I have a webhook that sends a header, which needs to be verified. Below are some details: Problem : The Java method always returns false. The provided header and body are correct and should result as TRUE. As per docs from the provider : Signature = Base64(RSA512(WEBHOOK_PRIVATE_KEY, SHA512(eventBody))) Public Key : Header : RequestBody: Java method that’s called when webhook
Tag: java-security
How to disable Host name verification for nimbus JWKS ResourceRetriever
First I was using ‘DefaultResourceRetriever’ without any configuration like this : and then I got the following exception To by pass certificate check I have configured the resource retriever like below; But it doesn’t changed anything. I could set Hostname verifier to SSLConnectionSocketFactory like this: new SSLConnectionSocketFactory(sslContext, new NoopHostnameVerifier()) But nimbus ResourceRetriever only accept SSLSocketFactory as a parameter. Is there
how to construct a java.security.interfaces.RSAPublicKey?
I have the following string, which I understand to be an RSA public key: I need to construct a java.security.interfaces.RSAPublicKey from this string. First I tried calling RSAPublicKeyImpl.newKey(myString.getBytes(StandardCharsets.UTF_8)), but that threw the following exception: Then, following an online guide, I tried this code instead: That threw a very similar exception, just wrapped in another one. Am I missing something obvious
How to selectively use approved-only mode with BouncyCastle JSSE provider + FIPS provider?
In a small piece of sample code running on Java 8, I’m trying to follow the advice from the bc-fips-1.0.2.jar user guide, Legion of the Bouncy Castle Inc. BC-FJA 1.0.2 (Bouncy Castle FIPS Java API) User Guide Date: 09/14/19: Note: support for FIPS mode appears to have started disappearing with Java 1.9, it has been confirmed that it is a