|
Chilkat • HOME • .NET Core C# • Android™ • AutoIt • C • C# • C++ • Chilkat2-Python • CkPython • Classic ASP • DataFlex • Delphi ActiveX • Delphi DLL • Go • Java • Lianja • Mono C# • Node.js • Objective-C • PHP ActiveX • PHP Extension • Perl • PowerBuilder • PowerShell • PureBasic • Ruby • SQL Server • Swift 2 • Swift 3,4,5... • Tcl • Unicode C • Unicode C++ • VB.NET • VBScript • Visual Basic 6.0 • Visual FoxPro • Xojo Plugin
(Classic ASP) Verify Signature of Alexa Custom Skill RequestThis example verifies the signature of an Alexa Custom Skill Request.
<html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> </head> <body> <% ' This example assumes you have a web service that will receive requests from Alexa. ' A sample request sent by Alexa will look like the following: ' Connection: Keep-Alive ' Content-Length: 2583 ' Content-Type: application/json; charset=utf-8 ' Accept: application/json ' Accept-Charset: utf-8 ' Host: your.web.server.com ' User-Agent: Apache-HttpClient/4.5.x (Java/1.8.0_172) ' Signature: dSUmPwxc9...aKAf8mpEXg== ' SignatureCertChainUrl: https://s3.amazonaws.com/echo.api/echo-api-cert-6-ats.pem ' ' {"version":"1.0","session":{"new":true,"sessionId":"amzn1.echo-api.session.433 ... }} ' First, assume we've written code to get the 3 pieces of data we need: signature = "dSUmPwxc9...aKAf8mpEXg==" certChainUrl = "https://s3.amazonaws.com/echo.api/echo-api-cert-6-ats.pem" jsonBody = "{""version"":""1.0"",""session"":{""new"":true,""sessionId"":""amzn1.echo-api.session.433 ... }}" ' To validate the signature, we do the following: ' First, download the PEM-encoded X.509 certificate chain that Alexa used to sign the message ' For versions of Chilkat < 10.0.0, use CreateObject("Chilkat_9_5_0.Http") set http = Server.CreateObject("Chilkat.Http") ' For versions of Chilkat < 10.0.0, use CreateObject("Chilkat_9_5_0.StringBuilder") set sbPem = Server.CreateObject("Chilkat.StringBuilder") success = http.QuickGetSb(certChainUrl,sbPem) If (success = 0) Then Response.Write "<pre>" & Server.HTMLEncode( http.LastErrorText) & "</pre>" Response.End End If ' For versions of Chilkat < 10.0.0, use CreateObject("Chilkat_9_5_0.Pem") set pem = Server.CreateObject("Chilkat.Pem") success = pem.LoadPem(sbPem.GetAsString(),"passwordNotUsed") If (success = 0) Then Response.Write "<pre>" & Server.HTMLEncode( pem.LastErrorText) & "</pre>" Response.End End If ' The 1st certificate should be the signing certificate. ' cert is a Chilkat.Cert Set cert = pem.GetCert(0) If (pem.LastMethodSuccess = 0) Then Response.Write "<pre>" & Server.HTMLEncode( pem.LastErrorText) & "</pre>" Response.End End If ' Get the public key from the cert. ' pubKey is a Chilkat.PublicKey Set pubKey = cert.ExportPublicKey() If (cert.LastMethodSuccess = 0) Then Response.Write "<pre>" & Server.HTMLEncode( cert.LastErrorText) & "</pre>" Response.End End If ' Use the public key extracted from the signing certificate to decrypt the encrypted signature to produce the asserted hash value. ' For versions of Chilkat < 10.0.0, use CreateObject("Chilkat_9_5_0.Rsa") set rsa = Server.CreateObject("Chilkat.Rsa") success = rsa.ImportPublicKeyObj(pubKey) If (success = 0) Then Response.Write "<pre>" & Server.HTMLEncode( cert.LastErrorText) & "</pre>" Response.End End If ' RSA "decrypt" the signature. ' (Amazon's documentation is confusing, because we're simply verifiying the signature against the SHA-1 hash ' of the request body. This happens in a single call to VerifyStringENC...) rsa.EncodingMode = "base64" bVerified = rsa.VerifyStringENC(jsonBody,"sha1",signature) If (bVerified = 1) Then Response.Write "<pre>" & Server.HTMLEncode( "The signature is verified against the JSON body of the request. Yay!") & "</pre>" Else Response.Write "<pre>" & Server.HTMLEncode( "Sorry, not verified. Crud!") & "</pre>" End If %> </body> </html> |
||||
© 2000-2024 Chilkat Software, Inc. All Rights Reserved.