Feature/message signing #7
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
… check. Added message-signing configuration and decoding logic (MessageSigningMode, base-secret parsing, header list, max age, nonce control) in servers/hello/src/approov-protected-server/token-check/Helpers/AppSettings.cs (line 3) and Program.cs (line 31). Base secrets now accept base64 or base32. Captured needed token metadata (device ID, expiry, installation public key, raw token) for downstream use in ApproovTokenMiddleware (servers/hello/src/approov-protected-server/token-check/Middleware/ApproovTokenMiddleware.cs (line 23) onward). Introduced helpers for HTTP signature parsing and canonical message construction plus signature verification routines (Helpers/HttpSignatureParser.cs (line 6), Helpers/MessageSigningUtilities.cs (line 11)) and the new MessageSigningMiddleware enforcing installation/account signature checks, timestamp freshness, and nonce policy (Middleware/MessageSigningMiddleware.cs (line 9)). Updated configuration defaults (appsettings.json (line 9), appsettings.Development.json (line 9)) and documentation describing setup and testing (README.md (line 61) and README.md (line 112)). Added xUnit coverage for canonical message building, installation/account verification paths, metadata validation, and middleware behaviour in tests/Hello.Tests/UnitTest1.cs (line 11).
…oken handling. Add token binding support to the token-check for testing purposes
…. Add request-target construction method per RFC 9421.
…g serializer so it now rejects control/non-ASCII code points while still escaping quotes and backslashes.
…tting, trimming trailing zeros and any trailing decimal point so emitted values stay in standard decimal form (servers/hello/src/approov-
protected-server/token-check/Helpers/StructuredFieldFormatter.cs:104).
- Added guards against non-finite values, scientific notation, and integer parts longer than 12 digits, raising FormatException when RFC 8941 constraints are violated (servers/hello/src/approov-protected-
server/token-check/Helpers/StructuredFieldFormatter.cs:99).
- Normalized negative zero outputs to 0 to avoid spurious sign information in serialized numbers (servers/hello/src/approov-protected-server/token-check/Helpers/StructuredFieldFormatter.cs:110).
…iable specifying which header the token is bound to. Remove support for multiple header bindings for simplicity. Add test scripts.
…ation - Upgrade Dockerfile to use .NET SDK 8.0 - Update .env.example with new Approov configuration options - Change target framework in Hello.csproj to net8.0 - Refactor AppSettings to support multiple token binding headers - Improve ApproovMessageSignatureVerifier to validate signature metadata and timestamps - Modify ApproovTokenBindingMiddleware to handle multiple header values - Enhance ApproovTokenMiddleware to extract additional claims - Update MessageSigningMiddleware to clarify installation public key usage - Refactor Program.cs to configure message signature validation options
…bility and clarity - Updated the quickstart guide to reflect changes for ASP.NET 8, including package versions and middleware registration. - Streamlined the explanation of Approov setup, token validation, and server changes. - Added detailed instructions for message signing integration and middleware registration in a new quickstart document. - Improved the README in the token-check server example to include new endpoints and clarify usage. - Enhanced comments and structure for better readability and understanding of the Approov integration process.
jexh
approved these changes
Nov 23, 2025
Contributor
jexh
left a comment
jexh
left a comment
There was a problem hiding this comment.
Ready to go for now. There is a general need to improve comments on message signing impl code. (Probably other code too, but that was the main focus of the review.) We can improve this when we next review the quickstart contents (as part of the ongoing maintenance process).
| return false; | ||
| } | ||
|
|
||
| return path.Equals("/sfv_test", StringComparison.OrdinalIgnoreCase) |
Contributor
There was a problem hiding this comment.
To avoid hiding this logic in the source code, it would be better to pass a map of excluded paths when the middleware is created. This way it is exposed to the consumer at a point they can do something about it instead of being hidden in the code internals.
| } | ||
|
|
||
| // Extracts the ipk claim from the JWT token | ||
| private static string? ExtractInstallationPublicKey(string token) |
Contributor
There was a problem hiding this comment.
I we should try to have the token decoding done a single time. Is there a way to add it to the context once it is decoded the first time to avoid multiple decode and unmarshal steps?
servers/hello/src/approov-protected-server/token-check/README.md
Outdated
Show resolved
Hide resolved
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
First draft of the re-designed Quickstart, combining all functionality into one test server with multiple end points, testable by .sh scripts that use curl commands and predefined assertions. First implementation of message signing in C# Quickstart.
Known issues:
sfv:(%"my %c3%96 string";p4=123.4;p3=123 :YQ==:;t1=token ?0 ?1 123 134.321 @1744045540;bool1);bool2=?0seem to be invalid.