Cirrususe irule to digitally sign
Hello everyone, I have a request like this:
{
"Data": "eyJVc2VyTmFtZSI6ImVjdXN0b21zIiwiUGdCJ9"
}
Here is the body when calling on F5.
Add Sign to call the server as follows:
{
"Data": "eyJVc2VyTmFtZSI6ImVjdXN0b21zIiwiUGdCJ9",
"Signature": {
"Sign": {
"Signature_Value": "B35uPWwF9ujq1zXbpsU3xFYPPI78nmqRagGG3p8yqVn+lDqNstTH3BewfA3SN8g=",
"Key_Info": "iZPyLGQBGRYDRklTMREwDwYDVQQjETMBEGCgmSJomT8ixkARkWA0ZJUzERMA8GA1UEAxMIRUNVU1RPTVOCEEX/rIy8omGgS98InicxkpIwDQYJKoZIhvcNAQEEBQADgYEA"
}
}
}
- The algorithm is as follows
hash data with SHA256 then encrypt RSA with private key -> return 1 signature string + file cer (public key)
- I consulted from Kai_Wilke and write irule similar to this, but it doesn't work.
when RULE_INIT {
set static::max_payload_size "1048576" ;
set pub_key "NRLtULvKDtRjzevpNPz/BRDfTRKh9i
2n6rg+65jcOSeJb\nu7iqwKw6EWx1+7nUkiQqbJ2RXb
Ak/wYh4hIkS0stdJki\nlFLgce6uhmwHfsAUb1+s/OBnG
XcdxKMjWQd6b6Y2QZWttWYddcuS\n"
set pri_key "X7udSSJCpsnZFdv7CFqeqHPrUshldx
MdIzoCT/BiHiEiRLSy10mSKUUuODJvkh8toFfnacRja1c/
hMY319+Ax/cQXQR94/YGyz5qoK5S7Io8sCtyo0zf+IdLR
WpsUC6bJI8TezKMvtXnGUcWLVUESH777PPWurtuN2m
WKAw3i2XO/DXI6jdXIdccjEFkoxDb6mjpPL1ARat
uOXVc6yOnTXqA/+vS3nI+hOEQp6KtRD/D6Btv2GZ8W"
}
when HTTP_REQUEST {
if { ( [string tolower [HTTP::path]] equals "/api/xxxx/yyyy" )
and ( [HTTP::method] equals "POST")
and ( [HTTP::header value "Content-Length"] ne "" )
and ( [HTTP::header value "Content-Length"] < $static::max_payload_size ) } then {
HTTP::collect [HTTP::header value "Content-Length"]
}
}
when HTTP_REQUEST_DATA {
set temp(data) [HTTP::payload]
set temp(hash_data) [CRYPTO::hash -alg sha256 $temp(data) ]
set temp(enc_data) [CRYPTO::encrypt -alg RSA -key $pri_key $temp(hash_data) ]
set temp(new_payload) "[string trimright [HTTP::payload] "\}"],\"Signature_Value\":\"$temp(enc_data)\"\,\"Key_info\":\"$pub_key\"\}"
HTTP::payload replace 0 [HTTP::payload length] $temp(new_payload)
unset -nocomplain temp
}
What do I need to change here?
Any and all help is appreciated. Thanks you
