Start line:  
End line:  

Snippet Preview

Snippet HTML Code

Stack Overflow Questions
  /*
   * Copyright 2010 Amazon.com, Inc. or its affiliates. All Rights Reserved.
   *
   * Licensed under the Apache License, Version 2.0 (the "License").
   * You may not use this file except in compliance with the License.
   * A copy of the License is located at
   *
   *  http://aws.amazon.com/apache2.0
   *
  * or in the "license" file accompanying this file. This file is distributed
  * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
  * express or implied. See the License for the specific language governing
  * permissions and limitations under the License.
  */
 package com.amazonaws.services.sns.util;
 
 import java.util.Map;
 
Utility for validating signatures on a Simple Notification Service JSON message.
 
 public class SignatureChecker {
 
     private Signature sigChecker;
 
     private final String NOTIFICATION_TYPE = "Notification";
     private final String SUBSCRIBE_TYPE = "SubscriptionConfirmation";
     private final String UNSUBSCRIBE_TYPE = "UnsubscriptionConfirmation";
 
     private final String TYPE = "Type";
     private final String SUBSCRIBE_URL = "SubscribeURL";
     private final String MESSAGE = "Message";
     private final String TIMESTAMP = "Timestamp";
     private final String SIGNATURE_VERSION = "SignatureVersion";
     private final String SIGNATURE = "Signature";
     private final String MESSAGE_ID = "MessageId";
     private final String SUBJECT = "Subject";
     private final String TOPIC = "TopicArn";
     private final String TOKEN = "Token";

    
Validates the signature on a Simple Notification Service message. No Amazon-specific dependencies, just plain Java crypto and Jackson for parsing

Parameters:
message A JSON-encoded Simple Notification Service message. Note: the JSON may be only one level deep.
publicKey The Simple Notification Service public key, exactly as you'd see it when retrieved from the cert.
Returns:
True if the message was correctly validated, otherwise false.
 
     public boolean verifyMessageSignature(String messagePublicKey publicKey) {
         boolean valid = false;
         // extract the type and signature parameters
         Map<StringStringparsed = parseJSON(message);
         String version = parsed.get();
         if (version.equals("1")) {
             // construct the canonical signed string
             String type = parsed.get();
             String signature = parsed.get();
             String signed = "";
             if (type.equals()) {
                 signed = stringToSign(publishMessageValues(parsed));
             } else if (type.equals()) {
                 signed = stringToSign(subscribeMessageValues(parsed));
             } else if (type.equals()) {
                 signed = stringToSign(subscribeMessageValues(parsed)); // no difference, for now
             } else {
                 throw new RuntimeException("Cannot process message of type " + type);
             }
             valid = verifySignature(signedsignaturepublicKey);
         }
         return valid;
     }

    
Does the actual Java cryptographic verification of the signature. This method does no handling of the many rare exceptions it is required to catch.

Parameters:
message Exact string that was signed
signature Base64-encoded signature of the message
Returns:
    public boolean verifySignature(String messageString signaturePublicKey publicKey){
        boolean result = false;
        byte[] sigbytes = null;
        try {
            sigbytes = Base64.decodeBase64(signature.getBytes());
             = Signature.getInstance("SHA1withRSA"); //check the signature
            .initVerify(publicKey);
            .update(message.getBytes());
            result = .verify(sigbytes);
        } catch (NoSuchAlgorithmException e) {
            // Rare exception: JVM does not support SHA1 with RSA
        } catch (InvalidKeyException e) {
            // Rare exception: The private key was incorrectly formatted
        } catch (SignatureException e) {
            // Rare exception: Catch-all exception for the signature checker
        }
        return result;
    }
    protected String stringToSign(SortedMap<StringStringsignables) {
        // each key and value is followed by a newline
        StringBuilder sb = new StringBuilder();
        for(String ksignables.keySet()){
            sb.append(k).append("\n");
            sb.append(signables.get(k)).append("\n");
        }
        String result = sb.toString();
        return result;
    }
    private Map<StringStringparseJSON(String jsonmessage){
        Map<StringStringparsed = new HashMap<StringString>();
        JsonFactory jf = new JsonFactory();
        try {
            JsonParser parser = jf.createJsonParser(jsonmessage);
            parser.nextToken(); //shift past the START_OBJECT that begins the JSON
            while (parser.nextToken() != .) {
                String fieldname = parser.getCurrentName();
                parser.nextToken(); // move to value, or START_OBJECT/START_ARRAY
                String value = parser.getText();
                parsed.put(fieldnamevalue);
            }
        } catch (JsonParseException e) {
            // JSON could not be parsed
            e.printStackTrace();
        } catch (IOException e) {
            // Rare exception
        }
        return parsed;
    }
    private TreeMap<StringStringpublishMessageValues(Map<StringStringparsedMessage){
        TreeMap<StringStringsignables = new TreeMap<StringString>();
        String[] keys = {  };
        for(String keykeys){
            if(parsedMessage.containsKey(key)){
                signables.put(keyparsedMessage.get(key));
            }
        }
        return signables;
    }
    private TreeMap<StringStringsubscribeMessageValues(Map<StringStringparsedMessage){
        TreeMap<StringStringsignables = new TreeMap<StringString>();
        String[] keys = {  };
        for(String keykeys){
            if(parsedMessage.containsKey(key)){
                signables.put(keyparsedMessage.get(key));
            }
        }
        return signables;
    }
New to GrepCode? Check out our FAQ X