-
Notifications
You must be signed in to change notification settings - Fork 113
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Token creation fails on ubuntu but not macOS #51
Comments
well, it did end up being a key formatting issue. Even after executing the steps in the other recently opened issues I was still having problems so thought it was different, but found another formatting error which when fixed resolved the issue. Would be nicer if the signing was a little more forgiving tho, like it is on macOS. |
hello @leisurehound |
I had to do the formatting that were described (specifically remove the \n and the manually edit the files, add the header) but then I must have entered a non-printable character by mistake. once I found that (after doing the other edits) it worked. However, on macOS I simply had to download the Google service account private key and it worked. On Ubuntu I had to manually edit the google file. Would be great if it Just Worked(tm) on either platform (admittedly not expecting it to just work from pilot error entering hidden chars, but rather take file from google, load it and it works). |
Interestingly, I'm now having the opposite problem. I'm in the process of rotating keys as I had to do some Heroku key debugging (the ENV didn't like spaces or my quoting the key, so I added %20 and %0A for all the spaces & newlines, then convert them back in swift after reading the ENV variable). With the new key this works great on Heroku. But on macOS, with Google Cloud Console and gcloud command line returning a JSON file now, with the private key as a field in the JSON, when I pick that out and create a private key file, read it in I get a try failure on the last line below.
While the #if os(linux) code (no included above) gets the same key from an ENV variable and works in Heroku, this key does not work on macOS. I've tried taking the private key from the downloaded JSON file and save it with TextMate, vi, and Xcode via a scheme env variable, thinking one my be inserting something I can't see, but alas same behavior on all. I'm using Swift-JWT 3.4.0 if that matters. Thoughts? |
@leisurehound I have raised pull request #68 that should handle newlines a bit better. |
I get duplicate logging symbols when depending on that branch:
Here is how I'm referencing that branch.
Tried to |
@leisurehound
|
Thanks for the tip, am past the building with duplicate symbols issue. Updating to use the keyGen branch I'm still seeing this error when trying to sign:
|
I'm wondering if the error could be in getting the key from the file. |
Am not sure how to interpret the results of the ASN1 site.
Here's the code with getting the key data on macOS (ignore the force unwrap unwrap for now, it just a shortcut to get this to work):
I get the same error I shared above. I can share my claims too, if that is not a security problem or direct message me to share it privately. Again, here is how I try to sign, this code is platform independent between the dev env on macOS and test/production on Heroku:
When I get the key from an env variable on Heroku (where I've %20 the spaces and %0A the new lines in the env variable, and then return them back to spaces/new lines in the swift string) the key signs successfully on Heroku. Here again is the code I use on Linux:
When I get the key on macOS either from the string literal or from the file I get the sign error. If I put the % escaped key into the string literal on macOS and replace the %20/%0A with spaces and new lines I still get the error. Essentially, keys that work on Linux fail on macOS. Very odd. |
Ok so I think the problem is that you have a PKCS8 formatted key. This means that when you ASN1 decode it as you have done above you have the following header:
The linux implementation seems to be able to handle this but the mac one doesn't. I have raised a PR 49 against BlueRSA which should fix this problem. You can test this by pointing at the branch:
Otherwise you can try and convert your key from pkcs8 to pkcs1. Once you convert the key the PEM header should be:
|
Thanks Andrew. Depending on the BlueRSA branch resolved the problem. Appreciate your help. Looking forward to seeing the changes in the main line. |
Thanks for testing it out. I've taken this issue over from Andy and we hope to get the BlueRSA fix out soon. Thanks. |
Thanks for the prod! I fixed the BlueRSA CI problem, hopefully we can merge that soon. I also merged #68 and released https://github.com/IBM-Swift/Swift-JWT/releases/tag/3.5.2 with the fix. By the way, you can work around the problem by converting your key from PKCS8 to PKCS1 format - it should be as simple as running |
Hi, I have a Swift command line app that writes to Firebase Firestore after generating a JWT for a service account and works fine on macOS, but as I'm porting it to Ubuntu to run it under systemctl I'm failing to successfully generate the token. Its always returning nil. I thought at first that it may be because the key had a trailing \n but removing that doesn't seem to help. Any assistance would be appreciated.
The text was updated successfully, but these errors were encountered: