Closed gwharton closed 1 year ago
@gwharton This PR should fix that: https://github.com/eBay/digital-signature-verification-ebay-api/pull/6
@gwharton Please try it again now.
I'm still unable to verify test signature.
docker-compose.yml
version: '3.8'
services:
ebay:
image: "ebay/digital-signature-verification-ebay-api:latest"
ports:
- "8083:8080"
docker-compose up
$ docker-compose up
Creating network "ebay_default" with the default driver
Creating ebay_ebay_1 ... done
Attaching to ebay_ebay_1
ebay_1 |
ebay_1 | . ____ _ __ _ _
ebay_1 | /\\ / ___'_ __ _ _(_)_ __ __ _ \ \ \ \
ebay_1 | ( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \
ebay_1 | \\/ ___)| |_)| | | | | || (_| | ) ) ) )
ebay_1 | ' |____| .__|_| |_|_| |_\__, | / / / /
ebay_1 | =========|_|==============|___/=/_/_/_/
ebay_1 | :: Spring Boot :: (v2.6.9)
ebay_1 |
ebay_1 | 2022-08-30 09:55:28.248 INFO 8 --- [ main] c.ebay.signaturevalidation.Application : Starting Application v1.0.0-SNAPSHOT using Java 11.0.16 on 490c295d0c41 with PID 8 (/home/nouser/signaturevalidation-1.0.0-SNAPSHOT.jar starte
d by nobody in /home/nouser)
ebay_1 | 2022-08-30 09:55:28.252 INFO 8 --- [ main] c.ebay.signaturevalidation.Application : No active profile set, falling back to 1 default profile: "default"
ebay_1 | 2022-08-30 09:55:29.334 INFO 8 --- [ main] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat initialized with port(s): 8080 (http)
ebay_1 | 2022-08-30 09:55:29.349 INFO 8 --- [ main] o.apache.catalina.core.StandardService : Starting service [Tomcat]
ebay_1 | 2022-08-30 09:55:29.349 INFO 8 --- [ main] org.apache.catalina.core.StandardEngine : Starting Servlet engine: [Apache Tomcat/9.0.64]
ebay_1 | 2022-08-30 09:55:29.432 INFO 8 --- [ main] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring embedded WebApplicationContext
ebay_1 | 2022-08-30 09:55:29.432 INFO 8 --- [ main] w.s.c.ServletWebServerApplicationContext : Root WebApplicationContext: initialization completed in 1092 ms
ebay_1 | 2022-08-30 09:55:30.085 INFO 8 --- [ main] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat started on port(s): 8080 (http) with context path ''
ebay_1 | 2022-08-30 09:55:30.093 INFO 8 --- [ main] c.ebay.signaturevalidation.Application : Started Application in 2.348 seconds (JVM running for 2.744)
ebay_1 | 2022-08-30 09:55:43.269 INFO 8 --- [nio-8080-exec-1] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring DispatcherServlet 'dispatcherServlet'
ebay_1 | 2022-08-30 09:55:43.270 INFO 8 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : Initializing Servlet 'dispatcherServlet'
ebay_1 | 2022-08-30 09:55:43.272 INFO 8 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : Completed initialization in 2 ms
$ curl --location --request POST 'http://localhost:8083/verifysignature' \
> --header 'Content-Type: application/json' \
> --header 'Signature-Input: sig1=("content-digest" "x-ebay-signature-key" "@method" "@path" "@authority");created=1658440308' \
> --header 'Content-Digest: sha-256=:X48E9qOokqqrvdts8nOJRJN3OWDUoyWxBf7kbu9DBPE=:' \
> --header 'Signature: sig1=:ZMUpAejnqrt6POSx02ltx3cT9YODV2r+Cem/BKOagDSfztKOtCsjP/MxZqmY+FVJ3/8E4BL76T9Fjty8oJnsAw==:' \
> --header 'x-ebay-signature-key: eyJ6aXAiOiJERUYiLCJlbmMiOiJBMjU2R0NNIiwidGFnIjoiSXh2dVRMb0FLS0hlS0Zoa3BxQ05CUSIsImFsZyI6IkEyNTZHQ01LVyIsIml2IjoiaFd3YjNoczk2QzEyOTNucCJ9.2o02pR9SoTF4g_5qRXZm6tF4H52TarilIAKxoVUqjd8.3qaF0KJN-rFHHm_P.AMUAe9PPduew09mANIZ-O_68CCuv6EIx096rm9Wy
LZnYz5N1WFDQ3jP0RBkbaOtQZHImMSPXIHVaB96RWshLuJsUgCKmTAwkPVCZv3zhLxZVxMXtPUuJ-ppVmPIv0NzznWCOU5Kvb9Xux7ZtnlvLXgwOFEix-BaWNomUAazbsrUCbrp514GIea3butbyxXLNi6R9TJUNh8V2uan-optT1MMyS7eMQnVGL5rYBULk.9K5ucUqAu0DqkkhgubsHHw' \
> --data-raw '{"hello": "world"}'
Signature invalid
@gwharton Sorry that I just saw your response now. Let me reopen this and look into it.
@gwharton I figured out what the problem is. You changed the port from 8080 to 8083; but the port is covered in the signature as part of the "authority" pseudo header. You will have to recalculate the signature to cover the updated authority. (or run it on port 8080 if you would like to use the exact same signature)
Using Docker Test image from
https://hub.docker.com/r/ebay/digital-signature-verification-ebay-api
running command
returns
Signature invalid
According to the docs, this should be a valid signature.