Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Play Integrity Exception "org.jose4j.lang.IntegrityException: A256KW key unwrap/decrypt failed" #226

Closed
Jitendran opened this issue Apr 24, 2023 · 8 comments
Closed

Play Integrity Exception "org.jose4j.lang.IntegrityException: A256KW key unwrap/decrypt failed" #226

Jitendran opened this issue Apr 24, 2023 · 8 comments

Comments

@Jitendran
Copy link

We follow the below google and separate 1 developer blog
Google doc
https://developer.android.com/google/play/integrity/verdict#decrypt-verify-locally

1 developer blog
https://hoven.in/cpp-projects/play-integrity-api-2.html
https://hoven.in/cpp-projects/play-integrity-api-3.html

We are getting this "org.jose4j.lang.IntegrityException: A256KW key unwrap/decrypt failed" exception in below try catch block line.

"compactJws = jwe.payload"
// This is the code we are using for Play integrity

val str = "AIzaSyBPF4dLN4SLxNlraMWUD2FpUrfE39qvF_E"
val strBytes = Base64.decode(str, Base64.DEFAULT)
val encoded = Base64.encode( strBytes, Base64.URL_SAFE or Base64.NO_PADDING or Base64.NO_WRAP )
val nonce = String(encoded)
val DECRYPTION_KEY = "xcClpnhjH0JQrwcJ…./9TPiTqr34Nmqs="
val VERIFICATION_KEY = "MFkwEwYHKoZIzj0CAQYI….AEuzmUjHs7b7Z7NUgbKmq/5AJfpeMbjh/10yNlQllYlDz1DRIisRMbLI/4yDIO95VWgcfrrnSyIPKBMRFiFEZE3Q=="

val integrityManager = IntegrityManagerFactory.create(applicationContext)
val integrityTokenResponse = integrityManager.requestIntegrityToken(IntegrityTokenRequest.builder()
.setNonce(nonce)
.setCloudProjectNumber(70102…724)
.build()
)
.addOnSuccessListener(
(OnSuccessListener { response: IntegrityTokenResponse ->
val integrityToken = response.token()
val decryptionKeyBytes: ByteArray =
Base64.decode(DECRYPTION_KEY, Base64.DEFAULT)

        // SecretKey
        val decryptionKey: SecretKey =
            SecretKeySpec(decryptionKeyBytes, 0, decryptionKeyBytes.size, "AES")
        val encodedVerificationKey: ByteArray =
            Base64.decode(VERIFICATION_KEY, Base64.DEFAULT)

        // PublicKey
        var verificationKey: PublicKey? = null
        verificationKey = KeyFactory.getInstance("EC")
                .generatePublic(X509EncodedKeySpec(encodedVerificationKey))
        if (null == verificationKey) {
            return@OnSuccessListener
        }

        // JsonWebEncryption
        var jwe: JsonWebEncryption? = null
        jwe = JsonWebStructure.fromCompactSerialization(integrityToken) as JsonWebEncryption
        
        if (null == jwe) {
            return@OnSuccessListener
        }
        jwe.key = decryptionKey
        var compactJws: String? = null
        try {
            **compactJws = jwe.payload**	// We are getting exception on tis line
        } catch (e: JoseException) {
            Log.d(TAG, e.message!!)
        }

        // JsonWebSignature
        var jws: JsonWebSignature? = null
        try {
            if (compactJws != null) {
                jws = JsonWebStructure
                    .fromCompactSerialization(compactJws) as JsonWebSignature
            } else {
                Log.d(TAG, "Null compactJWS")
            }

        } catch (e: JoseException) {
            Log.d(TAG, e.message!!)
        }

        if (null == jws) {
            return@OnSuccessListener
        }
        jws.key = verificationKey

        // get the json human readable string
        var jsonPlainVerdict: String? = ""
        jsonPlainVerdict = try {
            jws.payload
        } catch (e: JoseException) {
            Log.d(TAG, e.message!!)
            return@OnSuccessListener
        }

        // payload is available in json format
        // plain text, can be processed as per needs
        Log.d(TAG, jsonPlainVerdict!!)
    } as OnSuccessListener<IntegrityTokenResponse>)!!
)
.addOnFailureListener((OnFailureListener { ex: Exception? ->
    Log.d(
        TAG,
        ex!!.message.toString()
    )
} as OnFailureListener)!!)
@Jitendran Jitendran mentioned this issue Apr 24, 2023
Open
@dvsekhvalnov
Copy link
Owner

dvsekhvalnov commented Apr 24, 2023
edited
Loading

Hey @Jitendran ,

it doesn't look like the code that using jose-jwt lib? Not sure what i can comment about?

@Jitendran
Copy link
Author

Hey @dvsekhvalnov , Thanks for your reply.
I am using below lib in my kotlin build.gradle file.

implementation 'com.google.android.play:integrity:1.1.0'
implementation group: 'org.bitbucket.b_c', name: 'jose4j', version: '0.7.12'

@dvsekhvalnov
Copy link
Owner

@Jitendran i got it :)

I can't comment on those ones, i can comment on jose-jwt project, but you not showing any code that using it.

@dishanphilips
Copy link

On C# I managed to solve it like mentioned here : #202

@Jitendran
Copy link
Author

Thanks @dishanphilips for your reply.

@dvsekhvalnov
Copy link
Owner

If you guys good with your question, feel free to close ticket.

@KubinkiewiczDawid
Copy link

Hi @Jitendran, did u managed to fix it in ur app?

@Jitendran
Copy link
Author

Hi @KubinkiewiczDawid , we was facing this issue before the app was not live when we live the app in Play store after that we are not facing this issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@dishanphilips @dvsekhvalnov @Jitendran @KubinkiewiczDawid