appIdentityService.signForApp (Java) and app_identity.sign_blob (Python) results are different

Question

I need to sign JWT using Google Cloud appIdentity.

I tried using python agent and it is working. But the Java client gives signature error. So I run test code to get signature of same input from Java and Python. It returns different result.

python code

import array
from google.appengine.api import app_identity

header_and_payload = "test"
(key_name, signature) = app_identity.sign_blob(header_and_payload)
print array.array('B', signature)       

java code

import com.google.appengine.api.appidentity.AppIdentityService;
import com.google.appengine.api.appidentity.AppIdentityServiceFactory;

headerAndPayload = "test";
AppIdentityService appIdentityService = AppIdentityServiceFactory.getAppIdentityService();
AppIdentityService.SigningResult signingResult = appIdentityService.signForApp(headerAndPayload.getBytes());

System.out.println(Arrays.toString(signingResult.getSignature()));

Python output

[205, 130, 214, 28, 19, 7, 233, 69, 92, 161, 8, 160, 36, 162, 149, 125, 5, 100, 8, 219, 244, 235, 188, 126, 118, 45, 176, 63, 61, 88, 91, 151, 151, 114, 228, 31, 85, 209, 117, 134, 66, 120, 13, 159, 10, 155, 70, 16, 110, 56, 212, 79, 165, 40, 222, 46, 26, 74, 182, 80, 223, 57, 244, 44, 224, 122, 230, 184, 114, 236, 158, 204, 145, 152, 133, 131, 115, 43, 224, 132, 219, 232, 186, 237, 82, 86, 243, 194, 155, 127, 26, 227, 19, 165, 142, 216, 238, 163, 99, 251, 41, 191, 164, 206, 85, 239, 64, 133, 41, 49, 120, 235, 120, 226, 96, 224, 105, 68, 81, 186, 184, 65, 233, 129, 211, 231, 211, 135, 15, 88, 35, 20, 217, 95, 56, 215, 134, 71, 210, 28, 43, 22, 231, 69, 134, 116, 227, 161, 202, 94, 54, 222, 132, 158, 108, 45, 73, 68, 240, 90, 59, 139, 222, 118, 6, 82, 162, 198, 143, 7, 233, 148, 233, 232, 101, 135, 182, 71, 148, 136, 246, 168, 5, 28, 94, 11, 10, 78, 147, 4, 200, 36, 79, 244, 117, 223, 114, 33, 2, 206, 13, 66, 204, 201, 102, 147, 237, 83, 83, 17, 221, 16, 136, 206, 115, 141, 32, 149, 131, 136, 183, 96, 51, 31, 212, 174, 245, 120, 18, 120, 191, 174, 90, 111, 122, 136, 96, 152, 81, 8, 72, 52, 33, 46, 227, 241, 41, 77, 40, 176, 97, 189, 195, 197, 202, 71]

java output

[10, -64, 92, 105, 15, 35, -32, -101, 47, 111, -1, -72, 110, 105, -77, -117, 23, 69, 113, -49, -14, -104, 110, 78, 84, -78, 30, 26, 38, -43, 36, 112, 33, -10, -5, -63, -11, 47, -53, -116, -71, 2, -64, -16, 36, 122, 45, 79, 3, 49, -7, 120, -10, 125, 92, 43, -43, -34, 100, 75, -54, -36, 5, 106, -128, 106, -120, 36, 59, -31, -2, 100, 79, 65, -118, -50, -83, 11, -19, -28, -80, -125, -8, 59, -94, -125, 91, -104, -96, -12, 14, 31, -108, 61, 12, 6, 90, -6, -24, -47, -57, 55, -64, -50, 41, 26, -46, -81, -124, 122, 82, -120, 31, 19, 85, -7, -17, 40, -18, -118, -64, 114, -76, -60, 116, -12, -16, 12, -91, 55, -57, -61, 108, 88, -13, 80, -38, 100, 121, -11, -20, -5, -105, 20, 87, 60, -125, 33, -11, 111, -115, -69, 24, 0, -113, -24, 49, 21, -27, 96, 27, 12, 72, 50, 12, 15, -61, -40, -52, -76, -63, 29, -99, 114, 88, 41, 111, 9, 127, 96, -123, 58, 92, -91, 17, 114, -11, -105, -79, -110, -100, -35, 16, 103, 27, -21, -50, 7, -28, 117, 119, -124, -127, -115, -116, 86, 74, 57, -46, 114, 102, -18, -73, 97, 10, -113, 119, -1, -68, -18, -16, -119, 49, -120, 104, 121, 113, -82, -42, -119, -81, 95, -114, 16, -11, -58, 36, -24, 58, -50, 101, -117, -55, -101, -19, 62, -53, 30, -59, 106, 37, 98, 102, 75, -9, 91]

What is the issue in Java code? Thank you.

Answer 1

In the line:

print array.array('B', signature)

you are using the option 'B' for unsigned char according to the docs. If you use the option 'b' (for signed char) like in

print array.array('b', signature) 

you will get the same results for both the Java and the python versions.

I performed tests with the sample codes for Python and Java. In the Python example I set the message variable to the same value as in Java:

message = "abcdefg"

and added this line:

self.response.write('Signature Array: {}\n'.format(array.array('b', signature)))

Hope this helps.