Trying to integrate with partner from CA API gateway 8.2.01 rest service but the partner requested me to follow below steps:
1. Generate a RSA key pair (public key and private key).
2. Share the generated public key with the partner.
3. Create signature by signing with the help of generated private key and json request (which gateway supposed to send to the partner) as input.
4. Send the created signature (base64encoded) as part of json request.
5. Once response is received from the partner validate the signature with the help of partner's public key.
.I am able to create 2048 RSA key pair using some key generator tool but need to know whether gateway can create the signature using the generated RSA private key? Also whether gateway can validate the signature sent by the partner along with the response?
It seems like partner is using java to follow the above method.
Sample request with signature:
{"request":{"head":{"version":"8.2.1",},"body":{"productCode":"123456"}},"signature":"OcZJDbwMEDULpWp7uPSdDCRfrvV+t2r4XvUP4Bxh98O94fbXEdNBHX10PzWrDbZf5tsFdKLT+oWtNHC1eU8uB0S2T7jgfq9pspXTtOwmP6clOprelYVOrJwuWC0yz5UWG8IOyxVQ9wZs5z5H8b3XZTwr3D4rJ3NPI5xasWFrTzVnFPl8OOL2CeT5AoH0RZ+K1WfNpEOI/o9vkKbNIALWRXMa0R5EQOYs6wbBC4TaILhPkF9mfpDOqG9ty3x5LpK6L1RhlQT3h9XgxNxNGkMuUJbfmkWlVNf56zsCbsN7cPGsnVWTaw4ScvWanvx54rQOdO12x/PLkyR/IOprhBdMNQ=="}
Again, listing out the questions below:
1. Whether gateway can create the signature using the generated RSA private key?
2. Whether gateway can validate the signature sent by the partner along with the response?
3. Any custom assertion will work?
Additional note: I guess above method is nothing to do with ssl, certificate, etc.
Thank you!