|
Chilkat • HOME • .NET Core C# • Android™ • AutoIt • C • C# • C++ • Chilkat2-Python • CkPython • Classic ASP • DataFlex • Delphi ActiveX • Delphi DLL • Go • Java • Lianja • Mono C# • Node.js • Objective-C • PHP ActiveX • PHP Extension • Perl • PowerBuilder • PowerShell • PureBasic • Ruby • SQL Server • Swift 2 • Swift 3,4,5... • Tcl • Unicode C • Unicode C++ • VB.NET • VBScript • Visual Basic 6.0 • Visual FoxPro • Xojo Plugin
(Perl) Verify Signature of Alexa Custom Skill RequestThis example verifies the signature of an Alexa Custom Skill Request.
use chilkat(); # This example assumes you have a web service that will receive requests from Alexa. # A sample request sent by Alexa will look like the following: # Connection: Keep-Alive # Content-Length: 2583 # Content-Type: application/json; charset=utf-8 # Accept: application/json # Accept-Charset: utf-8 # Host: your.web.server.com # User-Agent: Apache-HttpClient/4.5.x (Java/1.8.0_172) # Signature: dSUmPwxc9...aKAf8mpEXg== # SignatureCertChainUrl: https://s3.amazonaws.com/echo.api/echo-api-cert-6-ats.pem # # {"version":"1.0","session":{"new":true,"sessionId":"amzn1.echo-api.session.433 ... }} # First, assume we've written code to get the 3 pieces of data we need: $signature = "dSUmPwxc9...aKAf8mpEXg=="; $certChainUrl = "https://s3.amazonaws.com/echo.api/echo-api-cert-6-ats.pem"; $jsonBody = "{\"version\":\"1.0\",\"session\":{\"new\":true,\"sessionId\":\"amzn1.echo-api.session.433 ... }}"; # To validate the signature, we do the following: # First, download the PEM-encoded X.509 certificate chain that Alexa used to sign the message $http = chilkat::CkHttp->new(); $sbPem = chilkat::CkStringBuilder->new(); $success = $http->QuickGetSb($certChainUrl,$sbPem); if ($success == 0) { print $http->lastErrorText() . "\r\n"; exit; } $pem = chilkat::CkPem->new(); $success = $pem->LoadPem($sbPem->getAsString(),"passwordNotUsed"); if ($success == 0) { print $pem->lastErrorText() . "\r\n"; exit; } # The 1st certificate should be the signing certificate. # cert is a Cert $cert = $pem->GetCert(0); if ($pem->get_LastMethodSuccess() == 0) { print $pem->lastErrorText() . "\r\n"; exit; } # Get the public key from the cert. # pubKey is a PublicKey $pubKey = $cert->ExportPublicKey(); if ($cert->get_LastMethodSuccess() == 0) { print $cert->lastErrorText() . "\r\n"; exit; } # Use the public key extracted from the signing certificate to decrypt the encrypted signature to produce the asserted hash value. $rsa = chilkat::CkRsa->new(); $success = $rsa->ImportPublicKeyObj($pubKey); if ($success == 0) { print $cert->lastErrorText() . "\r\n"; exit; } # RSA "decrypt" the signature. # (Amazon's documentation is confusing, because we're simply verifiying the signature against the SHA-1 hash # of the request body. This happens in a single call to VerifyStringENC...) $rsa->put_EncodingMode("base64"); $bVerified = $rsa->VerifyStringENC($jsonBody,"sha1",$signature); if ($bVerified == 1) { print "The signature is verified against the JSON body of the request. Yay!" . "\r\n"; } else { print "Sorry, not verified. Crud!" . "\r\n"; } |
||||
© 2000-2024 Chilkat Software, Inc. All Rights Reserved.