Chilkat HOME .NET Core C# Android™ AutoIt C C# C++ Chilkat2-Python CkPython Classic ASP DataFlex Delphi ActiveX Delphi DLL Go Java Lianja Mono C# Node.js Objective-C PHP ActiveX PHP Extension Perl PowerBuilder PowerShell PureBasic Ruby SQL Server Swift 2 Swift 3,4,5... Tcl Unicode C Unicode C++ VB.NET VBScript Visual Basic 6.0 Visual FoxPro Xojo Plugin
(Unicode C) Verify Signature of Alexa Custom Skill RequestThis example verifies the signature of an Alexa Custom Skill Request.
#include <C_CkHttpW.h> #include <C_CkStringBuilderW.h> #include <C_CkPemW.h> #include <C_CkCertW.h> #include <C_CkPublicKeyW.h> #include <C_CkRsaW.h> void ChilkatSample(void) { const wchar_t *signature; const wchar_t *certChainUrl; const wchar_t *jsonBody; HCkHttpW http; HCkStringBuilderW sbPem; BOOL success; HCkPemW pem; HCkCertW cert; HCkPublicKeyW pubKey; HCkRsaW rsa; BOOL bVerified; // This example assumes you have a web service that will receive requests from Alexa. // A sample request sent by Alexa will look like the following: // Connection: Keep-Alive // Content-Length: 2583 // Content-Type: application/json; charset=utf-8 // Accept: application/json // Accept-Charset: utf-8 // Host: your.web.server.com // User-Agent: Apache-HttpClient/4.5.x (Java/1.8.0_172) // Signature: dSUmPwxc9...aKAf8mpEXg== // SignatureCertChainUrl: https://s3.amazonaws.com/echo.api/echo-api-cert-6-ats.pem // // {"version":"1.0","session":{"new":true,"sessionId":"amzn1.echo-api.session.433 ... }} // First, assume we've written code to get the 3 pieces of data we need: signature = L"dSUmPwxc9...aKAf8mpEXg=="; certChainUrl = L"https://s3.amazonaws.com/echo.api/echo-api-cert-6-ats.pem"; jsonBody = L"{\"version\":\"1.0\",\"session\":{\"new\":true,\"sessionId\":\"amzn1.echo-api.session.433 ... }}"; // To validate the signature, we do the following: // First, download the PEM-encoded X.509 certificate chain that Alexa used to sign the message http = CkHttpW_Create(); sbPem = CkStringBuilderW_Create(); success = CkHttpW_QuickGetSb(http,certChainUrl,sbPem); if (success == FALSE) { wprintf(L"%s\n",CkHttpW_lastErrorText(http)); CkHttpW_Dispose(http); CkStringBuilderW_Dispose(sbPem); return; } pem = CkPemW_Create(); success = CkPemW_LoadPem(pem,CkStringBuilderW_getAsString(sbPem),L"passwordNotUsed"); if (success == FALSE) { wprintf(L"%s\n",CkPemW_lastErrorText(pem)); CkHttpW_Dispose(http); CkStringBuilderW_Dispose(sbPem); CkPemW_Dispose(pem); return; } // The 1st certificate should be the signing certificate. cert = CkPemW_GetCert(pem,0); if (CkPemW_getLastMethodSuccess(pem) == FALSE) { wprintf(L"%s\n",CkPemW_lastErrorText(pem)); CkHttpW_Dispose(http); CkStringBuilderW_Dispose(sbPem); CkPemW_Dispose(pem); return; } // Get the public key from the cert. pubKey = CkCertW_ExportPublicKey(cert); if (CkCertW_getLastMethodSuccess(cert) == FALSE) { wprintf(L"%s\n",CkCertW_lastErrorText(cert)); CkCertW_Dispose(cert); CkHttpW_Dispose(http); CkStringBuilderW_Dispose(sbPem); CkPemW_Dispose(pem); return; } CkCertW_Dispose(cert); // Use the public key extracted from the signing certificate to decrypt the encrypted signature to produce the asserted hash value. rsa = CkRsaW_Create(); success = CkRsaW_ImportPublicKeyObj(rsa,pubKey); if (success == FALSE) { wprintf(L"%s\n",CkCertW_lastErrorText(cert)); CkPublicKeyW_Dispose(pubKey); CkHttpW_Dispose(http); CkStringBuilderW_Dispose(sbPem); CkPemW_Dispose(pem); CkRsaW_Dispose(rsa); return; } CkPublicKeyW_Dispose(pubKey); // RSA "decrypt" the signature. // (Amazon's documentation is confusing, because we're simply verifiying the signature against the SHA-1 hash // of the request body. This happens in a single call to VerifyStringENC...) CkRsaW_putEncodingMode(rsa,L"base64"); bVerified = CkRsaW_VerifyStringENC(rsa,jsonBody,L"sha1",signature); if (bVerified == TRUE) { wprintf(L"The signature is verified against the JSON body of the request. Yay!\n"); } else { wprintf(L"Sorry, not verified. Crud!\n"); } CkHttpW_Dispose(http); CkStringBuilderW_Dispose(sbPem); CkPemW_Dispose(pem); CkRsaW_Dispose(rsa); } |
© 2000-2024 Chilkat Software, Inc. All Rights Reserved.