1

I am trying to use the SafetyNet API by google. I have successfully sent a request to the google server and got the JWS output. In order to parse the JWS to JSON I am sending the JWS token to a URL given by google. But for some reason it is showing some error.

Docs : here

My Volley Code:

public void decodeJWS(final String x){
        String URL =  "https://www.googleapis.com/androidcheck/v1/attestations/verify?key="+getResources().getString(R.string.APIKey);
        StringRequest sq = new StringRequest(Request.Method.POST, URL, new Response.Listener<String>() {
            @Override
            public void onResponse(String response) {
                result.setText(response);
            }
        }, new Response.ErrorListener() {
            @Override
            public void onErrorResponse(VolleyError error) {
                result.setText(error.toString());
            }
        }){
            @Override
            public String getBodyContentType() {
                return "application/json";
            }


            @Override
            public Map<String, String> getHeaders() throws AuthFailureError {
                HashMap<String, String> headers = new HashMap<String, String>();
//                headers.put("signedAttestation",x);
                headers.put("Content-Type", "application/json; charset=utf-8");
                return headers;
            }

            @Override
            protected Map<String, String> getParams() throws AuthFailureError {
                HashMap<String,String> body = new HashMap<>();
                body.put("signedAttestation",x);
                return body;
            }
        };
        requestQueue.add(sq);
    }

The error message says com.android.volley.serverError.

The log says BasicNetwork.performRequest: Unexpected response code 400 for https://www.googleapis.com/androidcheck/v1/attestations/verify?key=MyKey

I tried using Postman to send the same request but it gave me 

{
  "isValidSignature": false
}

as the response. I believe I have set all the headers and stuff correctly in my volley code. Is there any error in that?

EDIT :

I updated my code to use JSONObjectRequest. When I use that there is no 400 error code but it is returning the same thing the Postman query returned. 

 {
      "isValidSignature": false
    }

I am getting the signature from the attestationResult using the getJWSResult() call and then immediately sending it as a parameter to the function. Why is it then showing it is not a valid signature.

Tyson
  • 747
  • 2
  • 6
  • 18

0 Answers0