|
Chilkat • HOME • .NET Core C# • Android™ • AutoIt • C • C# • C++ • Chilkat2-Python • CkPython • Classic ASP • DataFlex • Delphi ActiveX • Delphi DLL • Go • Java • Lianja • Mono C# • Node.js • Objective-C • PHP ActiveX • PHP Extension • Perl • PowerBuilder • PowerShell • PureBasic • Ruby • SQL Server • Swift 2 • Swift 3,4,5... • Tcl • Unicode C • Unicode C++ • VB.NET • VBScript • Visual Basic 6.0 • Visual FoxPro • Xojo Plugin
(PHP Extension) Verify Signature of Alexa Custom Skill RequestThis example verifies the signature of an Alexa Custom Skill Request.
<?php // The version number (9_5_0) should match version of the Chilkat extension used, omitting the micro-version number. // For example, if using Chilkat v9.5.0.48, then include as shown here: include("chilkat_9_5_0.php"); // This example assumes you have a web service that will receive requests from Alexa. // A sample request sent by Alexa will look like the following: // Connection: Keep-Alive // Content-Length: 2583 // Content-Type: application/json; charset=utf-8 // Accept: application/json // Accept-Charset: utf-8 // Host: your.web.server.com // User-Agent: Apache-HttpClient/4.5.x (Java/1.8.0_172) // Signature: dSUmPwxc9...aKAf8mpEXg== // SignatureCertChainUrl: https://s3.amazonaws.com/echo.api/echo-api-cert-6-ats.pem // // {"version":"1.0","session":{"new":true,"sessionId":"amzn1.echo-api.session.433 ... }} // First, assume we've written code to get the 3 pieces of data we need: $signature = 'dSUmPwxc9...aKAf8mpEXg=='; $certChainUrl = 'https://s3.amazonaws.com/echo.api/echo-api-cert-6-ats.pem'; $jsonBody = '{\'version\':\'1.0\',\'session\':{\'new\':true,\'sessionId\':\'amzn1.echo-api.session.433 ... }}'; // To validate the signature, we do the following: // First, download the PEM-encoded X.509 certificate chain that Alexa used to sign the message $http = new CkHttp(); $sbPem = new CkStringBuilder(); $success = $http->QuickGetSb($certChainUrl,$sbPem); if ($success == false) { print $http->lastErrorText() . "\n"; exit; } $pem = new CkPem(); $success = $pem->LoadPem($sbPem->getAsString(),'passwordNotUsed'); if ($success == false) { print $pem->lastErrorText() . "\n"; exit; } // The 1st certificate should be the signing certificate. // cert is a CkCert $cert = $pem->GetCert(0); if ($pem->get_LastMethodSuccess() == false) { print $pem->lastErrorText() . "\n"; exit; } // Get the public key from the cert. // pubKey is a CkPublicKey $pubKey = $cert->ExportPublicKey(); if ($cert->get_LastMethodSuccess() == false) { print $cert->lastErrorText() . "\n"; exit; } // Use the public key extracted from the signing certificate to decrypt the encrypted signature to produce the asserted hash value. $rsa = new CkRsa(); $success = $rsa->ImportPublicKeyObj($pubKey); if ($success == false) { print $cert->lastErrorText() . "\n"; exit; } // RSA "decrypt" the signature. // (Amazon's documentation is confusing, because we're simply verifiying the signature against the SHA-1 hash // of the request body. This happens in a single call to VerifyStringENC...) $rsa->put_EncodingMode('base64'); $bVerified = $rsa->VerifyStringENC($jsonBody,'sha1',$signature); if ($bVerified == true) { print 'The signature is verified against the JSON body of the request. Yay!' . "\n"; } else { print 'Sorry, not verified. Crud!' . "\n"; } ?> |
||||
© 2000-2024 Chilkat Software, Inc. All Rights Reserved.