Java verifySignature is not working
Hello to everyone, I'm using the Java SDK Cloudinary Client to implement the async upload using the `uploadLarge` method.
When Cloudinary is calling me back using the notification endpoint I provided I'm using the following snipped to validate the request signature:
ApiResponseSignatureVerifier signatureVerifier = new ApiResponseSignatureVerifier(cloudinaryAccount.apiSecret.value));
signatureVerifier.verifySignature(body, timestamp, signature);
But the verifySignature seems to returns always false, What Am i missing?
I tried also to use the
NotificationRequestSignatureVerifier
class, but I-m getting the same result.
I'm reading the timestamp param from the `X-Cld-Timestamp` header and the signature param from the `X-Cld-Signature` param.
Am I wrong something?
-
If you are comparing the notification URL signature, you will need to use `NotificationRequestSignatureVerifier` instead. We have an example here:
https://github.com/cloudinary/cloudinary_java/blob/97a54d2e02c441bb8b5b31a03ed48a52d3bad1d6/cloudinary-core/src/test/java/com/cloudinary/api/signing/NotificationRequestSignatureVerifierTest.java#L11-L20
Let me know if this helps. -
Hi Daniel,
I tried to use the NotificationRequestSignatureVerifier class but I'm still getting issue when using the validation.
Here some detail about it:
Json that I'm receiving:
{"notification_type" : "upload",
"timestamp" : "2022-05-19T10:41:16+00:00",
"request_id" : "1178b88ce5f9c4ba4aee963b88f7d053",
"asset_id" : "bed8fd5b357ce2a2187b0ced8a381400",
"public_id" : "dev/seecommerce/original/0L7mvEyyQqdNdAk0-111-B",
"version" : 1652956874,
"version_id" : "3a4275cc5e70d23e30d88b0d507104a9",
"width" : 1969,
"height" : 2953,
"format" : "jpg",
"resource_type" : "image",
"created_at" : "2022-05-19T10:41:14Z",
"tags" : [
],
"bytes" : 1436915,
"type" : "upload",
"etag" : "19eae0b54db0c95efb777550e8906773",
"placeholder" : false,
"url" : "http://res.cloudinary.com/test-seecommerce/image/upload/v1652956874/dev/seecommerce/original/0L7mvEyyQqdNdAk0-111-B.jpg",
"secure_url" : "https://res.cloudinary.com/test-seecommerce/image/upload/v1652956874/dev/seecommerce/original/0L7mvEyyQqdNdAk0-111-B.jpg",
"folder" : "dev/seecommerce/original",
"access_mode" : "public",
"original_filename" : "39a590ee-087d-42fc-a118-f336bc7c08f9"
}The timestamp: 1652956879
The signature: 10587ecf4d87fa9bec132a85ba7ecffddcc7f2fd
With my secretKey, when I'm using the following Snipped (it's Scala code but It should be easy to understand):
signatureVerifier <- ZIO.effect(new NotificationRequestSignatureVerifier(cloudinaryAccount.apiSecret.value))
result <- ZIO.effect(signatureVerifier.verifySignature(body, timestamp, signature))I'm getting false as result.
Am I wrong something? Thanks for the helpBest regards
-
Hi there,
I tried to generate a signature from the data you provided and I was able to get the same value "10587ecf4d87fa9bec132a85ba7ecffddcc7f2fd".
Are you using some library to parse the response? I think the issue is the spaces and new lines on the body of the response. You could try to use this in the params to sign:
{"notification_type":"upload","timestamp":"2022-05-19T10:41:16+00:00","request_id":"1178b88ce5f9c4ba4aee963b88f7d053","asset_id":"bed8fd5b357ce2a2187b0ced8a381400","public_id":"dev/seecommerce/original/0L7mvEyyQqdNdAk0-111-B","version":1652956874,"version_id":"3a4275cc5e70d23e30d88b0d507104a9","width":1969,"height":2953,"format":"jpg","resource_type":"image","created_at":"2022-05-19T10:41:14Z","tags":[ ],"bytes":1436915,"type":"upload","etag":"19eae0b54db0c95efb777550e8906773","placeholder":false,"url":"http://res.cloudinary.com/test-seecommerce/image/upload/v1652956874/dev/seecommerce/original/0L7mvEyyQqdNdAk0-111-B.jpg","secure_url":"https://res.cloudinary.com/test-seecommerce/image/upload/v1652956874/dev/seecommerce/original/0L7mvEyyQqdNdAk0-111-B.jpg","folder":"dev/seecommerce/original","access_mode":"public","original_filename":"39a590ee-087d-42fc-a118-f336bc7c08f9"}Let me know how it goes.
Regards,
Francis
Post is closed for comments.
Comments
3 comments