Showing posts with label Public Private Key. Show all posts
Showing posts with label Public Private Key. Show all posts

Wednesday, May 24, 2017

PHP - Sign Request Data With OpenSSL Private Key Pair

Below is a PHP code snippet to sign request data with OpenSSL private key. It's used to handshake with server to communicate with the server.

function signRequestParams($options)
{
    $private_key = openssl_pkey_get_private(readServerFile("./XeroCerts/privatekey.pem"));
    $sbs = escapeUrlEntity(normalizeParameters($options));
    openssl_sign($sbs, $signature, $private_key);
    openssl_free_key($private_key);
    return base64_encode($signature);
}

function readServerFile($file_path)
{
    $fp = fopen($file_path, "r");
    $file_contents = fread($fp, 8192);
    fclose($fp);
    return $file_contents;
}

function normalizeParameters($parameters)
{
    $elements = array();
    ksort($parameters);
    foreach ($parameters as $paramName => $paramValue) {
        /* If name contains "be_ignored" will be ignored */
        if (preg_match('/be_ignored/', $paramName))
            continue;
        if (is_array($paramValue)) {
            sort($paramValue);
            foreach ($paramValue as $element)
                array_push($elements, escapeUrlEntity($paramName) . '=' . escapeUrlEntity($element));
            continue;
        }
        array_push($elements, escapeUrlEntity($paramName) . '=' . escapeUrlEntity($paramValue));
    }
    return join('&', $elements);
}

function escapeUrlEntity($string)
{
    if ($string === 0)
        return 0;
    if (empty($string))
        return '';
    if (is_array($string))
        throw new Exception('Array passed to escapeUrlEntity');

    $string = rawurlencode($string);
    $string = str_replace('+', '%20', $string);
    $string = str_replace('!', '%21', $string);
    $string = str_replace('*', '%2A', $string);
    $string = str_replace('\'', '%27', $string);
    $string = str_replace('(', '%28', $string);
    $string = str_replace(')', '%29', $string);
    return $string;
}

$options = array(
    "card.PAN" => "4564710000000004",
    "card.CVN" => "847",
    "card.expiryMonth" => "12",
    "card.expiryYear" => "20"
);

$signature = signRequestParams($options);
echo "Signature=$signature";

Output will be as below:

Signature=UC/uRPTaNxMV02a9I/KlWL/BA8..............6Fx1hjEYHWXN0U=

How to sign string as well sign request body with public key using Java

Below is a code snippet which will sign your request using Public key.


package com.pkm.src;

import Base64OutputStream;
import IOUtil;

import javax.crypto.Cipher;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.FileInputStream;
import java.security.MessageDigest;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;

/**
 * Created by pritom on 24/05/2017.
 */
public class SignatureSigner {
    public static void main(String[] args) throws Exception {
        String certificateFile = ".....\\publickey.cer";
        String requestBody = "Param1=Value_Of_Param1&Param2=Value_Of_param2";
        String signature = encodeRSASHA1(certificateFile, requestBody);
        System.out.println("Signature=" + signature);
    }

    protected static String encodeRSASHA1(String certificateFile, String requestBody) throws Exception {
        FileInputStream certIn1 = new FileInputStream(certificateFile);
        CertificateFactory e = CertificateFactory.getInstance("X509");
        X509Certificate myCertificate = (X509Certificate) e.generateCertificate(certIn1);

        MessageDigest hashGen = MessageDigest.getInstance("SHA1");
        byte[] hash = hashGen.digest(requestBody.getBytes("UTF-8"));
        Cipher rsa = Cipher.getInstance("RSA/ECB/PKCS1Padding");
        rsa.init(1, myCertificate);
        byte[] signature = rsa.doFinal(hash);

        ByteArrayInputStream sigIn = new ByteArrayInputStream(signature);
        ByteArrayOutputStream sigOut = new ByteArrayOutputStream();
        Base64OutputStream base64Out = new Base64OutputStream(sigOut, "");
        IOUtil.copy(sigIn, base64Out);
        base64Out.close();
        return new String(sigOut.toByteArray(), "US-ASCII");
    }
}

Which will output as below:

Signature=7GNccit4cY+rs4t/S0WBv.........+w1rYdiEO8PxuR3SQ=

Friday, May 5, 2017

Create public/private key pair using OAuth RSA-SHA1 method on Windows with OpenSSL

Download OpenSSL from http://slproweb.com/products/Win32OpenSSL.html
And install on your machine.

Or you can download light version from windows 32 bit from here.
Or you can download light version from windows 64 bit from here.

Open Command Prompt as Administrator and navigate to "C:\OpenSSL-Win32\bin". (Assumed that in that location your openssl installed)

Now execute the following three commands:

openssl genrsa -out privatekey.pem 1024

set OPENSSL_CONF=C:/OpenSSL-Win32/bin/openssl.cfg [It may  be .cfg or .cnf, check your bin directory]

openssl req -new -x509 -key privatekey.pem -out publickey.cer -days 1825

Below are two screen-shots: