|
Chilkat • HOME • Android™ • Classic ASP • C • C++ • C# • Mono C# • .NET Core C# • C# UWP/WinRT • DataFlex • Delphi ActiveX • Delphi DLL • Visual FoxPro • Java • Lianja • MFC • Objective-C • Perl • PHP ActiveX • PHP Extension • PowerBuilder • PowerShell • PureBasic • CkPython • Chilkat2-Python • Ruby • SQL Server • Swift 2 • Swift 3,4,5... • Tcl • Unicode C • Unicode C++ • Visual Basic 6.0 • VB.NET • VB.NET UWP/WinRT • VBScript • Xojo Plugin • Node.js • Excel • Go
(MFC) Verify Signature of Alexa Custom Skill RequestThis example verifies the signature of an Alexa Custom Skill Request.
#include <CkHttp.h> #include <CkStringBuilder.h> #include <CkPem.h> #include <CkCert.h> #include <CkPublicKey.h> #include <CkRsa.h> void ChilkatSample(void) { CkString strOut; // This example assumes you have a web service that will receive requests from Alexa. // A sample request sent by Alexa will look like the following: // Connection: Keep-Alive // Content-Length: 2583 // Content-Type: application/json; charset=utf-8 // Accept: application/json // Accept-Charset: utf-8 // Host: your.web.server.com // User-Agent: Apache-HttpClient/4.5.x (Java/1.8.0_172) // Signature: dSUmPwxc9...aKAf8mpEXg== // SignatureCertChainUrl: https://s3.amazonaws.com/echo.api/echo-api-cert-6-ats.pem // // {"version":"1.0","session":{"new":true,"sessionId":"amzn1.echo-api.session.433 ... }} // First, assume we've written code to get the 3 pieces of data we need: const char *signature = "dSUmPwxc9...aKAf8mpEXg=="; const char *certChainUrl = "https://s3.amazonaws.com/echo.api/echo-api-cert-6-ats.pem"; const char *jsonBody = "{\"version\":\"1.0\",\"session\":{\"new\":true,\"sessionId\":\"amzn1.echo-api.session.433 ... }}"; // To validate the signature, we do the following: // First, download the PEM-encoded X.509 certificate chain that Alexa used to sign the message CkHttp http; CkStringBuilder sbPem; bool success = http.QuickGetSb(certChainUrl,sbPem); if (success == false) { strOut.append(http.lastErrorText()); strOut.append("\r\n"); SetDlgItemText(IDC_EDIT1,strOut.getUnicode()); return; } CkPem pem; success = pem.LoadPem(sbPem.getAsString(),"passwordNotUsed"); if (success == false) { strOut.append(pem.lastErrorText()); strOut.append("\r\n"); SetDlgItemText(IDC_EDIT1,strOut.getUnicode()); return; } // The 1st certificate should be the signing certificate. CkCert *cert = pem.GetCert(0); if (pem.get_LastMethodSuccess() == false) { strOut.append(pem.lastErrorText()); strOut.append("\r\n"); SetDlgItemText(IDC_EDIT1,strOut.getUnicode()); return; } // Get the public key from the cert. CkPublicKey *pubKey = cert->ExportPublicKey(); if (cert->get_LastMethodSuccess() == false) { strOut.append(cert->lastErrorText()); strOut.append("\r\n"); delete cert; SetDlgItemText(IDC_EDIT1,strOut.getUnicode()); return; } delete cert; // Use the public key extracted from the signing certificate to decrypt the encrypted signature to produce the asserted hash value. CkRsa rsa; success = rsa.ImportPublicKeyObj(*pubKey); if (success == false) { strOut.append(cert->lastErrorText()); strOut.append("\r\n"); delete pubKey; SetDlgItemText(IDC_EDIT1,strOut.getUnicode()); return; } delete pubKey; // RSA "decrypt" the signature. // (Amazon's documentation is confusing, because we're simply verifiying the signature against the SHA-1 hash // of the request body. This happens in a single call to VerifyStringENC...) rsa.put_EncodingMode("base64"); bool bVerified = rsa.VerifyStringENC(jsonBody,"sha1",signature); if (bVerified == true) { strOut.append("The signature is verified against the JSON body of the request. Yay!"); strOut.append("\r\n"); } else { strOut.append("Sorry, not verified. Crud!"); strOut.append("\r\n"); } SetDlgItemText(IDC_EDIT1,strOut.getUnicode()); } |
||||
© 2000-2022 Chilkat Software, Inc. All Rights Reserved.