STI-PA-TC-021
Verify CRL URL is contained in the SPCToken response
You can send SPC Token request with the following API:
https://authenticate-api-stg.iconectiv.com/api/v1/account/281K/token/
Your request data should be as follows:
{ "atc":
{ "tktype": "TNAuthList",
"tkvalue": "MAigBhzzMjgxSw==",
"ca": false,
"fingerprint": "SHA256 49:55:78:7F:34:14:81:67:99:48:DC:54:21:DA:F4:79:C7:41:29:06:BF:A5:38:DF:9E:03:97:6A:2C:53:CC:3B"
}}
In the request data, "tktype" and "ca" are fixed value.
You will get back the following data from server:
{"status":"success",
"message":"SPC token for spc: 111K is created successfully",
"token":"eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsIng1dSI6Imh0dHBzOi8vYXV0aGVudGljYXRlLWFwaS1zdGcuaWNvbmVjdGl2LmNvbS9kb3dubG9hZC92MS9jZXJ0aWZpY2F0ZS9jZXJ0aWZpY2F0ZUlkXzk3NTc0LmNydCJ9.eyJleHAiOjE2ODk5MTkwNjMsImp0aSI6IjUxOTE3NWNiLTY5OTgtNDA3NC05YWVhLTBkYTUxNzVhMTYyMiIsImF0YyI6eyJ0a3R5cGUiOiJUTkF1dGhMaXN0IiwidGt2YWx1ZSI6Ik1BaWdCaFlFTWpneFN3PT0iLCJjYSI6ZmFsc2UsImZpbmdlcnByaW50IjoiU0hBMjU2IDQ5OjU1Ojc4OjdGOjQyOjE3OjgxOjY3Ojk5OjQ4OkRDOjU0OjIxOkRBOkY0Ojc5OkM3OjQxOjI5OjA2OkJGOkE1OjM4OkRGOjlFOjAxOjk3OjZBOjJDOjUzOkNDOjNCIn19.yZsMAjzQ0fBx4hUQBR-E-exUwRHrFn4_utPuSJrraJYjI2K3eCfjNwVuMSCkAx9MQrUofB0d9hmDnZ_AblOCUQ",
"crl":"https://authenticate-api-stg.iconectiv.com/download/v1/crl"}
The recovered SPC Token is as follows:
{"alg":"ES256","typ":"JWT",
"x5u":"https://authenticate-api-stg.iconectiv.com/download/v1/certificate/certificateId_973374.crt"}
{"exp":1689919063,"jti":"519175cb-6998-4074-9aea-0da5175a1622","atc":{"tktype":"TNAuthList","tkvalue":"MAigBh33jgxSw==",
"ca":false,
"fingerprint":"SHA256 22:33:78:7F:42:17:81:45:99:3:DC:54:21:DA:F4:79:C7:41:29:06:BF:A5:38:DF:9E:01:97:6A:2C:53:CC:3B"}}
How to generate "tkvalue"
tkvalue is a base64-encoded X509 extension and you can create it using openssl CLI tool with the following steps:
Step 1: Create ssl .conf file
cat << EOF > tnauthlist.conf
asn1=SEQUENCE:tn_auth_list
[tn_auth_list]
field1=EXP:0,IA5:<UPPERCASE OCN>
EOF
Step 2: Create extension
openssl asn1parse -genconf tnauthlist.conf -noout -out tnauthlist.der
Step 3: Encode
cat tnauthlist.der | base64
Here is a full example:
% cat << EOF > tnauthlist.conf
asn1=SEQUENCE:tn_auth_list
[tn_auth_list]
field1=EXP:0,IA5:818H
EOF
% openssl asn1parse -genconf tnauthlist.conf -noout -out tnauthlist.der
% cat tnauthlist.der | base64
MAigBhYEODE4SA==
How to generate "fingerprint"
Firstly, you need to create a private key using the following command:
openssl ecparam -genkey -name prime256v1 -out ./private_key.pem
The above command will create your private key and store it in a file called "private_key.pem."
After you create your own private key, then you can generate fingerprint with the following commands:
% openssl ec -pubout -inform PEM -outform DER -in ./private.key.pem 2> /dev/null | openssl sha256 | awk '{ gsub(/.{2}/,"&:",$2); print "SHA256 " toupper(substr($2, 1, length($2) - 1)) }'
SHA256 D8:FC:D2:1E:52:7E:85:A5:DB:34:1F:0A:0A:67:17:55:70:9A:A1:50:34:16:BF:E6:E5:AB:AD:84:73:73:E8:A8
Last updated