Hi Andreas, as you suggested, I modified my code in order to grant the JSON in the request body being strictly identical to the relevant body portion in stringToSIgn. Unfortunately, as I supposed, the error is still there. Just for you to know, my code now is as follows:
func generateSignature(stringToSign: String, body: Data?) -> String {
let headersDataToBeSigned = stringToSign.data(using: .utf8)!
let dataToBeSigned = NSMutableData()
dataToBeSigned.append(headersDataToBeSigned)
if body != nil {
dataToBeSigned.append(body!)
}
print(String(data: dataToBeSigned as Data, encoding: .utf8)) //just for debugging purposes!
let myPrivateKey = getClientPrivateKey()
let algorithm : SecKeyAlgorithm = .rsaSignatureMessagePKCS1v15SHA256
var error: Unmanaged<CFError>?
let signature = SecKeyCreateSignature(myPrivateKey!, algorithm, dataToBeSigned, &error)
let mySignatureString = NSMutableData()
mySignatureString.append(signature! as Data)
return mySignatureString.base64EncodedString()
}
the portion of code passing stringToSIgn and body is now:
let stringToSign = "POST /v1/device-server\nCache-Control: no-cache\nUser-Agent: Bunq_Swift_SDK_1.0\nX-Bunq-Client-Authentication: " + BunqInstallationContext!.token + "\nX-Bunq-Client-Request-Id: " + myId + "\nX-Bunq-Geolocation: 0 0 0 0 000\nX-Bunq-Language: en_US\nX-Bunq-Region: it_IT\n\n"
let signedString = generateSignature(stringToSign: stringToSign, body: self.body)
where self.body is:
case .device_server:
return try! JSONSerialization.data(withJSONObject: ["description":MY_DEVICE_DESCRIPTION,
"secret":BunqAPIsInstance!.get_Sandbox_API_Key(),
"permitted_ips":[]],
options: [])
All in all, as expected, the string whose data are signed is:
"POST /v1/device-server\nCache-Control: no-cache\nUser-Agent: Bunq_Swift_SDK_1.0\nX-Bunq-Client-Authentication: 9b02d3................ce3ae59e\nX-Bunq-Client-Request-Id: 4CBE8819-D004-445C-ADC5-8C140DF3BCF8\nX-Bunq-Geolocation: 0 0 0 0 000\nX-Bunq-Language: en_US\nX-Bunq-Region: it_IT\n\n{\"secret\":\"sandbox_625b9.............70cf9\",\"description\":\"Cosimo-iMac-Pro.local\",\"permitted_ips\":[]}"
(you see that I removed the wildcard from the permitted IPs)
and the request / response debug print is as follows:
$ curl -v \
-X POST \
-H "X-Bunq-Language: en_US" \
-H "X-Bunq-Client-Request-Id: 96B8A4BF-E5F7-4000-801C-D9E1AD2EA3B5" \
-H "X-Bunq-Region: it_IT" \
-H "X-Bunq-Geolocation: 0 0 0 0 000" \
-H "X-Bunq-Client-Authentication: a8b1.........b8f94" \
-H "Content-Type: application/json" \
-H "User-Agent: Bunq_Swift_SDK_1.0" \
-H "Cache-Control: no-cache" \
-H "X-Bunq-Client-Signature: kPeWmbxgHo39RyxgxVR/9VD7IznHttRcpwm983J9Me98tCkAKvVtYMtlnB1cJ7eeLY7Ff+g0eUsdd/+FqSexTKmrjWIb+Uge1FtCw+xwpGVOwTQwlYCK5fumof+A7S0PyUv/LmpERFEsw46mVWs+6JmCXlldSbzrZEwWGjNSl4A1nZv17hfRDSKZ/+t+r2AuRoe+nzWYltUBTrNo264vebzS45JUJip03a7B4bRnywVyP4A/pJdLkWfePFXjE0LV5hHy4tpby+NZDxAnfoAIDPm1rLF3wtDODhAHUUgDHo7i4X2g2hbi5FcrgCaL/NjxRbg24oVsuw2n242agbhbbQ==" \
-d "{\"permitted_ips\":[],\"secret\":\"sandbox_625b9..............970cf9\",\"description\":\"Cosimo-iMac-Pro.local\"}" \
"https://public-api.sandbox.bunq.com/v1/device-server"
"======================================="
{"Error":[{"error_description":"The request signature is invalid.","error_description_translated":"The request signature is invalid."}]}
The usual problem... No joy this evening... :-(
I hope you can help me, because I'm out of ideas