The signature check must be clearely documented

[ddebrunner]

@Karsten12 Can you create a .md file describing how to configure and use the signature check for POST etc that can be linked from the main README.md

[Karsten12]

@joergboe I created a .md file in #63 that describes in detail how the signature verification works. You likely know more about endpoint-monitor than I do, so if I made a mistake in my explanation, please let me know and I'll fix it asap.

[joergboe]

What I mean is a description from the user point of view.

• How can I enable/disable the signature check
• What does the signature check do. What kind of methods are checked against the signature (Methods with body?)
• What kind of signature is required from the sender (sha1 hmac over the body)

[Karsten12]

Ok, I will consult with Dan about this and if need be, update my PR. But just off the top of my head, I don't believe signature check is of concern to the user, so the user cannot enable/disable it, but I could be wrong

Edit: I was wrong, will fix PR

[ddebrunner]

@Karsten12 Please create doc files in the newly added docs folder.

[ddebrunner]

cf https://github.com/IBMStreams/endpoint-monitor/blob/master/README.md#4-define-https-certificates

[ddebrunner]

Done.

[ddebrunner]

Actually, still need an example on signing requests.

[joergboe]

https://github.com/IBMStreams/endpoint-monitor/blob/develop/docs/signature_auth.md

To Sign a request (file dat0.txt contains the request body):

curl -k --header 'Content-Type: application/json' --header "X-Signature: $(openssl dgst -sha1 -hex -hmac password dat0.txt | cut -d ' ' -f 2 )" --request POST --data @dat0.txt