bundle
{
    NSURL *fileURL = [bundle URLForResource:name withExtension:@"pem"];
    NSError *error = nil;
    NSString *fileContent = [NSString stringWithContentsOfURL:fileURL encoding:NSUTF8StringEncoding error:&error];
    if (error) {
        NSLog(@"[pemKeyStringFromFileWithName] %@ error: %@", self.debugDescription, error);
        return nil;
    }
    return fileContent;
}
lolgear commented 7 years ago

@mitchellthomas186 does previous issue related to yours? #138

mitchellthomas186 commented 7 years ago

No, I have a public key that is generated server side and the error I get is that the data is not base 64 encrypted.

On Aug 15, 2017 1:04 PM, "Dmitry" notifications@github.com wrote:

@mitchellthomas186 https://github.com/mitchellthomas186 does previous issue related to yours? #138 https://github.com/yourkarma/JWT/issues/138

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/yourkarma/JWT/issues/139#issuecomment-322573355, or mute the thread https://github.com/notifications/unsubscribe-auth/AEBMxvs4pPWuQdIDG1LsQMWHzrhv-JhMks5sYfnLgaJpZM4O3y6B .

lolgear commented 7 years ago

@mitchellthomas186 try to create dataHolder with signKey/verifyKey item. ( .verifyKey() )

JWTPublicKey -initWithPemBase64

will help you.

lolgear commented 7 years ago

@mitchellthomas186 I checked your example via tests project. Everything decoded fine. However, when I decoded your example via Inspection project, it fails. Need more observations.

mitchellthomas186 commented 7 years ago

I can't find the class JWTPublicKey in any of the repo files, and xcode is throwing an error when I try to call it.

Give that I have a public key as a string, can you tell me the actual code I need to use to verify the signature part of a JWT using your JWT pod?

Clax666 commented 7 years ago

I also have the same issue. I checked token and public key via jwt.io and they are correct, however the following code results in a decode error:

NSString *token = @"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6Ik0wSkVNemM0TlRnNE9VVTJOa00wT1VWQlJFUXlSVU01UkVJNU5EWkVSRGxETTBORFFqQkdNUSJ9.eyJpc3MiOiJodHRwczovL3RpdHplLmV1LmF1dGgwLmNvbS8iLCJzdWIiOiJhdXRoMHw1OTlhZGU2OGU0OTQyZDQ0NjlkMWJhMTkiLCJhdWQiOiJMR1VaWXhrMExqQWRSdTEwOENGaTZ3Wnp0WVVWUDJIOSIsImlhdCI6MTUwNDcwNTQ2MiwiZXhwIjoxNTA0NzQxNDYyLCJub25jZSI6IkI3OUUwOTVFLTlFQ0ItNDE3Ri1COUFGLUQxRDJCMUNFREI2RCJ9.iS65VP9DAIjf-ju-Cifokk9C1hhIFPb1O4IUpTKaXEg9myDswVbtRP287g6fR1OTpmY-W48VWJXYFbbYwvvav1yWlEu7RqfpOVWaqCSeb9xn71FsuSg0OdyKkJWHMarjrxYcnUxC-0oIgBNW-W2z_1Xv5lHtnnbCsphoNfgz6GmLoL5QQFxLf_JMdhMlzGvPQruOlQVz5UF8dQwTJOzBvAwnTEyGtusVQsVEFw87Apg14A1iPT_-dT1zo8uMz0F23oc_seMuwY4fhFoIEwPuwRGpVYpmvnFSvEUxblF9x7CMGmmcSF0LMGwAoxnN2SXo0yFR2xn7hhn3H2hJmoAf-w";

                    NSString *publicKey = @"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxaGtLsyJZQpQ3kkw0SxjLVvLCAR/WQlvN7uB6n0pqtA0uXufe1+TB8bw4wvzfqNCLUuzef3cFukYwGObSdwXUE/3kZpYNeqAkKy11yL4P35EWdg4KfPJZ+eJHlwL4feVekohaeGvrDtpVfKj3zYjYZhcbJFw/DUl2BnZht2vlwWcA4r4S8CgjWQATDjbKkac55r65HJ2G3fPU+XOOrepzVLLJcRZMGP3bWbdvUYpVpTwSA8rJGutrghOQqBIvR6ZIILyk/FNaqJz8vgkzbgu+1s5XHK64dEjM1j9em2UWa/5fG5IIJqD+sMrxqi8GOIl40mGqP/h/2Hz4WMd/89axQIDAQAB";

                    JWTBuilder *decodeBuilder = [JWTBuilder decodeMessage:token].secret(publicKey).algorithmName(@"RS256");

                    NSDictionary *envelopedPayload = decodeBuilder.decode;
lolgear commented 7 years ago

@Clax666 

JWTBuilder

is deprecated and may not be correct in new features.

Try API 3.0

JWTEncodingBuilder
JWTDecodingBuilder
lolgear commented 7 years ago

@Clax666 any updates?

Clax666 commented 7 years ago

I can confirm that everything is ok with API 3.0

2017-10-18 16:27 GMT+02:00 Dmitry notifications@github.com:

@Clax666 https://github.com/clax666 any updates?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/yourkarma/JWT/issues/139#issuecomment-337609704, or mute the thread https://github.com/notifications/unsubscribe-auth/AeSzJ4gpuBn3FLsE1l92ypN-NOCnbT6tks5stgrVgaJpZM4O3y6B .

lolgear commented 7 years ago

@Clax666 Could it be closed?

Clax666 commented 7 years ago

Yes, to me it can be closed

2017-10-18 16:37 GMT+02:00 Dmitry notifications@github.com:

@Clax666 https://github.com/clax666 Could it be closed?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/yourkarma/JWT/issues/139#issuecomment-337612858, or mute the thread https://github.com/notifications/unsubscribe-auth/AeSzJ5QKX08XYnjr_47v0xEBNkkru_CWks5stg0NgaJpZM4O3y6B .