Imported Google Group message. Original thread at: Redirecting to Google Groups Import Date: 2016-01-19 21:05:48 +0000.
Sender:Matthieu Nantern
.
Date:Monday, 9 February 2015 12:56:42 UTC.
Hi !
I am currently evaluating Tyk and have some issue with HMAC signatures. Maybe you can help me find what’s wrong:
My API is defined like that:
{
“name”: “TEST_API”,
“api_id”: “d29d5f9e-1ad3-43fa-9dc6-604c40ce78d1”,
“org_id”: “test_api”,
“enable_signature_checking”: true,
“use_basic_auth”: false,
“use_keyless”: false,
“use_oauth2”: false,
“auth”: {
“auth_header_name”: “”
},
“version_data”: {
“not_versioned”: true,
“versions”: {
“Default”: {
“name”: “Default”,
“expires”: “3000-01-02 15:04”,
“use_extended_paths”: true,
“extended_paths”: {
“ignored”: [],
“white_list”: [],
“black_list”: []
}
}
}
},
“proxy”: {
“listen_path”: “/api/”,
“target_url”: “http://localhost:8080/my_api/”,
“strip_listen_path”: true
},
“enable_batch_request_support”: false
}
Then I add a key:
curl --request POST -d @create.json -H “X-Tyk-Authorization: 352d20ee67be67f6340b4c0605b044b7” http://<my_ip>/tyk/keys/create
with create.json:
{
“allowance”: 999,
“rate”: 1000,
“per”: 60,
“expires”: 0,
“quota_max”: -1,
“quota_renews”: 1406121006,
“quota_remaining”: 0,
“quota_renewal_rate”: 60,
“org_id”: “posc_ndr”,
“hmac_enabled”: true,
“hmac_string”: “test_secret”
}
And the result:
{“key”:“test_api090d6c921dde4b557819c660853166f0”,“status”:“ok”,“action”:“create”}
So far, so good (I think).
And finally I want to call my API with curl, so I made that small bash script:
#!/bin/bash
date=“$(LC_ALL=C date -u +”%a, %d %b %Y %X %Z")"
ENCODED=echo -n "date:${date}" | openssl sha1 -binary -hmac "test_secret"|base64|sed -r 's/=/%3D/g'
echo $date
echo $ENCODED
curl -v --include -H “Date: ${date}” -H “Authorization: Signature keyId="test_api090d6c921dde4b557819c660853166f0",algorithm="hmac-sha1",signature="${ENCODED}"” ‘http://localhost:8081/api/v1/ndr?count=1&idDevice=7b1afb61-b23a-4d42-95e0-5432f9592c6e’
I’m not really sure how to calculate the signature.
And it’s always the same output:
Mon, 09 Feb 2015 12:50:46 UTC
nJLi0CeZugso89UpgE6lF14syQQ%3D
- About to connect() to localhost port 8081 (#0)
- Trying ::1… connected
- Connected to localhost (::1) port 8081 (#0)
GET /api/v1/ndr?count=1&idDevice=7b1afb61-b23a-4d42-95e0-5432f9592c6e HTTP/1.1
User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.14.0.0 zlib/1.2.3 libidn/1.18 libssh2/1.4.2
Host: localhost:8081
Accept: /
Date: Mon, 09 Feb 2015 12:50:46 UTC
Authorization: Signature keyId=“test_api090d6c921dde4b557819c660853166f0”,algorithm=“hmac-sha1”,signature=“nJLi0CeZugso89UpgE6lF14syQQ%3D”
< HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
< Content-Type: application/json
Content-Type: application/json
< X-Generator: tyk.io
X-Generator: tyk.io
< Date: Mon, 09 Feb 2015 12:50:46 GMT
Date: Mon, 09 Feb 2015 12:50:46 GMT
< Content-Length: 47
Content-Length: 47
<
{
“error”: “Request signature is invalid”
- Connection #0 to host localhost left intact
- Closing connection #0
And server-side:
INFO[0221] Request Signature: nJLi0CeZugso89UpgE6lF14syQQ=
INFO[0221] Should be: hMV2SFKzb++RS0fjRjhuehKlOjc=
INFO[0221] Request signature is invalid origin=[::1]:46611 path=/api/v1/ndr
I’m using the last version of Tyk.
Any idea ?
Thank you !