Signature validation failed to fulfill the request

[canyan-ai]

Hello! Recently UK and EU stores accessed Finances API
The interface prompts that the digital signature is invalid. It turns out that we can all access it successfully. Could you please help me find out the reason? Thank you!
for examble:
GET /sell/finances/v1/payout?filter=lastAttemptedPayoutDate%3A%5B2023-09-16T15%3A31%3A45.000Z..2023-09-18T16%3A56%3A49.237Z%5D&limit=20&offset=0 HTTP/1.1
Host: apiz.ebay.com
signature-input: sig1=("x-ebay-signature-key" "@method" "@path" "@authority");created=xxx
signature: sig1=:***:
x-ebay-signature-key: {jwe} -- generate by https://apiz.ebay.com/developer/key_management/v1/signing_key
{"signingKeyCipher": "ED25519"}
Authorization: ***

Response Body
{
"errors": [
{
"errorId": 215122,
"domain": "ACCESS",
"category": "REQUEST",
"message": "Signature validation failed",
"longMessage": "Signature validation failed to fulfill the request."
}
]
}

We generate the required signature header information through the signature generation tool class of the sdk of the official website as follows:

public class DigitalSignUtil {
private static Logger logger = LoggerFactory.getLogger(DigitalSignUtil.class);

public DigitalSignUtil() {
}

public static Map<String, String> getSignHeaderMap(String privateKey, String jwe, String method, String url, String body) {
    SignatureConfig config = new SignatureConfig();
    config.setDigestAlgorithm("sha-256");
    config.setAlgorithm("Ed25519");
    config.setPrivateKeyStr(privateKey);
    config.setJwe(jwe);
    config.setSignatureParams(Lists.newArrayList(new String[]{"content-digest", "x-ebay-signature-key", "@method", "@path", "@authority"}));
    SignatureComponent sc = new SignatureComponent();
    sc.setMethod(method);

    try {
        if (StringUtils.isNotEmpty(url)) {
            sc.setTargetUri(url);
            if (url.startsWith("https")) {
                sc.setScheme("https");
            } else if (url.startsWith("http")) {
                sc.setScheme("http");
            }

            String temp = url.substring(url.indexOf("://") + 3);
            String authority = temp.substring(0, temp.indexOf("/"));
            sc.setAuthority(authority);
            sc.setPath(url.substring(url.indexOf(authority) + authority.length()));
        }

        config.setSignatureComponents(sc);
        Signature signature = new Signature(config);
        return signature.getSignatureHeaderAsMap(body);
    } catch (SignatureException var9) {
        logger.error("getSignHeaderMap error ", var9);
        return null;
    }
}

}

public Map<String, String> getSignatureHeaderAsMap(String body) throws SignatureException {
Map<String, String> headers = new HashMap();
String contentDigest = this.generateDigestHeader(body);
String xEbaySignatureKey = this.generateSignatureKey();
headers.put("x-ebay-signature-key".toLowerCase(), xEbaySignatureKey);
ObjectMapper mapper = new ObjectMapper();
ObjectNode sign = mapper.createObjectNode();
if (StringUtils.isNotBlank(contentDigest)) {
headers.put("content-digest".toLowerCase(), contentDigest);
sign.put("Content-Digest".toLowerCase(), contentDigest);
}

    sign.put("x-ebay-signature-key".toLowerCase(), xEbaySignatureKey);
    sign.put("Signature".toLowerCase(), this.getSignature(headers));
    sign.put("Signature-Input".toLowerCase(), this.generateSignatureInput(contentDigest));
    return (Map)mapper.convertValue(sign, new TypeReference<HashMap<String, String>>() {
    });
}

/**
* Generate Signature Input header
*
* @param contentDigest content digest
* @return signatureInputHeader signature key header
*/
public String generateSignatureInput(String contentDigest) {
return "sig1=" + signatureService.getSignatureInput(contentDigest, signatureConfig.getSignatureParams());
}

/**
* Generate Signature Input header
*
* @param contentDigest content digest
* @param signatureParams signature params
* @return signatureInputHeader
*/
public String getSignatureInput(String contentDigest, List signatureParams) {
StringBuilder signatureInputBuf = new StringBuilder();
signatureInputBuf.append("(");

    for (int i = 0; i < signatureParams.size(); i++) {
        String param = signatureParams.get(i);
        if(param.equalsIgnoreCase(Constants.CONTENT_DIGEST) && contentDigest==null){
            continue;
        }
        signatureInputBuf.append("\"");
        signatureInputBuf.append(param);
        signatureInputBuf.append("\"");
        if (i < signatureParams.size() - 1) {
            signatureInputBuf.append(" ");
        }
    }

    signatureInputBuf.append(");created=");
    signatureInputBuf.append(Instant.now().getEpochSecond());
    return signatureInputBuf.toString();
}

[canyan-ai]

@uherberg Hello, I encountered the problem of incorrect signature when using the GetAccount interface. I need your help. First of all, we want to know about which part of the payload content of the SOAPMessage should be signed when using the webservice method to request the interface. , and secondly, does this part of the data need to be processed after it is taken out before participating in the signature? Thank you！

[rohit-lingayat-sd]

Hey @canyan-ai , did you find any solution for this. I am also facing the same issue. I created a digital signature correctly and also tried diff way to do that but no luck