Chilkat HOME .NET Core C# Android™ AutoIt C C# C++ Chilkat2-Python CkPython Classic ASP DataFlex Delphi ActiveX Delphi DLL Go Java Lianja Mono C# Node.js Objective-C PHP ActiveX PHP Extension Perl PowerBuilder PowerShell PureBasic Ruby SQL Server Swift 2 Swift 3,4,5... Tcl Unicode C Unicode C++ VB.NET VBScript Visual Basic 6.0 Visual FoxPro Xojo Plugin
(Swift 3,4,5...) Verify Signature of Alexa Custom Skill RequestThis example verifies the signature of an Alexa Custom Skill Request.
func chilkatTest() { // This example assumes you have a web service that will receive requests from Alexa. // A sample request sent by Alexa will look like the following: // Connection: Keep-Alive // Content-Length: 2583 // Content-Type: application/json; charset=utf-8 // Accept: application/json // Accept-Charset: utf-8 // Host: your.web.server.com // User-Agent: Apache-HttpClient/4.5.x (Java/1.8.0_172) // Signature: dSUmPwxc9...aKAf8mpEXg== // SignatureCertChainUrl: https://s3.amazonaws.com/echo.api/echo-api-cert-6-ats.pem // // {"version":"1.0","session":{"new":true,"sessionId":"amzn1.echo-api.session.433 ... }} // First, assume we've written code to get the 3 pieces of data we need: var signature: String? = "dSUmPwxc9...aKAf8mpEXg==" var certChainUrl: String? = "https://s3.amazonaws.com/echo.api/echo-api-cert-6-ats.pem" var jsonBody: String? = "{\"version\":\"1.0\",\"session\":{\"new\":true,\"sessionId\":\"amzn1.echo-api.session.433 ... }}" // To validate the signature, we do the following: // First, download the PEM-encoded X.509 certificate chain that Alexa used to sign the message let http = CkoHttp()! let sbPem = CkoStringBuilder()! var success: Bool = http.quickGetSb(certChainUrl, sbContent: sbPem) if success == false { print("\(http.lastErrorText!)") return } let pem = CkoPem()! success = pem.load(sbPem.getAsString(), password: "passwordNotUsed") if success == false { print("\(pem.lastErrorText!)") return } // The 1st certificate should be the signing certificate. var cert: CkoCert? = pem.getCert(0) if pem.lastMethodSuccess == false { print("\(pem.lastErrorText!)") return } // Get the public key from the cert. var pubKey: CkoPublicKey? = cert!.exportPublicKey() if cert!.lastMethodSuccess == false { print("\(cert!.lastErrorText!)") cert = nil return } cert = nil // Use the public key extracted from the signing certificate to decrypt the encrypted signature to produce the asserted hash value. let rsa = CkoRsa()! success = rsa.importPublicKeyObj(pubKey) if success == false { print("\(cert!.lastErrorText!)") pubKey = nil return } pubKey = nil // RSA "decrypt" the signature. // (Amazon's documentation is confusing, because we're simply verifiying the signature against the SHA-1 hash // of the request body. This happens in a single call to VerifyStringENC...) rsa.encodingMode = "base64" var bVerified: Bool = rsa.verifyStringENC(jsonBody, hashAlg: "sha1", sig: signature) if bVerified == true { print("The signature is verified against the JSON body of the request. Yay!") } else { print("Sorry, not verified. Crud!") } } |
© 2000-2024 Chilkat Software, Inc. All Rights Reserved.