Java verifySignature is not working

Comments

3 comments

  • Avatar
    Daniel Mendoza

    If you are comparing the notification URL signature, you will need to use `NotificationRequestSignatureVerifier` instead. We have an example here:

    https://github.com/cloudinary/cloudinary_java/blob/97a54d2e02c441bb8b5b31a03ed48a52d3bad1d6/cloudinary-core/src/test/java/com/cloudinary/api/signing/NotificationRequestSignatureVerifierTest.java#L11-L20

    Let me know if this helps.

    0
    Comment actions Permalink
  • Avatar
    CloudAccount WARDA

    Hi Daniel,

     

    I tried to use the NotificationRequestSignatureVerifier class but I'm still getting issue when using the validation.

     

    Here some detail about it:
    Json that I'm receiving:
    {

      "notification_type" : "upload",
      "timestamp" : "2022-05-19T10:41:16+00:00",
      "request_id" : "1178b88ce5f9c4ba4aee963b88f7d053",
      "asset_id" : "bed8fd5b357ce2a2187b0ced8a381400",
      "public_id" : "dev/seecommerce/original/0L7mvEyyQqdNdAk0-111-B",
      "version" : 1652956874,
      "version_id" : "3a4275cc5e70d23e30d88b0d507104a9",
      "width" : 1969,
      "height" : 2953,
      "format" : "jpg",
      "resource_type" : "image",
      "created_at" : "2022-05-19T10:41:14Z",
      "tags" : [
      ],
      "bytes" : 1436915,
      "type" : "upload",
      "etag" : "19eae0b54db0c95efb777550e8906773",
      "placeholder" : false,
      "url" : "http://res.cloudinary.com/test-seecommerce/image/upload/v1652956874/dev/seecommerce/original/0L7mvEyyQqdNdAk0-111-B.jpg",
      "secure_url" : "https://res.cloudinary.com/test-seecommerce/image/upload/v1652956874/dev/seecommerce/original/0L7mvEyyQqdNdAk0-111-B.jpg",
      "folder" : "dev/seecommerce/original",
      "access_mode" : "public",
      "original_filename" : "39a590ee-087d-42fc-a118-f336bc7c08f9"
    }

    The timestamp: 1652956879

    The signature: 10587ecf4d87fa9bec132a85ba7ecffddcc7f2fd

     

    With my secretKey, when I'm using the following Snipped (it's Scala code but It should be easy to understand):

    signatureVerifier <- ZIO.effect(new NotificationRequestSignatureVerifier(cloudinaryAccount.apiSecret.value))
    result <- ZIO.effect(signatureVerifier.verifySignature(body, timestamp, signature))

    I'm getting false as result.
    Am I wrong something? Thanks for the help

     

    Best regards

    0
    Comment actions Permalink
  • Avatar
    Francis Tagbo

    Hi there,

    I tried to generate a signature from the data you provided and I was able to get the same value "10587ecf4d87fa9bec132a85ba7ecffddcc7f2fd".

    Are you using some library to parse the response? I think the issue is the spaces and new lines on the body of the response. You could try to use this in the params to sign:

    {"notification_type":"upload","timestamp":"2022-05-19T10:41:16+00:00","request_id":"1178b88ce5f9c4ba4aee963b88f7d053","asset_id":"bed8fd5b357ce2a2187b0ced8a381400","public_id":"dev/seecommerce/original/0L7mvEyyQqdNdAk0-111-B","version":1652956874,"version_id":"3a4275cc5e70d23e30d88b0d507104a9","width":1969,"height":2953,"format":"jpg","resource_type":"image","created_at":"2022-05-19T10:41:14Z","tags":[ ],"bytes":1436915,"type":"upload","etag":"19eae0b54db0c95efb777550e8906773","placeholder":false,"url":"http://res.cloudinary.com/test-seecommerce/image/upload/v1652956874/dev/seecommerce/original/0L7mvEyyQqdNdAk0-111-B.jpg","secure_url":"https://res.cloudinary.com/test-seecommerce/image/upload/v1652956874/dev/seecommerce/original/0L7mvEyyQqdNdAk0-111-B.jpg","folder":"dev/seecommerce/original","access_mode":"public","original_filename":"39a590ee-087d-42fc-a118-f336bc7c08f9"}

    Let me know how it goes.

    Regards,
    Francis

    0
    Comment actions Permalink

Please sign in to leave a comment.