Welcome to the Java Programming Forums


The professional, friendly Java community. 21,500 members and growing!


The Java Programming Forums are a community of Java programmers from all around the World. Our members have a wide range of skills and they all have one thing in common: A passion to learn and code Java. We invite beginner Java programmers right through to Java professionals to post here and share your knowledge. Become a part of the community, help others, expand your knowledge of Java and enjoy talking with like minded people. Registration is quick and best of all free. We look forward to meeting you.


>> REGISTER NOW TO START POSTING


Members have full access to the forums. Advertisements are removed for registered users.

Results 1 to 1 of 1

Thread: problem verifying the signature using public key

  1. #1
    Junior Member
    Join Date
    Dec 2022
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default problem verifying the signature using public key

    I have a webhook that sends a header, which needs to be verified. Below are some details:

    **Problem :**

    The Java method always returns false. The provided header and body are correct and should result as TRUE.

    **As per docs from the provider :**

    Signature = Base64(RSA512(WEBHOOK_PRIVATE_KEY, SHA512(eventBody)))

    **Public Key :**
    -----BEGIN PUBLIC KEY-----
    MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0+6wd9OJQpK60ZI7qnZG
    jjQ0wNFUHfRv85Tdyek8+ahlg1Ph8uhwl4N6DZw5LwLXhNjzAbQ8LGPxt36RUZl5
    YlxTru0jZNKx5lslR+H4i936A4pKBjgiMmSkVwXD9HcfKHTp70GQ812+J0Fvti/v
    4nrrUpc011Wo4F6omt1QcYsi4GTI5OsEbeKQ24BtUd6Z1Nm/EP7PfPxeb4CP8KOH
    clM8K7OwBUfWrip8Ptljjz9BNOZUF94iyjJ/BIzGJjyCntho64ehpUYP8UJykLVd
    CGcu7sVYWnknf1ZGLuqqZQt4qt7cUUhFGielssZP9N9x7wzaAIFcT3yQ+ELDu1SZ
    dE4lZsf2uMyfj58V8GDOLLE233+LRsRbJ083x+e2mW5BdAGtGgQBusFfnmv5Bxqd
    HgS55hsna5725/44tvxll261TgQvjGrTxwe7e5Ia3d2Syc+e89mXQaI/+cZnylNP
    SwCCvx8mOM847T0XkVRX3ZrwXtHIA25uKsPJzUtksDnAowB91j7RJkjXxJcz3Vh1
    4k182UFOTPRW9jzdWNSyWQGl/vpe9oQ4c2Ly15+/toBo4YXJeDdDnZ5c/O+KKadc
    IMPBpnPrH/0O97uMPuED+nI6ISGOTMLZo35xJ96gPBwyG5s2QxIkKPXIrhgcgUnk
    tSM7QYNhlftT4/yVvYnk0YcCAwEAAQ==
    -----END PUBLIC KEY-----

    **Header :**
    YNYVgWsx3PdoEGq2nUFGLmE6tE2y0LCc/eWPSY+rAqK+8fcxrPN0SPGbTdAXQ9+v62T5akWaVRWKXc1YBWlZxhVTCa/Ou7FfjVPG6JIQNX3Lks3ZhW0k29bVKf7Qvjp7z8HM9s1D8ZC28HvpX15a4by7DpNKkQ6cLWMDtBvqY02FSO+L4Vq54GZoTrplYkqCYcI4/oWchYzMZMq4omIOuam2DXm5BLlZ7HCR/nhUyp5duJpYnWJCKEwOTh3zLm842r5Fa9humq9WKkkT+AgFxe95bG4F3p8XhsciXiaNgx8diKLF0aBklqJ6yA70vjIP92BHuEnvIl37RiSFiIvkYWvLpMc1LoPxWZvncaLUjlYSVT3zd/gCDPEn1Mu8wUogGt9npkc/eKMdrKefcjEIMrJoO0HMMREZcOpc72F0+RM4QCkMaQMmK4zq9cBF0E2bNaEabNDSWXIfx9fa2VuyGYa5GLmAPUQPYRv50n92IGFewxj9vFAWhca+uthvsqz3FekyHK+c9G1Wh9OScR2TQp9Lbe4LqlX4FGapQitmfDvKRJhjAVm0n5355+k1dRse4fGeXqd2EfledWUJ3egpmW1NlmWBr8d4PsruKYZnphEMn9F5F3Vyu2sCpBSvqmcMANXzyZP7u3lGsUpH4V2lM6nCeBiRcbfwyrFsJ6Q5dso=

    **RequestBody:**
    {"type":"TRANSACTION_STATUS_UPDATED","tenantId":"f4df1e73-ec68-53c5-aa92-1a2bc45900ef","timestamp":1671288284087,"data":{"id":"b96f37dd-0fe9-4aa0-853b-f7d39c2ddc52","createdAt":1671286112004,"lastUpdated":1671286112019,"assetId":"BTC_TEST","source":{"id":"","type":"UNKNOWN","name":"External","subType":""},"destination":{"id":"26","type":"VAULT_ACCOUNT","name":"55b49ae0-0f34-4b3c-8cf6-0094254261c2","subType":""},"amount":1.0E-5,"networkFee":1.41E-6,"netAmount":1.0E-5,"sourceAddress":"tb1qluc5wgms8kpu0tydu00590qryfan3969jvmc8e","destinationAddress":"tb1qyhfnsfe2dy8az3040yvx087qdfsw6yxk8pc7yj","destinationAddressDescription":"","destinationTag":"","status":"CONFIRMING","txHash":"15873dc631db22a1bd13c6adecf7fb63f8fbbecce36eb38d12df65573e83dfa9","subStatus":"PENDING_BLOCKCHAIN_CONFIRMATIONS","signedBy":[],"createdBy":"","rejectedBy":"","amountUSD":0.17,"addressType":"","note":"","exchangeTxId":"","requestedAmount":1.0E-5,"feeCurrency":"BTC_TEST","operation":"TRANSFER","customerRefId":null,"numOfConfirmations":2,"amountInfo":{"amount":"0.00001","requestedAmount":"0.00001","netAmount":"0.00001","amountUSD":"0.17"},"feeInfo":{"networkFee":"0.00000141"},"destinations":[],"externalTxId":null,"blockInfo":{"blockHeight":"2411637","blockHash":"00000000d45b7ebf40921cbc70fb6791985a0b256241757a28bf762be07478e8"},"signedMessages":[],"index":1}}

    **Java method that's called when webhook event is received :**

    public boolean matches(WebhookEvent body, String header){
     
            try {
                File publicKeyFile = new File("publicKey.pub");
     
                byte[] bytes = PemUtils.parsePEMFile(publicKeyFile);
                KeyFactory kf = KeyFactory.getInstance("RSA");
                X509EncodedKeySpec spec = new X509EncodedKeySpec(bytes);
                PublicKey publicKey = kf.generatePublic(spec);
     
                ObjectMapper objectMapper = new ObjectMapper();
                String message = objectMapper.writeValueAsString(body);
     
                Signature verifier = Signature.getInstance("SHA512withRSA");
                verifier.initVerify(publicKey);
                verifier.update(message.getBytes());
     
                boolean isVerified = verifier.verify(Base64.getDecoder().decode(header));
                System.out.println("Verified: " + isVerified);
     
                return isVerified;
            } catch (Exception e){
                log.error("Error while verifying signature : " + e.getMessage());
                e.printStackTrace();
                return false;
            }
        }

    **PemFile parser :**

        static byte[] parsePEMFile(File pemFile) throws IOException {
            if (!pemFile.isFile() || !pemFile.exists()) {
                throw new FileNotFoundException(String.format("The file '%s' doesn't exist.", pemFile.getAbsolutePath()));
            }
            PemReader reader = new PemReader(new FileReader(pemFile));
            PemObject pemObject = reader.readPemObject();
            byte[] content = pemObject.getContent();
            reader.close();
            return content;
        }
    Last edited by gladiator9120; December 21st, 2022 at 01:44 AM.

Similar Threads

  1. JAVA=CODE= public class Main { What's the problem with that line?
    By yochai1100 in forum What's Wrong With My Code?
    Replies: 4
    Last Post: October 21st, 2019, 11:21 PM
  2. Verifying a String
    By ZARC76 in forum What's Wrong With My Code?
    Replies: 1
    Last Post: March 24th, 2019, 01:44 PM
  3. Trimming, parsing, verifying grades entered are valid
    By MissMandy in forum What's Wrong With My Code?
    Replies: 7
    Last Post: March 27th, 2013, 07:59 AM
  4. Downloading files and verifying MD5 checksums
    By Kryptix in forum What's Wrong With My Code?
    Replies: 3
    Last Post: October 3rd, 2010, 11:04 PM
  5. [SOLVED] Is "Public void closeFile()" a problem in the program for AS-Level computing project
    By muffin in forum What's Wrong With My Code?
    Replies: 2
    Last Post: August 5th, 2009, 09:12 PM