From e0cf6120b293e0e6f9fab6cef7862c4a48de12a3 Mon Sep 17 00:00:00 2001 From: LUCIF680 Date: Mon, 8 Apr 2024 15:18:58 +0530 Subject: [PATCH 1/2] feat: java verify header --- .../java/ondc/onboarding/utility/Routes.java | 26 +++++++++++++++++-- .../java/ondc/onboarding/utility/Utils.java | 9 +++++++ 2 files changed, 33 insertions(+), 2 deletions(-) diff --git a/utilities/on_subscibe-service/java/src/main/java/ondc/onboarding/utility/Routes.java b/utilities/on_subscibe-service/java/src/main/java/ondc/onboarding/utility/Routes.java index 67d94e8..7991449 100644 --- a/utilities/on_subscibe-service/java/src/main/java/ondc/onboarding/utility/Routes.java +++ b/utilities/on_subscibe-service/java/src/main/java/ondc/onboarding/utility/Routes.java @@ -57,14 +57,36 @@ public ResponseEntity> getKeys (){ String createHeader(@RequestBody JsonNode req) throws Exception { long created = System.currentTimeMillis() / 1000L; long expires = created + 300000; + logger.info(toBase64(generateBlakeHash(req.get("value").toString()))); + logger.info(req.get("value").toString()); String hashedReq = hashMassage(req.get("value").toString(),created,expires); String signature = sign(Base64.getDecoder().decode(req.get("private_key").asText()),hashedReq.getBytes()); - String subscriberId = "altiux.com"; - String uniqueKeyId = "c9aa1b41-04e9-43e2-bd89-9ddcdecbf4cf"; + String subscriberId = req.get("subscriber_id").asText(); + String uniqueKeyId = req.get("unique_key_id").asText(); return "Signature keyId=\"" + subscriberId + "|" + uniqueKeyId + "|" + "ed25519\"" + ",algorithm=\"ed25519\"," + "created=\"" + created + "\",expires=\"" + expires + "\",headers=\"(created) (expires)" + " digest\",signature=\"" + signature + "\""; } + @PostMapping("/verify-header") + public boolean isValidHeader(@RequestBody JsonNode req) throws Exception { + long currentTimestamp = System.currentTimeMillis() / 1000L; + String authHeader = req.get("header").asText(); + String signature = authHeader.split(",")[5].split("=")[1].replaceAll("\"",""); + long expires = Long.parseLong(authHeader.split(",")[3].split("=")[1].replaceAll("\"","")); + long created = Long.parseLong(authHeader.split(",")[2].split("=")[1].replaceAll("\"","")); + if ((created > currentTimestamp) || currentTimestamp > expires){ + logger.info("Timestamp should be Created < CurrentTimestamp < Expires"); + return false; + } + String hashedReq = hashMassage(req.get("value").toString(),created,expires); + logger.info(hashedReq); + return verify( + fromBase64(signature), + hashedReq.getBytes(), + fromBase64(req.get("public_key").asText()) + ); + } + @PostMapping("/subscribe") public ResponseEntity subscribe(@RequestBody JsonNode subscribeBody) throws NoSuchPaddingException, IllegalBlockSizeException, BadPaddingException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, JSONException, IOException, InterruptedException { diff --git a/utilities/on_subscibe-service/java/src/main/java/ondc/onboarding/utility/Utils.java b/utilities/on_subscibe-service/java/src/main/java/ondc/onboarding/utility/Utils.java index ac3083d..cf82e31 100644 --- a/utilities/on_subscibe-service/java/src/main/java/ondc/onboarding/utility/Utils.java +++ b/utilities/on_subscibe-service/java/src/main/java/ondc/onboarding/utility/Utils.java @@ -37,6 +37,10 @@ public static CryptoKeyPair generateEncDecKey() throws InvalidKeyException, NoSu public static String toBase64(byte[] src){ return Base64.getEncoder().encodeToString(src); } + public static byte[] fromBase64 (String str) { + return Base64.getDecoder().decode(str); + } + public static String hashMassage(String req, long created,long expires) throws Exception { byte[] digest = generateBlakeHash(req); @@ -64,6 +68,11 @@ public static String sign(byte[] privateKey,byte[] message) { return toBase64(signature); } + public static boolean verify(byte[] signature,byte[] message, byte[] publicKey) { + //verify the given signature with + return Ed25519.verify(signature, 0, publicKey, 0, message, 0, message.length); + } + public static byte[] encryptDecrypt(int mode, byte[] challenge_string,byte[] privateKey, byte[] publicKey) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeySpecException, InvalidKeyException, NoSuchPaddingException, IllegalBlockSizeException, BadPaddingException, InvalidKeySpecException { if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) { Security.addProvider(new BouncyCastleProvider()); From f3dd8cb2ad8bb1edc8797ce5c9f449f21fd9c2c5 Mon Sep 17 00:00:00 2001 From: Pratik Mazumdar <45979935+pratik-mazumdar@users.noreply.github.com> Date: Mon, 8 Apr 2024 15:21:43 +0530 Subject: [PATCH 2/2] Update Readme.md --- utilities/on_subscibe-service/java/Readme.md | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/utilities/on_subscibe-service/java/Readme.md b/utilities/on_subscibe-service/java/Readme.md index d0b337d..b9f0561 100644 --- a/utilities/on_subscibe-service/java/Readme.md +++ b/utilities/on_subscibe-service/java/Readme.md @@ -74,5 +74,18 @@ To generate the auth header kindly use the following curl request: ``` curl --location 'localhost:8080/create-header' \ --header 'Content-Type: application/json' \ ---data '{"value":{"abc":"test"},"private_key":"your_signing_private_key"}' +--header 'Cookie: connect.sid=s%3AASiu2zTqhIjkxj8OGpBcEk9MUjWPKWhy.i%2FMc29ueVdeXM96cLCESAVB5ul2yfVrZviJDEKHKVA0' \ +--data-raw '{"value":{"test":"test"}}, +"subscriber_id" : "abc.com", +"unique_key_id" : "ukid", +"private_key":"private_key"}' +``` + +To Verify Auth Header +``` +curl --location 'localhost:8080/verify-header' \ +--header 'Content-Type: application/json' \ +--header 'Cookie: connect.sid=s%3AASiu2zTqhIjkxj8OGpBcEk9MUjWPKWhy.i%2FMc29ueVdeXM96cLCESAVB5ul2yfVrZviJDEKHKVA0' \ +--data-raw '{"value":{"test":"test"}},"public_key":"public_key","header":"Signature keyId=\"abc.com|ukid|ed25519\",algorithm=\"ed25519\",created=\"1712239689\",expires=\"1712539689\",headers=\"(created) (expires) digest\",signature=\"Gy5wiiJYGeNOBsiXJKo4OF7fSKR65zkxa/FJjgBgenmRplhq9vNewz/ivXDFegSnrdQK9U9T19Ta55J7Aa6RBw==\"" +}' ```