Unable to get a proper authentication header

[chirag-jn]

Hi. I am using tools from cryptic-utils.py

sign_response

def sign_response(signing_string):
    ondc_settings = ONDCSettings.load()
    private_key64 = base64.b64decode(ondc_settings.signing_private_key)
    seed = crypto_sign_ed25519_sk_to_seed(private_key64)
    signer = SigningKey(seed)
    signed = signer.sign(bytes(signing_string, encoding='utf8'))
    signature = base64.b64encode(signed.signature).decode()
    return signature

create_authorisation_header

def create_authorisation_header(request_body=None, created=None, expires=None):
    created = int(datetime.datetime.now().timestamp()) if created is None else created
    expires = int((datetime.datetime.now() + datetime.timedelta(hours=1)).timestamp()) if expires is None else expires

    ondc_settings = ONDCSettings.load()

    signing_key = create_signing_string(hash_message(json.dumps(request_body, separators=(',', ':'))),
                                        created=created, expires=expires)
    signature = sign_response(signing_key)

    header = f'Signature keyId="{ondc_settings.subscriber_id}|{ondc_settings.unique_key_id}|ed25519",algorithm="ed25519",created=' \
             f'"{created}",expires="{expires}",headers="(created) (expires) digest",signature="{signature}"'

    return header

verify_response

def verify_response(signature, signing_key):
    ondc_settings = ONDCSettings.load()

    try:
        public_key64 = base64.b64decode(ondc_settings.signing_public_key)
        signature = base64.b64decode(signature)
        VerifyKey(public_key64).verify(bytes(signing_key, 'utf8'), signature)
        return True, eval(signature.decode('utf8'))
    except Exception as e:
        print(e)
        return False, ''

verify_authorisation_header

def verify_authorisation_header(auth_header, request_body_str):

    header_parts = get_filter_dictionary_or_operation(auth_header.replace("Signature ", ""))
    created = int(header_parts['created'])
    expires = int(header_parts['expires'])
    current_timestamp = int(datetime.datetime.now().timestamp())

    if created <= current_timestamp <= expires:
        signing_key = create_signing_string(hash_message(request_body_str), created=created, expires=expires)  # same function used for creating the header

        return verify_response(header_parts['signature'], signing_key), header_parts['signature']
    else:
        return False, ''

Whenever I trigger the following set of code:

def verify_auth(self, request):
    header = create_authorisation_header(request.data)
    verify_authorisation_header(header, json.dumps(request.data, separators=(',', ':')))

I always end up with the following error:
'utf-8' codec can't decode byte 0xec in position 2: invalid continuation byte

It would be really helpful if someone can help here to let me know if I am going wrong somewhere.

[chirag-jn]

The UKID, subscriber_id, public/private key are the ones shared in staging on_subscribe service and my subscriber_id comes when I do a lookup too.

[chirag-jn]

This is ONDCSettings just in case

class ONDCSettings(SingletonModel):
    subscriber_id = models.CharField(max_length=64, null=True, blank=True)
    subscriber_url = models.URLField(null=True, blank=True)
    unique_key_id = models.CharField(max_length=64, null=True, blank=True)

    signing_public_key = models.CharField(max_length=128, null=True, blank=True)
    signing_private_key = models.CharField(max_length=128, null=True, blank=True)
    encryption_public_key = models.CharField(max_length=128, null=True, blank=True)
    encryption_private_key = models.CharField(max_length=128, null=True, blank=True)

[pratik-mazumdar]

Hey Chirag it seems that you are doing your own implementation, if their is some issue with utility that I can help with do let me know.

[chirag-jn]

It's not my own implementation. The functions are same as the one in cryptic_utils.py, with a difference in how keys are fetched.

[chirag-jn]

I was doing a typo.