How to validate http digital signature on azure api management

Claudio Resende 221 Reputation points
2022-06-18T07:01:46.837+00:00

I wanted to validate http digital signature with a certificate using azure api management
To be more specific I want to achieve that https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures-10
The client would send something like that :
#!bin/bash

clientId="clientId" # client_id as provided in the documentation  
certPath="/certs/" # path of the downloaded certificates and keys  
httpHost="https:/myHost"  
  
  
httpMethod="post"  
reqPath="/hellow/world"  
  
#  DIGEST  
payload="{'anyJsonKey':'anyJsonKey'}"  
payloadDigest=`echo -n "$payload" | openssl dgst -binary -sha256 | openssl base64`  
digest=SHA-256=$payloadDigest  
  
# CALCULATE DATE  
reqDate=$(LC_TIME=en_US.UTF-8 date -u "+%a, %d %b %Y %H:%M:%S GMT")  
  
signingString="(request-target): $httpMethod $reqPath  
date: $reqDate  
digest: $digest"  
  
signature=`printf %s "$signingString" | openssl dgst -sha256 -sign "${certPath}example_client_signing.key" -passin "pass:changeit" | openssl base64 -A`  
  
curl -i -X POST "${httpHost}${reqPath}" \  
-H 'Accept: application/json' \  
-H 'Content-Type: application/json' \  
-H "Digest: ${digest}" \  
-H "Date: ${reqDate}" \  
-H "Signature: keyId=\"$clientId\",algorithm=\"rsa-sha256\",headers=\"(request-target) date digest\",signature=\"$signature\"" \  
-d "${payload}" \  
--cert "${certPath}example_client_tls.cer" \  
--key "${certPath}example_client_tls.key"  
  
  
Azure API Management
Azure API Management
An Azure service that provides a hybrid, multi-cloud management platform for APIs.
2,122 questions
0 comments No comments
{count} votes

Accepted answer
  1. JananiRamesh-MSFT 27,176 Reputation points
    2022-07-11T18:12:45.17+00:00

    Hi @Claudio Resende Thanks for reaching out. From the description I understand that you wanted to validate http digital signature with a certificate in Azure APIM, this can be achieved by writing c# logic in apim policy. please refer the supporting classes and policy expressions here https://learn.microsoft.com/en-us/azure/api-management/api-management-policy-expressions

    let me know incase of further queries, I would be glad to assist you.

    0 comments No comments

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.