|
Chilkat • HOME • Android™ • AutoIt • C • C# • C++ • Chilkat2-Python • CkPython • Classic ASP • DataFlex • Delphi DLL • Go • Java • Node.js • Objective-C • PHP Extension • Perl • PowerBuilder • PowerShell • PureBasic • Ruby • SQL Server • Swift • Tcl • Unicode C • Unicode C++ • VB.NET • VBScript • Visual Basic 6.0 • Visual FoxPro • Xojo Plugin
(Delphi DLL) Verify Signature of Alexa Custom Skill RequestThis example verifies the signature of an Alexa Custom Skill Request. Note: This example requires Chilkat v11.0.0 or greater.
uses Winapi.Windows, Winapi.Messages, System.SysUtils, System.Variants, System.Classes, Vcl.Graphics, Vcl.Controls, Vcl.Forms, Vcl.Dialogs, Vcl.StdCtrls, PublicKey, Pem, StringBuilder, Rsa, Cert, Http; ... procedure TForm1.Button1Click(Sender: TObject); var success: Boolean; signature: PWideChar; certChainUrl: PWideChar; jsonBody: PWideChar; http: HCkHttp; sbPem: HCkStringBuilder; pem: HCkPem; cert: HCkCert; pubKey: HCkPublicKey; rsa: HCkRsa; bVerified: Boolean; begin success := False; // This example assumes you have a web service that will receive requests from Alexa. // A sample request sent by Alexa will look like the following: // Connection: Keep-Alive // Content-Length: 2583 // Content-Type: application/json; charset=utf-8 // Accept: application/json // Accept-Charset: utf-8 // Host: your.web.server.com // User-Agent: Apache-HttpClient/4.5.x (Java/1.8.0_172) // Signature: dSUmPwxc9...aKAf8mpEXg== // SignatureCertChainUrl: https://s3.amazonaws.com/echo.api/echo-api-cert-6-ats.pem // // {"version":"1.0","session":{"new":true,"sessionId":"amzn1.echo-api.session.433 ... }} // First, assume we've written code to get the 3 pieces of data we need: signature := 'dSUmPwxc9...aKAf8mpEXg=='; certChainUrl := 'https://s3.amazonaws.com/echo.api/echo-api-cert-6-ats.pem'; jsonBody := '{"version":"1.0","session":{"new":true,"sessionId":"amzn1.echo-api.session.433 ... }}'; // To validate the signature, we do the following: // First, download the PEM-encoded X.509 certificate chain that Alexa used to sign the message http := CkHttp_Create(); sbPem := CkStringBuilder_Create(); success := CkHttp_QuickGetSb(http,certChainUrl,sbPem); if (success = False) then begin Memo1.Lines.Add(CkHttp__lastErrorText(http)); Exit; end; pem := CkPem_Create(); success := CkPem_LoadPem(pem,CkStringBuilder__getAsString(sbPem),'passwordNotUsed'); if (success = False) then begin Memo1.Lines.Add(CkPem__lastErrorText(pem)); Exit; end; // The 1st certificate should be the signing certificate. cert := CkPem_GetCert(pem,0); if (CkPem_getLastMethodSuccess(pem) = False) then begin Memo1.Lines.Add(CkPem__lastErrorText(pem)); Exit; end; // Get the public key from the cert. pubKey := CkCert_ExportPublicKey(cert); if (CkCert_getLastMethodSuccess(cert) = False) then begin Memo1.Lines.Add(CkCert__lastErrorText(cert)); CkCert_Dispose(cert); Exit; end; CkCert_Dispose(cert); // Use the public key extracted from the signing certificate to decrypt the encrypted signature to produce the asserted hash value. rsa := CkRsa_Create(); success := CkRsa_UsePublicKey(rsa,pubKey); if (success = False) then begin Memo1.Lines.Add(CkCert__lastErrorText(cert)); CkPublicKey_Dispose(pubKey); Exit; end; CkPublicKey_Dispose(pubKey); // RSA "decrypt" the signature. // (Amazon's documentation is confusing, because we're simply verifiying the signature against the SHA-1 hash // of the request body. This happens in a single call to VerifyStringENC...) CkRsa_putEncodingMode(rsa,'base64'); bVerified := CkRsa_VerifyStringENC(rsa,jsonBody,'sha1',signature); if (bVerified = True) then begin Memo1.Lines.Add('The signature is verified against the JSON body of the request. Yay!'); end else begin Memo1.Lines.Add('Sorry, not verified. Crud!'); end; CkHttp_Dispose(http); CkStringBuilder_Dispose(sbPem); CkPem_Dispose(pem); CkRsa_Dispose(rsa); end; |
||||
© 2000-2025 Chilkat Software, Inc. All Rights Reserved.