-
-
Save RenzoF/5c564b67eb9a4f587b078c039235e860 to your computer and use it in GitHub Desktop.
ebay-mfa
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
2022-12-08 09:27:00 2022-12-08 08:27:00.607 INFO 8 --- [nio-8080-exec-3] c.e.s.VerificationService : Calculated base: | |
2022-12-08 09:27:00 "content-digest": sha-256=:jLO5LPb0rcfbRPjjUMDYVqjo7muhzU+WrkmKhnFYFd4=: | |
2022-12-08 09:27:00 "x-ebay-signature-key": eyJ6aXAiOiJERUYiLCJlbmMiOiJBMjU2R0NNIiwidGFnIjoiSXh2dVRMb0FLS0hlS0Zoa3BxQ05CUSIsImFsZyI6IkEyNTZHQ01LVyIsIml2IjoiaFd3YjNoczk2QzEyOTNucCJ9.2o02pR9SoTF4g_5qRXZm6tF4H52TarilIAKxoVUqjd8.3qaF0KJN-rFHHm_P.AMUAe9PPduew09mANIZ-O_68CCuv6EIx096rm9WyLZnYz5N1WFDQ3jP0RBkbaOtQZHImMSPXIHVaB96RWshLuJsUgCKmTAwkPVCZv3zhLxZVxMXtPUuJ-ppVmPIv0NzznWCOU5Kvb9Xux7ZtnlvLXgwOFEix-BaWNomUAazbsrUCbrp514GIea3butbyxXLNi6R9TJUNh8V2uan-optT1MMyS7eMQnVGL5rYBULk.9K5ucUqAu0DqkkhgubsHHw | |
2022-12-08 09:27:00 "@method": POST | |
2022-12-08 09:27:00 "@path": /verifysignature | |
2022-12-08 09:27:00 "@authority": localhost:8080 | |
2022-12-08 09:27:00 "@signature-params": ("content-digest" "x-ebay-signature-key" "@method" "@path" "@authority");created=1670488020 | |
2022-12-08 09:27:00 com.ebay.signaturevalidation.SignatureException: Signature invalid | |
2022-12-08 09:27:00 at com.ebay.signaturevalidation.VerificationService.verifySignature(VerificationService.java:148) | |
2022-12-08 09:27:00 at com.ebay.signaturevalidation.VerificationService.verifyMessage(VerificationService.java:56) | |
2022-12-08 09:27:00 at com.ebay.signaturevalidation.VerificationInterceptor.preHandle(VerificationInterceptor.java:31) | |
2022-12-08 09:27:00 at org.springframework.web.servlet.HandlerExecutionChain.applyPreHandle(HandlerExecutionChain.java:148) | |
2022-12-08 09:27:00 at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1062) | |
2022-12-08 09:27:00 at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:963) | |
2022-12-08 09:27:00 at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1006) | |
2022-12-08 09:27:00 at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:909) | |
2022-12-08 09:27:00 at javax.servlet.http.HttpServlet.service(HttpServlet.java:681) | |
2022-12-08 09:27:00 at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:883) | |
2022-12-08 09:27:00 at javax.servlet.http.HttpServlet.service(HttpServlet.java:764) | |
2022-12-08 09:27:00 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:227) | |
2022-12-08 09:27:00 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) | |
2022-12-08 09:27:00 at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53) | |
2022-12-08 09:27:00 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) | |
2022-12-08 09:27:00 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) | |
2022-12-08 09:27:00 at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100) | |
2022-12-08 09:27:00 at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) | |
2022-12-08 09:27:00 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) | |
2022-12-08 09:27:00 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) | |
2022-12-08 09:27:00 at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93) | |
2022-12-08 09:27:00 at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) | |
2022-12-08 09:27:00 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) | |
2022-12-08 09:27:00 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) | |
2022-12-08 09:27:00 at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201) | |
2022-12-08 09:27:00 at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) | |
2022-12-08 09:27:00 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) | |
2022-12-08 09:27:00 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) | |
2022-12-08 09:27:00 at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) | |
2022-12-08 09:27:00 at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) | |
2022-12-08 09:27:00 at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:541) | |
2022-12-08 09:27:00 at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) | |
2022-12-08 09:27:00 at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) | |
2022-12-08 09:27:00 at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) | |
2022-12-08 09:27:00 at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:360) | |
2022-12-08 09:27:00 at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399) | |
2022-12-08 09:27:00 at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) | |
2022-12-08 09:27:00 at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:890) | |
2022-12-08 09:27:00 at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1787) | |
2022-12-08 09:27:00 at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) | |
2022-12-08 09:27:00 at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) | |
2022-12-08 09:27:00 at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) | |
2022-12-08 09:27:00 at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) | |
2022-12-08 09:27:00 at java.base/java.lang.Thread.run(Thread.java:829) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using Org.BouncyCastle.Crypto.Signers; | |
using Org.BouncyCastle.Security; | |
using RestSharp; | |
using System; | |
using System.Collections.Generic; | |
using System.Linq; | |
using System.Security.Cryptography; | |
using System.Text; | |
namespace EbayHttpSignature | |
{ | |
internal class Program | |
{ | |
private static string[] signatureParameters = new string[] { "content-digest", "x-ebay-signature-key", "@method", "@path", "@authority" }; | |
private static string signatureInput = string.Empty; | |
static void Main(string[] args) | |
{ | |
//var token = "enter token here"; | |
var jwe = "eyJ6aXAiOiJERUYiLCJlbmMiOiJBMjU2R0NNIiwidGFnIjoiSXh2dVRMb0FLS0hlS0Zoa3BxQ05CUSIsImFsZyI6IkEyNTZHQ01LVyIsIml2IjoiaFd3YjNoczk2QzEyOTNucCJ9.2o02pR9SoTF4g_5qRXZm6tF4H52TarilIAKxoVUqjd8.3qaF0KJN-rFHHm_P.AMUAe9PPduew09mANIZ-O_68CCuv6EIx096rm9WyLZnYz5N1WFDQ3jP0RBkbaOtQZHImMSPXIHVaB96RWshLuJsUgCKmTAwkPVCZv3zhLxZVxMXtPUuJ-ppVmPIv0NzznWCOU5Kvb9Xux7ZtnlvLXgwOFEix-BaWNomUAazbsrUCbrp514GIea3butbyxXLNi6R9TJUNh8V2uan-optT1MMyS7eMQnVGL5rYBULk.9K5ucUqAu0DqkkhgubsHHw"; | |
var privateKey = "MC4CAQAwBQYDK2VwBCIEIJ+DYvh6SEqVTm50DFtMDoQikTmiCqirVv9mWG9qfSnF"; | |
var client = new RestClient("http://localhost:8080"); //new RestClient("https://api.sandbox.ebay.com"); | |
var request = new RestRequest("verifysignature", Method.Post); //new RestRequest("/sell/fulfillment/v1/order/14-00032-43825/issue_refund", Method.Post); | |
var uri = client.BuildUri(request); | |
var message = "{\"orderLevelRefundAmount\": {\"currency\": \"USD\",\"value\": 10.39},\"reasonForRefund\": \"ITEM_NOT_AS_DESCRIBED\",\"comment\": \"public API test_order_partial_refund\"}"; | |
var contentHash = ComputeContentHash(message); | |
request.AddStringBody(message, DataFormat.Json); | |
request.AddHeader("x-ebay-signature-key", $"{jwe}"); | |
request.AddHeader("Content-Digest", $"sha-256=:{contentHash}:"); | |
request.AddHeader("Signature", $"sig1=:{SignSignature(privateKey, request, uri)}:"); | |
request.AddHeader("Signature-Input", $"sig1={signatureInput}"); | |
request.AddHeader("x-ebay-enforce-signature", "true"); | |
//request.AddHeader("Authorization", $"Bearer {token}"); | |
var result = client.Execute(request); | |
Console.WriteLine(result.StatusCode); | |
Console.WriteLine(result.Content); | |
} | |
static string SignSignature(string privateKey, RestRequest request, Uri uri) | |
{ | |
var signature = GetSignature(request, uri); | |
var signatureBase = Encoding.UTF8.GetBytes(signature); | |
var key = PrivateKeyFactory.CreateKey(Convert.FromBase64String(privateKey)); | |
var signer = new Ed25519Signer(); | |
signer.Init(true, key); | |
signer.BlockUpdate(signatureBase, 0, signatureBase.Length); | |
var sig = Convert.ToBase64String(signer.GenerateSignature(), Base64FormattingOptions.None); | |
return sig; | |
} | |
static Org.BouncyCastle.Crypto.AsymmetricKeyParameter ReadAsymmetricKeyParameter(string pemFilename) | |
{ | |
var fileStream = System.IO.File.OpenText(pemFilename); | |
var pemReader = new Org.BouncyCastle.OpenSsl.PemReader(fileStream); | |
var KeyParameter = (Org.BouncyCastle.Crypto.AsymmetricKeyParameter)pemReader.ReadObject(); | |
return KeyParameter; | |
} | |
static string GetSignature(RestRequest request, Uri uri) | |
{ | |
var sb = new StringBuilder(); | |
var requestHeaders = request.Parameters.Where(x => x.Type == ParameterType.HttpHeader); | |
foreach (var param in signatureParameters) | |
{ | |
sb.Append($"\"{param.ToLower()}\": "); | |
if (param.StartsWith("@")) | |
{ | |
switch (param.ToLower()) | |
{ | |
case "@method": | |
sb.Append(request.Method.ToString().ToUpper()); | |
break; | |
case "@path": | |
sb.Append(uri.AbsolutePath); | |
break; | |
case "@authority": | |
sb.Append(uri.Authority); | |
break; | |
} | |
} | |
else | |
{ | |
var value = requestHeaders.FirstOrDefault(x => x?.Name?.ToLower() == param.ToLower()); | |
if (value is null) | |
throw new Exception("Header " + param + " not included in message"); | |
sb.Append(value.Value); | |
} | |
sb.AppendLine(); | |
} | |
sb.Append("\"@signature-params\": "); | |
signatureInput = GetSignatureInput(); | |
sb.Append(signatureInput); | |
return sb.ToString(); | |
} | |
static string GetSignatureInput() | |
{ | |
var sb = new StringBuilder($"("); | |
foreach (var param in signatureParameters) | |
{ | |
if (sb.ToString().EndsWith("(")) | |
sb.Append($"\"{param}\""); | |
else | |
sb.Append($" \"{param}\""); | |
} | |
sb.Append($");created={DateTimeOffset.Now.ToUnixTimeSeconds()}"); | |
return sb.ToString(); | |
} | |
static string ComputeContentHash(string content) | |
{ | |
using (var sha256 = SHA256.Create()) | |
{ | |
byte[] hashedBytes = sha256.ComputeHash(Encoding.UTF8.GetBytes(content)); | |
return Convert.ToBase64String(hashedBytes); | |
} | |
} | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using RestSharp; | |
namespace EbayHttpSignature.Tests | |
{ | |
[TestClass] | |
public class ValidationTests | |
{ | |
private string url = "http://localhost:8080/"; | |
[TestMethod] | |
public void ValidRequest() | |
{ | |
var client = new RestClient(url); | |
var request = new RestRequest("verifysignature", Method.Post); | |
request.AddHeader("Content-Type", "application/json"); | |
request.AddHeader("Signature-Input", "sig1=(\"content-digest\" \"x-ebay-signature-key\" \"@method\" \"@path\" \"@authority\");created=1658440308"); | |
request.AddHeader("Content-Digest", "sha-256=:X48E9qOokqqrvdts8nOJRJN3OWDUoyWxBf7kbu9DBPE=:"); | |
request.AddHeader("Signature", "sig1=:ZMUpAejnqrt6POSx02ltx3cT9YODV2r+Cem/BKOagDSfztKOtCsjP/MxZqmY+FVJ3/8E4BL76T9Fjty8oJnsAw==:"); | |
request.AddHeader("x-ebay-signature-key", "eyJ6aXAiOiJERUYiLCJlbmMiOiJBMjU2R0NNIiwidGFnIjoiSXh2dVRMb0FLS0hlS0Zoa3BxQ05CUSIsImFsZyI6IkEyNTZHQ01LVyIsIml2IjoiaFd3YjNoczk2QzEyOTNucCJ9.2o02pR9SoTF4g_5qRXZm6tF4H52TarilIAKxoVUqjd8.3qaF0KJN-rFHHm_P.AMUAe9PPduew09mANIZ-O_68CCuv6EIx096rm9WyLZnYz5N1WFDQ3jP0RBkbaOtQZHImMSPXIHVaB96RWshLuJsUgCKmTAwkPVCZv3zhLxZVxMXtPUuJ-ppVmPIv0NzznWCOU5Kvb9Xux7ZtnlvLXgwOFEix-BaWNomUAazbsrUCbrp514GIea3butbyxXLNi6R9TJUNh8V2uan-optT1MMyS7eMQnVGL5rYBULk.9K5ucUqAu0DqkkhgubsHHw"); | |
var body = @"{""hello"": ""world""}"; | |
request.AddParameter("application/json", body, ParameterType.RequestBody); | |
var result = client.Execute(request); | |
Assert.AreEqual(result.StatusCode, System.Net.HttpStatusCode.OK); | |
} | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
2022-12-08 09:41:32 2022-12-08 08:41:32.456 INFO 8 --- [io-8080-exec-10] c.e.s.VerificationService : Calculated base: | |
2022-12-08 09:41:32 "content-digest": sha-256=:X48E9qOokqqrvdts8nOJRJN3OWDUoyWxBf7kbu9DBPE=: | |
2022-12-08 09:41:32 "x-ebay-signature-key": eyJ6aXAiOiJERUYiLCJlbmMiOiJBMjU2R0NNIiwidGFnIjoiSXh2dVRMb0FLS0hlS0Zoa3BxQ05CUSIsImFsZyI6IkEyNTZHQ01LVyIsIml2IjoiaFd3YjNoczk2QzEyOTNucCJ9.2o02pR9SoTF4g_5qRXZm6tF4H52TarilIAKxoVUqjd8.3qaF0KJN-rFHHm_P.AMUAe9PPduew09mANIZ-O_68CCuv6EIx096rm9WyLZnYz5N1WFDQ3jP0RBkbaOtQZHImMSPXIHVaB96RWshLuJsUgCKmTAwkPVCZv3zhLxZVxMXtPUuJ-ppVmPIv0NzznWCOU5Kvb9Xux7ZtnlvLXgwOFEix-BaWNomUAazbsrUCbrp514GIea3butbyxXLNi6R9TJUNh8V2uan-optT1MMyS7eMQnVGL5rYBULk.9K5ucUqAu0DqkkhgubsHHw | |
2022-12-08 09:41:32 "@method": POST | |
2022-12-08 09:41:32 "@path": /verifysignature | |
2022-12-08 09:41:32 "@authority": localhost:8080 | |
2022-12-08 09:41:32 "@signature-params": ("content-digest" "x-ebay-signature-key" "@method" "@path" "@authority");created=1658440308 | |
2022-12-08 09:41:32 2022-12-08 08:41:32.457 INFO 8 --- [io-8080-exec-10] c.e.s.VerificationService : Message signature verified |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment