1 Reply Latest reply on Nov 20, 2015 7:58 AM by butch

    Validating registration via jiveSignatureUrl

    butch

      I've been trying to reverse engineer the node SDK validateRegistration function with no success.  I can't even seem to come up with a simple CURL command that replicates whatever the node SDK is doing (below).

       

      This registration call from node will work every time.

      buffer = 'clientId:kqkml5js12byep1w7x3ia02y0nof1ifo.i\nclientSecret:40913147bb823b0dab49c88497c529aa5e87598a3efca1d6ffbe273077f01a77\njiveSignatureURL:https://market.apps.jivesoftware.com/appsmarket/services/rest/jive/instance/validation/8ce5c231-fab8-46b1-b8b2-fc65deccbb5d\njiveUrl:https://sandbox.jiveon.com\ntenantId:b22e3911-28ef-480c-ae3b-ca791ba86952\ntimestamp:2015-11-20T14:17:31.799+0000\n'; jiveSignature = 'XGvHFylrDy6NDHYge+1Z02f9TnRfflg7McwD5u9ClWY='      var headers = {         'X-Jive-MAC' : jiveSignature     };      jive.logger.debug("Received registration block: " + JSON.stringify(validationBlock) );     jive.logger.debug("Shipping validation request to appsmarket - endpoint: " + jiveSignatureUrl );      var r = jive.util.buildRequest(jiveSignatureUrl, 'POST', buffer, headers);  r.then( function(r) {     console.log(r); });  

      The response from Jive is the expected 204

      postObject:  undefined contentType:  undefined options are:  { port: null,   method: 'POST',   headers:     { 'X-Jive-MAC': 'XGvHFylrDy6NDHYge+1Z02f9TnRfflg7McwD5u9ClWY=',      'Content-Length': 383 },   rejectUnauthorized: false,   jar: false,   url: 'https://market.apps.jivesoftware.com:443/appsmarket/services/rest/jive/instance/validation/8ce5c231-fab8-46b1-b8b2-fc65deccbb5d',   body: 'clientId:kqkml5js12byep1w7x3ia02y0nof1ifo.i\nclientSecret:40913147bb823b0dab49c88497c529aa5e87598a3efca1d6ffbe273077f01a77\njiveSignatureURL:https://market.apps.jivesoftware.com/appsmarket/services/rest/jive/instance/validation/8ce5c231-fab8-46b1-b8b2-fc65deccbb5d\njiveUrl:https://sandbox.jiveon.com\ntenantId:b22e3911-28ef-480c-ae3b-ca791ba86952\ntimestamp:2015-11-20T14:17:31.799+0000\n',   encoding: null } { statusCode: 204,   headers:     { date: 'Fri, 20 Nov 2015 14:37:55 GMT',      server: 'Apache-Coyote/1.1',      'cache-control': 'no-cache',      pragma: 'no-cache',      expires: '1',      'content-length': '0',      'x-cnection': 'close',      'content-type': 'text/plain; charset=UTF-8',      'set-cookie': [ 'BIGipServerappsmarket-ui-prod-pool=2739052554.64750.0000; path=/' ] },   entity: { status: 204, body: '' } }

       

      Using curl always gives me 403 Forbidden.

      curl -v -i -X POST -H 'Content-Length: 383' -H 'X-Jive-MAC: XGvHFylrDy6NDHYge+1Z02f9TnRfflg7McwD5u9ClWY=' --data 'clientId:kqkml5js12byep1w7x3ia02y0nof1ifo.i\nclientSecret:40913147bb823b0dab49c88497c529aa5e87598a3efca1d6ffbe273077f01a77\njiveSignatureURL:https://market.apps.jivesoftware.com/appsmarket/services/rest/jive/instance/validation/8ce5c231-fab8-46b1-b8b2-fc65deccbb5d\njiveUrl:https://sandbox.jiveon.com\ntenantId:b22e3911-28ef-480c-ae3b-ca791ba86952\ntimestamp:2015-11-20T14:17:31.799+0000\n' https://market.apps.jivesoftware.com:443/appsmarket/services/rest/jive/instance/validation/8ce5c231-fab8-46b1-b8b2-fc65deccbb5d * Hostname was NOT found in DNS cache *   Trying 204.93.64.230... * Connected to market.apps.jivesoftware.com (204.93.64.230) port 443 (#0) * successfully set certificate verify locations: *   CAfile: none   CApath: /etc/ssl/certs * SSLv3, TLS handshake, Client hello (1): * SSLv3, TLS handshake, Server hello (2): * SSLv3, TLS handshake, CERT (11): * SSLv3, TLS handshake, Server finished (14): * SSLv3, TLS handshake, Client key exchange (16): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSL connection using TLSv1.2 / AES256-SHA256 * Server certificate: *        subject: C=US; L=Palo Alto; ST=California; O=Jive Software, Inc.; CN=*.apps.jivesoftware.com *        start date: 2015-02-12 00:00:00 GMT *        expire date: 2017-02-28 12:00:00 GMT *        subjectAltName: market.apps.jivesoftware.com matched *        issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=DigiCert SHA2 High Assurance Server CA *        SSL certificate verify ok. > POST /appsmarket/services/rest/jive/instance/validation/8ce5c231-fab8-46b1-b8b2-fc65deccbb5d HTTP/1.1 > User-Agent: curl/7.38.0 > Host: market.apps.jivesoftware.com > Accept: */* > Content-Length: 383 > X-Jive-MAC: XGvHFylrDy6NDHYge+1Z02f9TnRfflg7McwD5u9ClWY= > Content-Type: application/x-www-form-urlencoded >  * upload completely sent off: 389 out of 389 bytes < HTTP/1.1 403 Forbidden HTTP/1.1 403 Forbidden < Date: Fri, 20 Nov 2015 14:52:51 GMT Date: Fri, 20 Nov 2015 14:52:51 GMT * Server Apache-Coyote/1.1 is not blacklisted < Server: Apache-Coyote/1.1 Server: Apache-Coyote/1.1 < Cache-Control: no-cache Cache-Control: no-cache < Pragma: no-cache Pragma: no-cache < Expires: 1 Expires: 1 < Content-Type: text/xml Content-Type: text/xml < Content-Length: 0 Content-Length: 0 < X-Cnection: close X-Cnection: close < Set-Cookie: BIGipServerappsmarket-ui-prod-pool=2739052554.64750.0000; path=/ Set-Cookie: BIGipServerappsmarket-ui-prod-pool=2739052554.64750.0000; path=/  <  * Connection #0 to host market.apps.jivesoftware.com left intact

      Or... setting content-type to text/plain?  nope...

      curl -v -i -X POST -H 'Content-Type: text/plain' -H 'Content-Length: 383' -H 'X-Jive-MAC: XGvHFylrDy6NDHYge+1Z02f9TnRfflg7McwD5u9ClWY=' --data 'clientId:kqkml5js12byep1w7x3ia02y0nof1ifo.i\nclientSecret:40913147bb823b0dab49c88497c529aa5e87598a3efca1d6ffbe273077f01a77\njiveSignatureURL:https://market.apps.jivesoftware.com/appsmarket/services/rest/jive/instance/validation/8ce5c231-fab8-46b1-b8b2-fc65deccbb5d\njiveUrl:https://sandbox.jiveon.com\ntenantId:b22e3911-28ef-480c-ae3b-ca791ba86952\ntimestamp:2015-11-20T14:17:31.799+0000\n' https://market.apps.jivesoftware.com:443/appsmarket/services/rest/jive/instance/validation/8ce5c231-fab8-46b1-b8b2-fc65deccbb5d * Hostname was NOT found in DNS cache *   Trying 204.93.64.230... * Connected to market.apps.jivesoftware.com (204.93.64.230) port 443 (#0) * successfully set certificate verify locations: *   CAfile: none   CApath: /etc/ssl/certs * SSLv3, TLS handshake, Client hello (1): * SSLv3, TLS handshake, Server hello (2): * SSLv3, TLS handshake, CERT (11): * SSLv3, TLS handshake, Server finished (14): * SSLv3, TLS handshake, Client key exchange (16): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSL connection using TLSv1.2 / AES256-SHA256 * Server certificate: *        subject: C=US; L=Palo Alto; ST=California; O=Jive Software, Inc.; CN=*.apps.jivesoftware.com *        start date: 2015-02-12 00:00:00 GMT *        expire date: 2017-02-28 12:00:00 GMT *        subjectAltName: market.apps.jivesoftware.com matched *        issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=DigiCert SHA2 High Assurance Server CA *        SSL certificate verify ok. > POST /appsmarket/services/rest/jive/instance/validation/8ce5c231-fab8-46b1-b8b2-fc65deccbb5d HTTP/1.1 > User-Agent: curl/7.38.0 > Host: market.apps.jivesoftware.com > Accept: */* > Content-Type: text/plain > Content-Length: 383 > X-Jive-MAC: XGvHFylrDy6NDHYge+1Z02f9TnRfflg7McwD5u9ClWY= >  * upload completely sent off: 389 out of 389 bytes < HTTP/1.1 403 Forbidden HTTP/1.1 403 Forbidden < Date: Fri, 20 Nov 2015 14:54:08 GMT Date: Fri, 20 Nov 2015 14:54:08 GMT * Server Apache-Coyote/1.1 is not blacklisted < Server: Apache-Coyote/1.1 Server: Apache-Coyote/1.1 < Cache-Control: no-cache Cache-Control: no-cache < Pragma: no-cache Pragma: no-cache < Expires: 1 Expires: 1 < Content-Type: text/xml Content-Type: text/xml < Content-Length: 0 Content-Length: 0 < X-Cnection: close X-Cnection: close < Set-Cookie: BIGipServerappsmarket-ui-prod-pool=2772606986.64750.0000; path=/ Set-Cookie: BIGipServerappsmarket-ui-prod-pool=2772606986.64750.0000; path=/  <  * Connection #0 to host market.apps.jivesoftware.com left intact

       

      Any idea Ryan Rutan? Markus Nagel?

        • Re: Validating registration via jiveSignatureUrl
          butch

          Aaaand I answered my own question.  This is the command if anyone is interested!

           

          The issue?  Content-Type needs to be application/json... even thought the content is not application/json...

           

          curl -v -i -X POST -H 'Content-Type: application/json' -H 'X-Jive-MAC: XGvHFylrDy6NDHYge+1Z02f9TnRfflg7McwD5u9ClWY=' -d $'clientId:kqkml5js12byep1w7x3ia02y0nof1ifo.i\nclientSecret:40913147bb823b0dab49c88497c529aa5e87598a3efca1d6ffbe273077f01a77\njiveSignatureURL:https://market.apps.jivesoftware.com/appsmarket/services/rest/jive/instance/validation/8ce5c231-fab8-46b1-b8b2-fc65deccbb5d\njiveUrl:https://sandbox.jiveon.com\ntenantId:b22e3911-28ef-480c-ae3b-ca791ba86952\ntimestamp:2015-11-20T14:17:31.799+0000\n' https://market.apps.jivesoftware.com:443/appsmarket/services/rest/jive/instance/validation/8ce5c231-fab8-46b1-b8b2-fc65deccbb5d
          2 people found this helpful