PKI Authentication API

Authentication function that verify username and PKI signature. User has to request a random before call this function. The random value is then being signed and sends to CENTAGATE Cloud for verification.

Below is the URL to access the API functions:

POST /v2/CentagateWS/webresources/auth/authPkiWithSignature

Parameters

No	Parameters	Occurence	Description
1	username	Required	Registered Username in CENTAGATE Cloud
2	CertFingerprintSha1	Required	The User’ Certificate Fingerprint Is Encoded Using SHA1 And The Result Is Encoded Into Hexadecimal Value. This Is The Certificate That Is Used To Sign The Random String
3	Signature	Required	Perform Signature (SHA1WithRSA) On The Random String. The Result Is Encoded In Base64.
4	integrationKey	Required	Integration Key Of The App That The User Wants To Authenticate
5	unixTimestamp	Required	Current Time in UnixTimestamp
6	supportFido	Optional	FIDO Authentication Option, Pass True To Enable And False To Disable. Or Leave It Empty
7	ipAddress	Optional	IP Address From Where The Authentication Request Is Originated.
8	userAgent	Optional	Platform Information Of Authentication Request Is Made Of.
9	browserFp	Optional	Brower Fingerprint
10	hmac	Required	Hmac Generated From Combination (Username + CertFingerprintSha1 + Signature + AuthToken + UserAgent + IntegrationKey + SupportFido + BrowserFp + UnixTimeStamp + IpAddress) Using Secretkey (Can Be Obtained From The App Page) As The Key.

Sample Code

As in below there are some examples of source code of access the API functions:

Java

Node Js

PHP

Java

public static void main(String[] args) {

	ClientConfig config = new DefaultClientConfig ();
	Client client = Client.create ( config );
	WebResource service = client.resource ("https://<domain_name>/v2/CentagateWS/webresources");
			
	Gson gson = new Gson();
			
	String hmac = convertHmacSha256("secretkey","username" + "certFingerprintSha1" + "signature" + "authToken" + "integrationKey" + "unixTimestamp" + "supportFido" + "ipAddress" + "userAgent" + "browserFp");

	HashMap<String, String> map = new HashMap<String, String>();
	map.put("username", "username");
	map.put("certFingerprintSha1", "certFingerprintSha1");
	map.put("signature", "signature");
	map.put("authToken", "authToken");
	map.put("integrationKey", "integrationKey");
	map.put("unixTimestamp", "unixTimeStamp");
	map.put("ipAddress", "ipAddress"); 
	map.put("userAgent", "userAgent"); 
	map.put("browserFp", "browserFp"); 
	map.put("supportFido", ""); 
	map.put("hmac", hmac); 

	ClientResponse response = service.path ("auth").path("authPkiWithSignature").accept(MediaType.APPLICATION_JSON).post(ClientResponse.class, gson.toJson(map));
				
	String retJson = response.getEntity(String.class);

	HashMap<String, Object> returnData = (HashMap<String, Object>) gson.fromJson(retJson, HashMap.class);

	String code = returnData.get("code").toString();
	String message = returnData.get("message").toString();
	String object = returnData.get("object").toString();
}

public static String convertHmacSha256(String secretKey, String params) throws NoSuchAlgorithmException, 
            InvalidKeyException,IllegalStateException, SignatureException, NoSuchProviderException, Exception
{
	try
	{
		final SecretKeySpec secret_key = new SecretKeySpec ( StringUtils.getBytesUtf8 ( secretKey ) , "HmacSHA256" );
		final Mac mac = Mac.getInstance ( "HmacSHA256" );
		mac.init ( secret_key );
		final byte[] bytes = mac.doFinal ( StringUtils.getBytesUtf8 ( params ) );
		return Hex.encodeHexString ( bytes );
	}
	catch ( NoSuchAlgorithmException e )
	{
		throw new NoSuchAlgorithmException ( e );
	}
	catch ( InvalidKeyException e )
	{
		throw new InvalidKeyException ( e );
	}
	catch ( IllegalStateException e )
	{
		throw new IllegalStateException ( e );
	}
	catch ( Exception e )
	{
		throw new Exception ( e );
	}
}

Node Js

const https = require('https')

var crypto = require('crypto');
var username = '<username>';
var certFingerprintSha1 = '<certFingerprintSha1>';
var signature = '<signature>';
var integrationKey = '<integration key>';

var time = Math.round((new Date()).getTime() / 1000);
var unixTimestamp = time.toString();
var authToken = 'authToken';

var supportFido = "<supportFido>";
var ipAddress = "<ipAddress>";
var userAgent = "<userAgent>";
var browserFp = "<browserFp>";

var secretKey    = '<secret key>';  
var hmacText = username + certFingerprintSha1 + signature + authToken + integrationKey + unixTimestamp + supportFido + ipAddress + userAgent + browserFp;
var hash, hmac;

/* generate hmac value*/
hmac = crypto.createHmac(sha256, secretKey);    
hmac.write(hmacText);
hmac.end();      
hash = hmac.read().toString('hex');    


const data = JSON.stringify({
	username: username,
	certFingerprintSha1: certFingerprintSha1,
	signature: signature,
	authToken: authToken,
	integrationKey: integrationKey,
	unixTimestamp: unixTimestamp,
	ipAddress: ipAddress,
	supportFido: supportFido,
	userAgent: userAgent,
	browserFp: browserFp,
	hmac: hash
})

const options = {
	hostname: "<domain_name>",
	port: 443,
	path:'/v2/CentagateWS/webresources/auth/authPkiWithSignature',
	method: 'POST',
	headers: {
		'Accept': 'application/json',
		'Content-Type': 'application/json',
	}
}

const req = https.request(options, res =>{
	console.log(`HTTP Status Code: ${res.statusCode}`)
	var body = '';
	res.on('data', function(d){
		
	body += d;
	var parsed = JSON.parse(body);
	
	if (parsed.code == 0){
	   console.log('Authentication Succeed');
	   console.log('Response:');
	   console.log(body);
	}
	else {
	  console.log('Authentication Fail, ' +'Message:' + parsed.message);
	  console.log('Code:' + parsed.code); 
	}
		
	})
})

req.on('ERROR', error => {
	console.error(error)
})

req.write(data)
req.end()

PHP

<?php

    $url = 'https://<domain_name>/v2/CentagateWS/webresources/auth/authPkiWithSignature';
    
    $ch = curl_init($url);
    $secretKey = "<secretkey>";
    $username ="<username>";
    $certFingerprintSha1 = "<certFingerprintSha1>";
    $signature = "<signature>";
    $integrationKey = "<integrationkey>";
    $time = time(); // get current timestamp
    $authToken = "<authToken>";
    $unixTimestamp = strval($time); //convert timestamp to String
    $supportFido = "<supportFido>";
    $ipAddress = "<ipAddress>";
    $userAgent = "<userAgent>";
    $browserFp = "<browserFp>";
    
    $hmac_text = $username.$certFingerprintSha1.$signature.$authToken.$integrationKey.$unixTimestamp.$supportFido.$ipAddress.$userAgent.$browserFp;
    $hmac = hash_hmac('sha256', $hmac_text, $secretKey); // calculate hmac value
    
    $jsonData = array (
    	'username'=> $username,
    	'certFingerprintSha1'=> $certFingerprintSha1,
    	'signature'=> $signature,
    	'authToken'=> $authToken;
    	'integrationKey'=> $integrationKey,
    	'unixTimestamp'=> $unixTimestamp,
    	'supportFido'=> $supportFido,
    	'ipAddress'=> $ipAddress,
    	'userAgent'=> $userAgent,
    	'browserFp'=> $browserFp,
    	'hmac' => $hmac
    	
    );
    
    $jsonDataEncoded = json_encode($jsonData);
    
    curl_setopt($ch, CURLOPT_POST,1);
    curl_setopt($ch, CURLOPT_POSTFIELDS, $jsonDataEncoded);
    curl_setopt($ch, CURLOPT_HTTPHEADER, array('Accept: application/json','Content-Type: application/json'));
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    
    $result = curl_exec($ch);
    
    
    $obj = json_decode($result); 
    if ($obj->{'code'} != 0){
    	print "Authentication fail";
    	print "Message: ".$obj->{'message'}; 
    	echo " <br>"; 
    	print "Code: ".$obj->{'code'};
    }
    else {
    	print "Authentication succeed";
    	echo " <br>"; 
    	print "Message: ".$obj->{'message'}; 
    	echo " <br>"; 
    	print "Code: ".$obj->{'code'}; 
    	echo " <br>"; 
    	print "Result:" ;
    	echo " <br>"; 
    	print $result;
    }
    
    curl_close($ch);

?>