cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
mwilliams1
Level 3

decrypting signed_access_request response

Jump to solution

I am trying to use the signed_access_request endpoint of the cloud licensing server. It is working and returning me a json object with encrypted values. However, I am unable to decrypt them. I am attempting to follow along with CMAPI_UsersGuid chapter 4 "Sample Implementation for Validating Responses" but am getting "ValueError: Could not deserialize key data".

I suspect that I don't have the public key setup correctly for this example code. When I ran my post to rest_licensing_keys, and later a get as well, I got back a json response

{
"publicKey": "VALUE REDACTED"
}

What format is VALUE in? How do I need to convert it to a pem file for the script used in chapter 4?

Thanks for your help.

0 Kudos
(1) Solution
jberthold
Revenera Moderator Revenera Moderator
Revenera Moderator

Hi @mwilliams1 ,

The GET on the /rest_licensing keys endpoint will provide you with the public key that you will used to authenticate the signed responses from server.  You should see something similar to:

ServerPublicKey.jpg

You will need to save this public key in .pem format which has begin and end public key header and footer tags like the following example:

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlABN/iA0so2u/dd0iPmqrZfL53yHst99cSjHa8qHAMpXdPJuyHLWuvUtTsOkuv0kimlSe/+6zYS/Fs77gGeWiTmJ3a3yrQMkTzImEOMvelAzt89R3gjiuvqRn+4yzAZ6dYGII93SaFCpidBET3IQigTurtwZn/2f3iAwi+FedBSf1XeAjnyGbvgQLljQc3bkGSo/iC5Cgs7nnn+HAVMQAwk25hF3eyZywj9RPgKyCMFwRoiguZKUHiV/SuEfhPaENFxJoaTB019N7CQBnodHP63K1uJG5jjNniIdt4CiF/8qaLNoRQpF6haY0v+u+/ZJnkJygKGMlhGNPJssbQujzwIDAQAB
-----END PUBLIC KEY-----

Let's call this file public.pem

You then perform your signed access request and get a response similar to:

{
    "header": "ewogICJraWQiIDogMTYwMjE2ODYzMjAwMwp9",
    "payload": "ewogICJyZXF1ZXN0SG9zdElkIiA6IHsKICAgICJ2YWx1ZSIgOiAiSkJlcnRob2xkIiwKICAgICJ0eXBlIiA6ICJVU0VSIgogIH0sCiAgImZlYXR1cmVzIiA6IFsgewogICAgIm5hbWUiIDogIkYxIiwKICAgICJ2ZXJzaW9uIiA6ICIxLjAiLAogICAgImNvdW50IiA6IDEsCiAgICAiZXhwaXJlcyIgOiAiMjAyMC0xMS0xNlQyMjo1Mzo1OC4wMDBaIiwKICAgICJmaW5hbEV4cGlyeSIgOiAiMjAyMy0xMC0wNSIsCiAgICAidmVuZG9yU3RyaW5nIiA6ICIyMmI1LTBkNmYtZTIwOC00NGFiLWIxZjktYjRkYy1jMmQwLTA0ZjciCiAgfSBdLAogICJzdGF0dXNMaXN0IiA6IFsgXQp9",
    "signature": "Czf_cQIXSw2-5_9C8-veoWavv_xbLNSgYaeqsyBWkaGFr6vhhHDVO5SVIoA2FTdMtmZiOYm14sxHWFDOcz-3EPmkN_FQfLdjP96ZH8JlFqVxhGi4V-s7PHM92wBZy2BaHkqlLmWWgbcUug29R23VrNokw4FZpVacxofR73ZSP-LJ-xRrLQWO72j1kXl2Nh14s2ZUzD76EJWE585-Vr57uZp0HhZ7IhwdpHPS5RMLdlRr279I3hLE3yCLxuLoWJOustuwudF4bztr8JwOBMy8Bsz6qbm2NJC6nyz3mQTlGrzp66c3Bxr42SOzOdt_ezsdsdEKqtgHB7uI7wKBvG7WhQ",
    "protected": "ewogICJhbGciIDogIlJTMjU2Igp9"
}

Save this response to a file, let's call it response.json

Now you should be able to run the python example code to validate the response.  Let's call the script Validate.py

python .\Validate.py .\public.pem .\response.json

In my case the raw output is: 

b'{\n "requestHostId" : {\n "value" : "JBerthold",\n "type" : "USER"\n },\n "features" : [ {\n "name" : "F1",\n "version" : "1.0",\n "count" : 1,\n "expires" : "2020-11-16T22:53:58.000Z",\n "finalExpiry" : "2023-10-05",\n "vendorString" : "22b5-0d6f-e208-44ab-b1f9-b4dc-c2d0-04f7"\n } ],\n "statusList" : [ ]\n}'

Hope that helps.

Thanks,

Jim

View solution in original post

0 Kudos
(3) Replies
jberthold
Revenera Moderator Revenera Moderator
Revenera Moderator
0 Kudos
jberthold
Revenera Moderator Revenera Moderator
Revenera Moderator

Hi @mwilliams1 ,

The GET on the /rest_licensing keys endpoint will provide you with the public key that you will used to authenticate the signed responses from server.  You should see something similar to:

ServerPublicKey.jpg

You will need to save this public key in .pem format which has begin and end public key header and footer tags like the following example:

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlABN/iA0so2u/dd0iPmqrZfL53yHst99cSjHa8qHAMpXdPJuyHLWuvUtTsOkuv0kimlSe/+6zYS/Fs77gGeWiTmJ3a3yrQMkTzImEOMvelAzt89R3gjiuvqRn+4yzAZ6dYGII93SaFCpidBET3IQigTurtwZn/2f3iAwi+FedBSf1XeAjnyGbvgQLljQc3bkGSo/iC5Cgs7nnn+HAVMQAwk25hF3eyZywj9RPgKyCMFwRoiguZKUHiV/SuEfhPaENFxJoaTB019N7CQBnodHP63K1uJG5jjNniIdt4CiF/8qaLNoRQpF6haY0v+u+/ZJnkJygKGMlhGNPJssbQujzwIDAQAB
-----END PUBLIC KEY-----

Let's call this file public.pem

You then perform your signed access request and get a response similar to:

{
    "header": "ewogICJraWQiIDogMTYwMjE2ODYzMjAwMwp9",
    "payload": "ewogICJyZXF1ZXN0SG9zdElkIiA6IHsKICAgICJ2YWx1ZSIgOiAiSkJlcnRob2xkIiwKICAgICJ0eXBlIiA6ICJVU0VSIgogIH0sCiAgImZlYXR1cmVzIiA6IFsgewogICAgIm5hbWUiIDogIkYxIiwKICAgICJ2ZXJzaW9uIiA6ICIxLjAiLAogICAgImNvdW50IiA6IDEsCiAgICAiZXhwaXJlcyIgOiAiMjAyMC0xMS0xNlQyMjo1Mzo1OC4wMDBaIiwKICAgICJmaW5hbEV4cGlyeSIgOiAiMjAyMy0xMC0wNSIsCiAgICAidmVuZG9yU3RyaW5nIiA6ICIyMmI1LTBkNmYtZTIwOC00NGFiLWIxZjktYjRkYy1jMmQwLTA0ZjciCiAgfSBdLAogICJzdGF0dXNMaXN0IiA6IFsgXQp9",
    "signature": "Czf_cQIXSw2-5_9C8-veoWavv_xbLNSgYaeqsyBWkaGFr6vhhHDVO5SVIoA2FTdMtmZiOYm14sxHWFDOcz-3EPmkN_FQfLdjP96ZH8JlFqVxhGi4V-s7PHM92wBZy2BaHkqlLmWWgbcUug29R23VrNokw4FZpVacxofR73ZSP-LJ-xRrLQWO72j1kXl2Nh14s2ZUzD76EJWE585-Vr57uZp0HhZ7IhwdpHPS5RMLdlRr279I3hLE3yCLxuLoWJOustuwudF4bztr8JwOBMy8Bsz6qbm2NJC6nyz3mQTlGrzp66c3Bxr42SOzOdt_ezsdsdEKqtgHB7uI7wKBvG7WhQ",
    "protected": "ewogICJhbGciIDogIlJTMjU2Igp9"
}

Save this response to a file, let's call it response.json

Now you should be able to run the python example code to validate the response.  Let's call the script Validate.py

python .\Validate.py .\public.pem .\response.json

In my case the raw output is: 

b'{\n "requestHostId" : {\n "value" : "JBerthold",\n "type" : "USER"\n },\n "features" : [ {\n "name" : "F1",\n "version" : "1.0",\n "count" : 1,\n "expires" : "2020-11-16T22:53:58.000Z",\n "finalExpiry" : "2023-10-05",\n "vendorString" : "22b5-0d6f-e208-44ab-b1f9-b4dc-c2d0-04f7"\n } ],\n "statusList" : [ ]\n}'

Hope that helps.

Thanks,

Jim

0 Kudos
Thank you!
As an aside, I think you guys should update your example in this section to add an exp in the JWT we generate.
0 Kudos