cordova-plugin-code-push
cordova-plugin-code-push copied to clipboard
microsoft
[android] FATAL EXCEPTION: decoding JWT token (when installing signed update)
Description
Expected a fine restart after download and install succeeded.
All was working fine with [email protected] and started to crash with [email protected]. Really weird because error is raised in native code SignedJWT.parse(jwt).
Crashes after restart and can't start again, entering in a crash loop with following error:
04-30 23:25:31.763 20170-20286/com.app E/AndroidRuntime: FATAL EXCEPTION: AsyncTask #4
Process: com.app PID: 20170
java.lang.RuntimeException: An error occurred while executing doInBackground()
at android.os.AsyncTask$3.done(AsyncTask.java:309)
at java.util.concurrent.FutureTask.finishCompletion(FutureTask.java:354)
at java.util.concurrent.FutureTask.setException(FutureTask.java:223)
at java.util.concurrent.FutureTask.run(FutureTask.java:242)
at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:234)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1113)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:588)
at java.lang.Thread.run(Thread.java:818)
Caused by: java.lang.NoClassDefFoundError: com.nimbusds.jose.util.Base64URL
at com.nimbusds.jose.JOSEObject.split(JOSEObject.java:238)
at com.nimbusds.jwt.SignedJWT.parse(SignedJWT.java:110)
at com.microsoft.cordova.CodePush.verifyAndDecodeJWT(CodePush.java:176)
at com.microsoft.cordova.CodePush.access$100(CodePush.java:40)
at com.microsoft.cordova.CodePush$1.doInBackground(CodePush.java:134)
at com.microsoft.cordova.CodePush$1.doInBackground(CodePush.java:116)
at android.os.AsyncTask$2.call(AsyncTask.java:295)
at java.util.concurrent.FutureTask.run(FutureTask.java:237)
at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:234)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1113)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:588)
at java.lang.Thread.run(Thread.java:818)
Reproduction
I've tried to place this logs on CodePush.java:
private Map<String, Object> verifyAndDecodeJWT(String jwt, PublicKey publicKey) throws CodePushException {
try {
Log.d("*** HERETHELOG ***", jwt);
SignedJWT signedJWT = SignedJWT.parse(jwt);
Log.d("*** HERETHELOG ***", "ok");
JWSVerifier verifier = new RSASSAVerifier((RSAPublicKey) publicKey);
if (signedJWT.verify(verifier)) {
Map<String, Object> claims = signedJWT.getJWTClaimsSet().getClaims();
Utilities.logMessage("JWT verification succeeded, payload content: " + claims.toString());
return claims;
}
throw new CodePushException("JWT verification failed: wrong signature");
} catch (Exception e) {
Log.d("*** HERETHELOG ***", e.getMessage());
throw new CodePushException(e);
}
}
With following result:
04-30 23:33:29.662 20461-20461/com.app I/chromium: [INFO:CONSOLE(157)] "[CodePush] Verifying signature for folder path: /codepush/deploy/versions/64b7d1e211cda8fe7d38d953439437c6483f516279a7cc2e71ed4de90794a801/", source: http://localhost:8100/__ion-dev-server/ion-dev.js?v=3.2.4 (157)
04-30 23:33:29.668 20461-20601/com.appD/*** HERETHELOG ***: eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJjbG...
04-30 23:33:29.670 20461-20601/com.app I/art: Rejecting re-init on previously-failed class java.lang.Class<com.nimbusds.jose.util.Base64>
So it prints first log but not second one neither the third one. Strange thing because SignedJWT.parse(jwt) is inside a try{} catch {} block, but app crashes...
-
I've tried to verify the jwt token with https://jwt.io/ and it seems the token can be parsed, content seems fine and the signature is valid.
-
I've tried to remove
cordova-plugin-pushand install again with no success. -
I've tried to remove signature at all, recompile app and it works fine.
Also getting lots of this:
04-30 23:40:56.913 20784-20929/com.app I/art: Rejecting re-init on previously-failed class java.lang.Class<com.nimbusds.jose.util.Base64>
04-30 23:40:56.913 20784-20929/com.app I/art: Rejecting re-init on previously-failed class java.lang.Class<com.nimbusds.jose.util.Base64>
04-30 23:40:56.914 20784-20929/com.app I/art: Rejecting re-init on previously-failed class java.lang.Class<com.nimbusds.jose.util.Base64URL>
04-30 23:40:56.914 20784-20929/com.app I/art: Rejecting re-init on previously-failed class java.lang.Class<com.nimbusds.jose.util.Base64URL>
04-30 23:40:56.914 20784-20929/com.app I/art: Rejecting re-init on previously-failed class java.lang.Class<com.nimbusds.jose.util.Base64URL>
04-30 23:40:56.916 20784-20929/com.app I/art: Rejecting re-init on previously-failed class java.lang.Class<com.nimbusds.jose.Algorithm>
04-30 23:40:56.916 20784-20929/com.app I/art: Rejecting re-init on previously-failed class java.lang.Class<com.nimbusds.jose.Algorithm>
04-30 23:40:56.917 20784-20929/com.app I/art: Rejecting re-init on previously-failed class java.lang.Class<com.nimbusds.jose.Algorithm>
04-30 23:40:56.917 20784-20929/com.app I/art: Rejecting re-init on previously-failed class java.lang.Class<com.nimbusds.jose.JWSAlgorithm>
04-30 23:40:56.917 20784-20929/com.app I/art: Rejecting re-init on previously-failed class java.lang.Class<com.nimbusds.jose.JWSAlgorithm>
I suppose one for each install intent.
Additional Information
-
cordova-plugin-code-push version: 1.12.2
-
List of installed plugins: code-push 3.0.1 "CodePushAcquisition" cordova-play-services-version-adapter 1.0.2 "Cordova/Ionic Google Play Services Versions Incompatibility Adapter" cordova-plugin-advanced-http 2.4.1 "Advanced HTTP plugin" cordova-plugin-app-version 0.1.9 "AppVersion" cordova-plugin-appcenter-analytics 0.5.1 "App Center Analytics for Cordova" cordova-plugin-appcenter-shared 0.5.1 "App Center shared code for Cordova" cordova-plugin-apprate 1.5.0 "AppRate" cordova-plugin-background-mode 0.7.3 "BackgroundMode" cordova-plugin-badge 0.8.8 "Badge" cordova-plugin-code-push 1.12.2 "CodePush" cordova-plugin-compat 1.2.0 "Compat" cordova-plugin-device 2.0.2 "Device" cordova-plugin-dialogs 2.0.1 "Notification" cordova-plugin-file 6.0.2 "File" cordova-plugin-file-transfer 1.6.3 "File Transfer" cordova-plugin-geolocation 4.0.2 "Geolocation" cordova-plugin-googleplus 7.0.1 "Google SignIn" cordova-plugin-health 1.0.5 "Cordova Health" cordova-plugin-inappbrowser 3.2.0 "InAppBrowser" cordova-plugin-ionic-keyboard 2.1.2 "cordova-plugin-ionic-keyboard" cordova-plugin-ionic-webview 4.1.3 "cordova-plugin-ionic-webview" cordova-plugin-iosrtc 6.0.9 "iosrtc" cordova-plugin-local-notification 0.9.0-beta.2 "LocalNotification" cordova-plugin-localization-strings 3.2.1 "Localization" cordova-plugin-media 5.0.3 "Media" cordova-plugin-nativestorage 2.3.2 "NativeStorage" cordova-plugin-network-information 2.0.1 "Network Information" cordova-plugin-screen-orientation 3.0.1 "Screen Orientation" cordova-plugin-splashscreen 5.0.2 "Splashscreen" cordova-plugin-statusbar 2.4.3 "StatusBar" cordova-plugin-vibration 3.1.1 "Vibration" cordova-plugin-whitelist 1.3.3 "Whitelist" cordova-plugin-zip 3.1.0 "cordova-plugin-zip" cordova-sqlite-storage 3.2.0 "Cordova sqlite storage plugin - cordova-sqlite-storage plugin version" cordova-support-google-services 1.1.0 "cordova-support-google-services" es6-promise-plugin 4.2.2 "Promise" phonegap-plugin-media-recorder 1.1.0 "Media Recorder" phonegap-plugin-media-stream 1.2.1 "MediaStream" phonegap-plugin-multidex 1.0.0 "Multidex" phonegap-plugin-push 2.2.3 "PushPlugin"
-
Cordova version: android 8.1.0
-
iOS/Android/Windows version: Android 6.0.1
-
Does this reproduce on a debug build or release build? Both build and release
-
Does this reproduce on a simulator, or only on a physical device? Physical device
This also just started affecting one of my apps, did a CodePush update over the weekend and woke up to a tonne of crash reports and angry users.
It appears to be caused by the changes in https://github.com/microsoft/cordova-plugin-code-push/pull/601 Downgrading the CodePush plugin to 1.12.1 works.
This is a pretty major issue, and it's rather disappointing that changes get released with apparently no testing on actual devices. /cc @ahdbilal
Hi all, Thanks for reporting!
Unfortunately, I can't reproduce this issue. Could you please provide some demo app with reproducing issue and reprosteps? I would like to reproduce and investigate it.
@alexandergoncharov I can also validate via https://github.com/microsoft/cordova-plugin-code-push/issues/648
Hi there! Sorry for the late response. Unfortunately, now we should slow down supporting. For more info, please check https://github.com/microsoft/cordova-plugin-code-push/issues/666.
For this issue we created a new branch with a workaround: https://github.com/microsoft/cordova-plugin-code-push/tree/fix-signed-bundles-crashes. To install the latest version from this branch, you can use:
npm install https://github.com/microsoft/cordova-plugin-code-push.git#fix-signed-bundles-crashes
Thanks, Igor
@Krasavinigor - Can you explain why this was done with a new branch, as opposed to an update to the main repo and a new release/update? Is this something that only impacts some apps, and thus only some people will need this new branch?
Hi @brassier! Sorry for the late response. I created a new branch because it's only a workaround for fixing the signed issue. Now some customers have an issue with signing updates for Cordova/Ionic apps. The reason is PR: 601. But this PR also fixes another issue Bug: 600, which affected a few customers. So, this branch doesn't contain a full fix for both issues. Now we're making service more stable and don't have much time for developing and resolving these issues.
Thanks, Igor
@Krasavinigor I typically use cordova plug add [plugin name] to install my plugins. How can I go about installing the plugin by using this specific branch instead ? Cheers
@jacksonkr cordova plugin add https://github.com/microsoft/cordova-plugin-code-push.git#fix-signed-bundles-crashes
The fix-signed-bundles-crashes branch works for android but I'm still having issues with iOS
Specifically I'm getting the xcode output of
Failed to load webpage with error: unsupported URL
which is talking about CDVWKWebViewEngine+CodePush.m line 103
I logged the request's url and it came out as nil so I'm not exactly sure what's going on. Any ideas ?
Hi,
Was there any further update on this issue? I am facing the same with the latest version.
Following is my plugin list.
"code-push": "^3.0.1",
"cordova-android": "^9.1.0",
"cordova-plugin-actionsheet": "^2.3.3",
"cordova-plugin-advanced-http": "^3.2.1",
"cordova-plugin-androidx": "^3.0.0",
"cordova-plugin-androidx-adapter": "^1.1.3",
"cordova-plugin-appcenter-analytics": "^0.5.1",
"cordova-plugin-appcenter-crashes": "^0.5.1",
"cordova-plugin-appcenter-shared": "^0.5.1",
"cordova-plugin-apprate": "^1.7.2",
"cordova-plugin-chooser": "^1.3.2",
"cordova-plugin-code-push": "^2.0.0",
"cordova-plugin-device": "^2.0.3",
"cordova-plugin-dialogs": "^2.0.2",
"cordova-plugin-enable-multidex": "^0.2.0",
"cordova-plugin-fcm-with-dependecy-updated": "^7.8.0",
"cordova-plugin-file": "^6.0.2",
"cordova-plugin-file-opener2": "^3.0.5",
"cordova-plugin-fingerprint-aio": "^4.0.2",
"cordova-plugin-firebase-analytics": "^6.0.1",
"cordova-plugin-firebase-dynamiclinks": "^6.0.1",
"cordova-plugin-geolocation": "^4.1.0",
"cordova-plugin-googlemaps": "^2.7.1",
"cordova-plugin-inappbrowser": "^5.0.0",
"cordova-plugin-nativestorage": "^2.3.2",
"cordova-plugin-splashscreen": "^6.0.0",
"cordova-plugin-statusbar": "^2.4.3",
"cordova-plugin-uniquedeviceid": "^1.3.2",
"cordova-plugin-whitelist": "^1.3.5",
"cordova-plugin-x-socialsharing": "^6.0.3",
"cordova-plugin-zip": "^3.1.0",
"cordova-support-android-plugin": "^1.0.2",
"cordova.plugins.diagnostic": "^6.0.4",
"es6-promise-plugin": "^4.2.2",
"phonegap-plugin-barcodescanner": "^8.1.0",
"skwas-cordova-plugin-datetimepicker": "^2.1.2"
Exception from android studio:
2021-10-13 13:30:10.839 12710-12913/? E/AndroidRuntime: FATAL EXCEPTION: AsyncTask #1
Process: com.dotconnect.dev1, PID: 12710
java.lang.RuntimeException: An error occurred while executing doInBackground()
at android.os.AsyncTask$4.done(AsyncTask.java:415)
at java.util.concurrent.FutureTask.finishCompletion(FutureTask.java:383)
at java.util.concurrent.FutureTask.setException(FutureTask.java:252)
at java.util.concurrent.FutureTask.run(FutureTask.java:271)
at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:305)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)
at java.lang.Thread.run(Thread.java:923)
Caused by: java.lang.NoClassDefFoundError: Failed resolution of: Lcom/nimbusds/jose/util/Base64;
at com.nimbusds.jwt.SignedJWT.parse(SignedJWT.java:110)
at com.microsoft.cordova.CodePush.verifyAndDecodeJWT(CodePush.java:174)
at com.microsoft.cordova.CodePush.access$100(CodePush.java:39)
at com.microsoft.cordova.CodePush$1.doInBackground(CodePush.java:133)
at com.microsoft.cordova.CodePush$1.doInBackground(CodePush.java:115)
at android.os.AsyncTask$3.call(AsyncTask.java:394)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:305)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)
at java.lang.Thread.run(Thread.java:923)
Caused by: java.lang.ClassNotFoundException: com.nimbusds.jose.util.Base64
at java.lang.VMClassLoader.findLoadedClass(Native Method)
at java.lang.ClassLoader.findLoadedClass(ClassLoader.java:738)
at java.lang.ClassLoader.loadClass(ClassLoader.java:363)
at java.lang.ClassLoader.loadClass(ClassLoader.java:312)
at com.nimbusds.jwt.SignedJWT.parse(SignedJWT.java:110)
at com.microsoft.cordova.CodePush.verifyAndDecodeJWT(CodePush.java:174)
at com.microsoft.cordova.CodePush.access$100(CodePush.java:39)
at com.microsoft.cordova.CodePush$1.doInBackground(CodePush.java:133)
at com.microsoft.cordova.CodePush$1.doInBackground(CodePush.java:115)
at android.os.AsyncTask$3.call(AsyncTask.java:394)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:305)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)
at java.lang.Thread.run(Thread.java:923)
Caused by: java.lang.NoClassDefFoundError: Failed resolution of: Lnet/minidev/json/JSONAware;
at com.nimbusds.jwt.SignedJWT.parse(SignedJWT.java:110)
at com.microsoft.cordova.CodePush.verifyAndDecodeJWT(CodePush.java:174)
at com.microsoft.cordova.CodePush.access$100(CodePush.java:39)
at com.microsoft.cordova.CodePush$1.doInBackground(CodePush.java:133)
at com.microsoft.cordova.CodePush$1.doInBackground(CodePush.java:115)
at android.os.AsyncTask$3.call(AsyncTask.java:394)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:305)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)
at java.lang.Thread.run(Thread.java:923)
Caused by: java.lang.ClassNotFoundException: Didn't find class "net.minidev.json.JSONAware" on path: DexPathList[[zip file "/data/app/~~yt_VGZXd4Vd2lHmlWYpxug==/com.dotconnect.dev1-QUIO9Jx4iXpO3PSBxXE1Dg==/base.apk"],nativeLibraryDirectories=[/data/app/~~yt_VGZXd4Vd2lHmlWYpxug==/com.dotconnect.dev1-QUIO9Jx4iXpO3PSBxXE1Dg==/lib/arm64, /data/app/~~yt_VGZXd4Vd2lHmlWYpxug==/com.dotconnect.dev1-QUIO9Jx4iXpO3PSBxXE1Dg==/base.apk!/lib/arm64-v8a, /system/lib64, /system_ext/lib64, /product/lib64]]
at dalvik.system.BaseDexClassLoader.findClass(BaseDexClassLoader.java:207)
at java.lang.ClassLoader.loadClass(ClassLoader.java:379)
at java.lang.ClassLoader.loadClass(ClassLoader.java:312)
at com.nimbusds.jwt.SignedJWT.parse(SignedJWT.java:110)
at com.microsoft.cordova.CodePush.verifyAndDecodeJWT(CodePush.java:174)
at com.microsoft.cordova.CodePush.access$100(CodePush.java:39)
at com.microsoft.cordova.CodePush$1.doInBackground(CodePush.java:133)
at com.microsoft.cordova.CodePush$1.doInBackground(CodePush.java:115)
at android.os.AsyncTask$3.call(AsyncTask.java:394)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:305)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)
at java.lang.Thread.run(Thread.java:923)
