Skip to content

GitHub app integration fails with jwt deserialization error #14434

New issue
Jump to bottom
New issue
Jump to bottom
Closed
Closed
GitHub app integration fails with jwt deserialization error#14434
@bencever

Description

@bencever
bencever
opened on Aug 19, 2019

Important Details

How are you running Sentry?

  • On-Premise docker [Version 9.1.1]
  • Saas (sentry.io)
  • Other [briefly describe your environment]

Description

I'm trying to configure the GitHub integration to use Releases in Sentry, but the GitHub application installation fails throwing the following error:

...
  File "/usr/local/lib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 1335, in _handle_key_loading_error
    raise ValueError("Could not deserialize key data.")
ValueError: Could not deserialize key data.
14:49:23 [ERROR] django.request: Internal Server Error: /extensions/github/setup/ (request_id=u'78d0b34e6f475fe7e2104988ba6cd38b' status_code=500 request=<WSGIRequest: GET u'/extensions/github/setup/?installation_id=1568099&setup_action=install'>)

The certificate is valid, and by hand a public key can be generated.

Steps to Reproduce

  1. Created the GitHub app according to documentation
  2. Generated a private key on the GitHub UI, then converted to the oneliner format with \n's
  3. Deployed Sentry with the config including the correct settings for the GitHub integration
  4. Initiate install on GitHub, and either right away, or after selecting the organization:

Screenshot 2019-08-19 at 16 49 11

5. Checked with PyJWT-1.5.3 and PyJWT-1.7.1
  • Full stacktrace:
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/site-packages/django/core/handlers/base.py", line 112, in get_response
    response = wrapped_callback(request, *callback_args, **callback_kwargs)
  File "/usr/local/lib/python2.7/site-packages/django/views/generic/base.py", line 69, in view
    return self.dispatch(request, *args, **kwargs)
  File "/usr/local/lib/python2.7/site-packages/django/views/decorators/csrf.py", line 57, in wrapped_view
    return view_func(*args, **kwargs)
  File "/usr/local/lib/python2.7/site-packages/sentry/web/frontend/base.py", line 225, in dispatch
    return self.handle(request, *args, **kwargs)
  File "/usr/local/lib/python2.7/site-packages/sentry/web/frontend/pipeline_advancer.py", line 48, in handle
    return pipeline.current_step()
  File "/usr/local/lib/python2.7/site-packages/sentry/pipeline/__init__.py", line 207, in current_step
    return self.finish_pipeline()
  File "/usr/local/lib/python2.7/site-packages/sentry/integrations/pipeline.py", line 41, in finish_pipeline
    data = self.provider.build_integration(self.state.data)
  File "/usr/local/lib/python2.7/site-packages/sentry/integrations/github/integration.py", line 234, in build_integration
    identity['access_token'], state['installation_id'])
  File "/usr/local/lib/python2.7/site-packages/sentry/integrations/github/integration.py", line 207, in get_installation_info
    'Authorization': 'Bearer %s' % get_jwt(),
  File "/usr/local/lib/python2.7/site-packages/sentry/integrations/github/utils.py", line 27, in get_jwt
    return jwt.encode(payload, github_private_key, algorithm='RS256')
  File "/usr/local/lib/python2.7/site-packages/jwt/api_jwt.py", line 56, in encode
    payload[time_claim] = timegm(payload[time_claim].utctimetuple())  # type: ignore
  File "/usr/local/lib/python2.7/site-packages/jwt/api_jws.py", line 102, in encode
    cls=json_encoder
  File "/usr/local/lib/python2.7/site-packages/jwt/algorithms.py", line 207, in prepare_key
    key = load_pem_public_key(key, backend=default_backend())
  File "/usr/local/lib/python2.7/site-packages/cryptography/hazmat/primitives/serialization/base.py", line 20, in load_pem_public_key
    return backend.load_pem_public_key(data)
  File "/usr/local/lib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 1077, in load_pem_public_key
    self._handle_key_loading_error()
  File "/usr/local/lib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 1335, in _handle_key_loading_error
    raise ValueError("Could not deserialize key data.")
ValueError: Could not deserialize key data.
  • Configured private key:
root@sentry-776457bbf8-j5kfh:/# sentry config get github-app.private-key
14:51:21 [WARNING] sentry.utils.geo: settings.GEOIP_PATH_MMDB not configured.
14:51:28 [INFO] sentry.plugins.github: apps-not-configured
        type: STRING
 from config: -----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEApsW3ekdneo9Naq+K29CcwYxWyQjjaJ0QqTSjK3oKuqjiRCYQ
...
BaANbNPGk4WqzXAA/7Qw1935F2M9UMyn07vdyMd0eCHZZ6iHuZgl
-----END RSA PRIVATE KEY-----

     current: "-----BEGIN RSA PRIVATE KEY-----\nMIIEowIBAAKCAQEApsW3ekdneo9Naq+K29CcwYxWyQjjaJ0QqTSjK3oKuqjiRCYQ\n...\nBaANbNPGk4WqzXAA/7Qw1935F2M9UMyn07vdyMd0eCHZZ6iHuZgl\n-----END RSA PRIVATE KEY-----\n"
  • Key validation:
# openssl rsa -in sentry.pem -check
RSA key ok
writing RSA key
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEApsW3ekdneo9Naq+K29CcwYxWyQjjaJ0QqTSjK3oKuqjiRCYQ
...
BaANbNPGk4WqzXAA/7Qw1935F2M9UMyn07vdyMd0eCHZZ6iHuZgl
-----END RSA PRIVATE KEY-----
# openssl rsa -in sentry.pem -pubout > sentry_pub.pem
writing RSA key
# openssl rsa -inform PEM -pubin -in sentry_pub.pem -text -noout
Public-Key: (2048 bit)
Modulus:
    00:a6:c5:...
...
    54:37
Exponent: 65537 (0x10001)

What you expected to happen

A successful installation :(

Possible Solution

Found the following relevant issues in PyJWT:

Activity

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions