I wanted to validate http digital signature with a certificate using azure api management
To be more specific I want to achieve that https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures-10
The client would send something like that :
#!bin/bash
clientId="clientId" # client_id as provided in the documentation
certPath="/certs/" # path of the downloaded certificates and keys
httpHost="https:/myHost"
httpMethod="post"
reqPath="/hellow/world"
# DIGEST
payload="{'anyJsonKey':'anyJsonKey'}"
payloadDigest=`echo -n "$payload" | openssl dgst -binary -sha256 | openssl base64`
digest=SHA-256=$payloadDigest
# CALCULATE DATE
reqDate=$(LC_TIME=en_US.UTF-8 date -u "+%a, %d %b %Y %H:%M:%S GMT")
signingString="(request-target): $httpMethod $reqPath
date: $reqDate
digest: $digest"
signature=`printf %s "$signingString" | openssl dgst -sha256 -sign "${certPath}example_client_signing.key" -passin "pass:changeit" | openssl base64 -A`
curl -i -X POST "${httpHost}${reqPath}" \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-H "Digest: ${digest}" \
-H "Date: ${reqDate}" \
-H "Signature: keyId=\"$clientId\",algorithm=\"rsa-sha256\",headers=\"(request-target) date digest\",signature=\"$signature\"" \
-d "${payload}" \
--cert "${certPath}example_client_tls.cer" \
--key "${certPath}example_client_tls.key"