Skip to content
This repository has been archived by the owner on Jul 22, 2024. It is now read-only.

jarsigner: VerificationException: Could not find public key for provided keyId #151

Open
tsmock opened this issue Nov 9, 2023 · 0 comments
Open

jarsigner: VerificationException: Could not find public key for provided keyId #151

tsmock opened this issue Nov 9, 2023 · 0 comments
Labels
bug Something isn't working

Comments

@tsmock
Copy link

tsmock commented Nov 9, 2023
edited
Loading

Description

The jarsigner task uses https://www.googleapis.com/oauth2/v3/certs to get provider certificate information.

Version
sigstore:0.4.0:jarsign

Additional Information

Stacktrace 
[INFO] --- sigstore:0.4.0:jarsign (sigstore-jarsign) @ josm ---
[INFO] generating keypair using EC with secp256r1 parameters
Please open the following address in your browser:
  https://oauth2.sigstore.dev/auth/auth?client_id=sigstore&code_challenge=<code_challenge>&code_challenge_method=S256&redirect_uri=http://localhost:53394/Callback&response_type=code&scope=openid%20email
Attempting to open that address in the default browser now...
Nov 09, 2023 7:03:38 AM com.google.api.client.auth.openidconnect.IdTokenVerifier verify
SEVERE: id token signature verification failed. Please see docs for IdTokenVerifier for default settings and configuration options
com.google.api.client.auth.openidconnect.IdTokenVerifier$VerificationException: Could not find public key for provided keyId: <keyId>
	at com.google.api.client.auth.openidconnect.IdTokenVerifier.verifySignature(IdTokenVerifier.java:306)
	at com.google.api.client.auth.openidconnect.IdTokenVerifier.verify(IdTokenVerifier.java:243)
	at dev.sigstore.plugin.JarSign.getIDToken(JarSign.java:346)
	at dev.sigstore.plugin.JarSign.execute(JarSign.java:207)
	at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo(DefaultBuildPluginManager.java:126)
	at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2(MojoExecutor.java:328)
	at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute(MojoExecutor.java:316)
	at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:212)
	at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:174)
	at org.apache.maven.lifecycle.internal.MojoExecutor.access$000(MojoExecutor.java:75)
	at org.apache.maven.lifecycle.internal.MojoExecutor$1.run(MojoExecutor.java:162)
	at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute(DefaultMojosExecutionStrategy.java:39)
	at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:159)
	at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:105)
	at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:73)
	at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build(SingleThreadedBuilder.java:53)
	at org.apache.maven.lifecycle.internal.LifecycleStarter.execute(LifecycleStarter.java:118)
	at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:261)
	at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:173)
	at org.apache.maven.DefaultMaven.execute(DefaultMaven.java:101)
	at org.apache.maven.cli.MavenCli.execute(MavenCli.java:906)
	at org.apache.maven.cli.MavenCli.doMain(MavenCli.java:283)
	at org.apache.maven.cli.MavenCli.main(MavenCli.java:206)
	at java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103)
	at java.base/java.lang.reflect.Method.invoke(Method.java:580)
	at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced(Launcher.java:283)
	at org.codehaus.plexus.classworlds.launcher.Launcher.launch(Launcher.java:226)
	at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode(Launcher.java:407)
	at org.codehaus.plexus.classworlds.launcher.Launcher.main(Launcher.java:348)

Looking at the code, it looks like it is using the default certificates from https://www.googleapis.com/oauth2/v3/certs for verification. I assume this is wrong, and that the IdTokenVerifier should be initialized using a builder.
@tsmock tsmock added the bug Something isn't working label Nov 9, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@tsmock