Google Cloud Endpoints: verifyToken: Signature length not correct

Question

This morning the following exception has started occuring on every API request to my Google Cloud Endpoint from my Android app:

com.google.api.server.spi.

Answer 1

The causes

• RSA has variable length signatures, depending on the key size.
• Google updated the key pairs it uses for signing, and now one of the key pairs generates a different length signature from the other
• java.security.Signature.verify(byte[] signature) throws an exception if a signature of the wrong length is passed (instead of returning false which is normally done when a signature does not match the key)

For me the solution was to wrap the verify call (try...catch), and return false instead. You could also do an early check on the public key yourself, checking if the length of the signature matches the length of the public key modulus.

If you use a library to check the signature, make sure you use the latest version.

Looking at the example code on http://android-developers.blogspot.nl/2013/01/verifying-back-end-calls-from-android.html, you would have to change this:

GoogleIdToken token = GoogleIdToken.parse(mJFactory, tokenString);

to

JsonWebSignature jws = JsonWebSignature.parser(mJFactory).setPayloadClass(Payload.class).parse(tokenString);
GoogleIdToken token = new GoogleIdToken(jws.getHeader(), (Payload) jws.getPayload(), jws.getSignatureBytes(), jws.getSignedContentBytes()) {
   public boolean verify(GoogleIdTokenVerifier verifier)
  throws GeneralSecurityException, IOException {
       try {
           return verifier.verify(this);
       } catch (java.security.SignatureException e) {
           return false;
       }
   }
};

I unfortunately don't have an exact setup to test this.

For those using Google Cloud Endpoint, like the question states, I think there was very little you could do except wait until Google fixes it. Luckily it's fixed now. (Technically, you could argue changing the keys, as is done now, is a workaround, and the library Google provides needs to be fixed. But it works, so that's a good start)