|
Chilkat • HOME • .NET Core C# • Android™ • AutoIt • C • C# • C++ • Chilkat2-Python • CkPython • Classic ASP • DataFlex • Delphi ActiveX • Delphi DLL • Go • Java • Lianja • Mono C# • Node.js • Objective-C • PHP ActiveX • PHP Extension • Perl • PowerBuilder • PowerShell • PureBasic • Ruby • SQL Server • Swift 2 • Swift 3,4,5... • Tcl • Unicode C • Unicode C++ • VB.NET • VBScript • Visual Basic 6.0 • Visual FoxPro • Xojo Plugin
(C) Verify Signature of Alexa Custom Skill RequestThis example verifies the signature of an Alexa Custom Skill Request.
#include <C_CkHttp.h> #include <C_CkStringBuilder.h> #include <C_CkPem.h> #include <C_CkCert.h> #include <C_CkPublicKey.h> #include <C_CkRsa.h> void ChilkatSample(void) { const char *signature; const char *certChainUrl; const char *jsonBody; HCkHttp http; HCkStringBuilder sbPem; BOOL success; HCkPem pem; HCkCert cert; HCkPublicKey pubKey; HCkRsa rsa; BOOL bVerified; // This example assumes you have a web service that will receive requests from Alexa. // A sample request sent by Alexa will look like the following: // Connection: Keep-Alive // Content-Length: 2583 // Content-Type: application/json; charset=utf-8 // Accept: application/json // Accept-Charset: utf-8 // Host: your.web.server.com // User-Agent: Apache-HttpClient/4.5.x (Java/1.8.0_172) // Signature: dSUmPwxc9...aKAf8mpEXg== // SignatureCertChainUrl: https://s3.amazonaws.com/echo.api/echo-api-cert-6-ats.pem // // {"version":"1.0","session":{"new":true,"sessionId":"amzn1.echo-api.session.433 ... }} // First, assume we've written code to get the 3 pieces of data we need: signature = "dSUmPwxc9...aKAf8mpEXg=="; certChainUrl = "https://s3.amazonaws.com/echo.api/echo-api-cert-6-ats.pem"; jsonBody = "{\"version\":\"1.0\",\"session\":{\"new\":true,\"sessionId\":\"amzn1.echo-api.session.433 ... }}"; // To validate the signature, we do the following: // First, download the PEM-encoded X.509 certificate chain that Alexa used to sign the message http = CkHttp_Create(); sbPem = CkStringBuilder_Create(); success = CkHttp_QuickGetSb(http,certChainUrl,sbPem); if (success == FALSE) { printf("%s\n",CkHttp_lastErrorText(http)); CkHttp_Dispose(http); CkStringBuilder_Dispose(sbPem); return; } pem = CkPem_Create(); success = CkPem_LoadPem(pem,CkStringBuilder_getAsString(sbPem),"passwordNotUsed"); if (success == FALSE) { printf("%s\n",CkPem_lastErrorText(pem)); CkHttp_Dispose(http); CkStringBuilder_Dispose(sbPem); CkPem_Dispose(pem); return; } // The 1st certificate should be the signing certificate. cert = CkPem_GetCert(pem,0); if (CkPem_getLastMethodSuccess(pem) == FALSE) { printf("%s\n",CkPem_lastErrorText(pem)); CkHttp_Dispose(http); CkStringBuilder_Dispose(sbPem); CkPem_Dispose(pem); return; } // Get the public key from the cert. pubKey = CkCert_ExportPublicKey(cert); if (CkCert_getLastMethodSuccess(cert) == FALSE) { printf("%s\n",CkCert_lastErrorText(cert)); CkCert_Dispose(cert); CkHttp_Dispose(http); CkStringBuilder_Dispose(sbPem); CkPem_Dispose(pem); return; } CkCert_Dispose(cert); // Use the public key extracted from the signing certificate to decrypt the encrypted signature to produce the asserted hash value. rsa = CkRsa_Create(); success = CkRsa_ImportPublicKeyObj(rsa,pubKey); if (success == FALSE) { printf("%s\n",CkCert_lastErrorText(cert)); CkPublicKey_Dispose(pubKey); CkHttp_Dispose(http); CkStringBuilder_Dispose(sbPem); CkPem_Dispose(pem); CkRsa_Dispose(rsa); return; } CkPublicKey_Dispose(pubKey); // RSA "decrypt" the signature. // (Amazon's documentation is confusing, because we're simply verifiying the signature against the SHA-1 hash // of the request body. This happens in a single call to VerifyStringENC...) CkRsa_putEncodingMode(rsa,"base64"); bVerified = CkRsa_VerifyStringENC(rsa,jsonBody,"sha1",signature); if (bVerified == TRUE) { printf("The signature is verified against the JSON body of the request. Yay!\n"); } else { printf("Sorry, not verified. Crud!\n"); } CkHttp_Dispose(http); CkStringBuilder_Dispose(sbPem); CkPem_Dispose(pem); CkRsa_Dispose(rsa); } |
|||||||
© 2000-2024 Chilkat Software, Inc. All Rights Reserved.