Start line:  
End line:  

Snippet Preview

Snippet HTML Code

Stack Overflow Questions
  /*
   * Copyright 2010-2015 Amazon.com, Inc. or its affiliates. All Rights Reserved.
   *
   * Licensed under the Apache License, Version 2.0 (the "License").
   * You may not use this file except in compliance with the License.
   * A copy of the License is located at
   *
   *  http://aws.amazon.com/apache2.0
   *
  * or in the "license" file accompanying this file. This file is distributed
  * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
  * express or implied. See the License for the specific language governing
  * permissions and limitations under the License.
  */
 package com.amazonaws.services.sns.util;
 
 import java.util.Map;
 
Utility for validating signatures on a Simple Notification Service JSON message.
 
 public class SignatureChecker {
 
     private Signature sigChecker;
 
     private final String NOTIFICATION_TYPE = "Notification";
     private final String SUBSCRIBE_TYPE = "SubscriptionConfirmation";
     private final String UNSUBSCRIBE_TYPE = "UnsubscribeConfirmation";
 
     private final String TYPE = "Type";
     private final String SUBSCRIBE_URL = "SubscribeURL";
     private final String MESSAGE = "Message";
     private final String TIMESTAMP = "Timestamp";
     private final String SIGNATURE_VERSION = "SignatureVersion";
     private final String SIGNATURE = "Signature";
     private final String MESSAGE_ID = "MessageId";
     private final String SUBJECT = "Subject";
     private final String TOPIC = "TopicArn";
     private final String TOKEN = "Token";

    
Validates the signature on a Simple Notification Service message. No Amazon-specific dependencies, just plain Java crypto and Jackson for parsing

Parameters:
message A JSON-encoded Simple Notification Service message. Note: the JSON may be only one level deep.
publicKey The Simple Notification Service public key, exactly as you'd see it when retrieved from the cert.
Returns:
True if the message was correctly validated, otherwise false.
 
     public boolean verifyMessageSignature(String messagePublicKey publicKey) {
 
         // extract the type and signature parameters
         Map<StringStringparsed = parseJSON(message);
 
         return verifySignature(parsedpublicKey);
     }

    
Validates the signature on a Simple Notification Service message. No Amazon-specific dependencies, just plain Java crypto

Parameters:
parsedMessage A map of Simple Notification Service message.
publicKey The Simple Notification Service public key, exactly as you'd see it when retrieved from the cert.
Returns:
True if the message was correctly validated, otherwise false.
 
     public boolean verifySignature(Map<StringStringparsedMessagePublicKey publicKey) {
         boolean valid = false;
         String version = parsedMessage.get();
         if (version.equals("1")) {
             // construct the canonical signed string
             String type = parsedMessage.get();
             String signature = parsedMessage.get();
             String signed = "";
             if (type.equals()) {
                 signed = stringToSign(publishMessageValues(parsedMessage));
            } else if (type.equals()) {
                signed = stringToSign(subscribeMessageValues(parsedMessage));
            } else if (type.equals()) {
                signed = stringToSign(subscribeMessageValues(parsedMessage)); // no difference, for now
            } else {
                throw new RuntimeException("Cannot process message of type " + type);
            }
            valid = verifySignature(signedsignaturepublicKey);
        }
        return valid;
    }

    
Does the actual Java cryptographic verification of the signature. This method does no handling of the many rare exceptions it is required to catch. This can also be used to verify the signature from the x-amz-sns-signature http header

Parameters:
message Exact string that was signed. In the case of the x-amz-sns-signature header the signing string is the entire post body
signature Base64-encoded signature of the message
Returns:
    public boolean verifySignature(String messageString signaturePublicKey publicKey){
        boolean result = false;
        byte[] sigbytes = null;
        try {
            sigbytes = Base64.decode(signature.getBytes());
             = Signature.getInstance("SHA1withRSA"); //check the signature
            .initVerify(publicKey);
            .update(message.getBytes());
            result = .verify(sigbytes);
        } catch (NoSuchAlgorithmException e) {
            // Rare exception: JVM does not support SHA1 with RSA
        } catch (InvalidKeyException e) {
            // Rare exception: The private key was incorrectly formatted
        } catch (SignatureException e) {
            // Rare exception: Catch-all exception for the signature checker
        }
        return result;
    }
    protected String stringToSign(SortedMap<StringStringsignables) {
        // each key and value is followed by a newline
        StringBuilder sb = new StringBuilder();
        for(String ksignables.keySet()){
            sb.append(k).append("\n");
            sb.append(signables.get(k)).append("\n");
        }
        String result = sb.toString();
        return result;
    }
    private Map<StringStringparseJSON(String jsonmessage){
        Map<StringStringparsed = new HashMap<StringString>();
        JsonFactory jf = new JsonFactory();
        try {
            JsonParser parser = jf.createJsonParser(jsonmessage);
            parser.nextToken(); //shift past the START_OBJECT that begins the JSON
            while (parser.nextToken() != .) {
                String fieldname = parser.getCurrentName();
                parser.nextToken(); // move to value, or START_OBJECT/START_ARRAY
                String value;
                if (parser.getCurrentToken() == .)
                {
                    value = "";
                    boolean first = true;
                    while (parser.nextToken() != .)
                    {
                        if (!firstvalue += ",";
                        first = false;
                        value += parser.getText();
                    }
                }
                else
                {
                    value = parser.getText();
                }
                parsed.put(fieldnamevalue);
            }
        } catch (JsonParseException e) {
            // JSON could not be parsed
            e.printStackTrace();
        } catch (IOException e) {
            // Rare exception
        }
        return parsed;
    }
    private TreeMap<StringStringpublishMessageValues(Map<StringStringparsedMessage){
        TreeMap<StringStringsignables = new TreeMap<StringString>();
        String[] keys = {  };
        for(String keykeys){
            if(parsedMessage.containsKey(key)){
                signables.put(keyparsedMessage.get(key));
            }
        }
        return signables;
    }
    private TreeMap<StringStringsubscribeMessageValues(Map<StringStringparsedMessage){
        TreeMap<StringStringsignables = new TreeMap<StringString>();
        String[] keys = {  };
        for(String keykeys){
            if(parsedMessage.containsKey(key)){
                signables.put(keyparsedMessage.get(key));
            }
        }
        return signables;
    }
New to GrepCode? Check out our FAQ X