Start line:  
End line:  

Snippet Preview

Snippet HTML Code

Stack Overflow Questions
   * Copyright 2010, Inc. or its affiliates. All Rights Reserved.
   * Licensed under the Apache License, Version 2.0 (the "License").
   * You may not use this file except in compliance with the License.
   * A copy of the License is located at
  * or in the "license" file accompanying this file. This file is distributed
  * express or implied. See the License for the specific language governing
  * permissions and limitations under the License.
 import java.util.Map;
Utility for validating signatures on a Simple Notification Service JSON message.
 public class SignatureChecker {
     private Signature sigChecker;
     private final String NOTIFICATION_TYPE = "Notification";
     private final String SUBSCRIBE_TYPE = "SubscriptionConfirmation";
     private final String UNSUBSCRIBE_TYPE = "UnsubscriptionConfirmation";
     private final String TYPE = "Type";
     private final String SUBSCRIBE_URL = "SubscribeURL";
     private final String MESSAGE = "Message";
     private final String TIMESTAMP = "Timestamp";
     private final String SIGNATURE_VERSION = "SignatureVersion";
     private final String SIGNATURE = "Signature";
     private final String MESSAGE_ID = "MessageId";
     private final String SUBJECT = "Subject";
     private final String TOPIC = "TopicArn";
     private final String TOKEN = "Token";

Validates the signature on a Simple Notification Service message. No Amazon-specific dependencies, just plain Java crypto and Jackson for parsing

message A JSON-encoded Simple Notification Service message. Note: the JSON may be only one level deep.
publicKey The Simple Notification Service public key, exactly as you'd see it when retrieved from the cert.
True if the message was correctly validated, otherwise false.
     public boolean verifyMessageSignature(String messagePublicKey publicKey) {
         boolean valid = false;
         // extract the type and signature parameters
         Map<StringStringparsed = parseJSON(message);
         String version = parsed.get();
         if (version.equals("1")) {
             // construct the canonical signed string
             String type = parsed.get();
             String signature = parsed.get();
             String signed = "";
             if (type.equals()) {
                 signed = stringToSign(publishMessageValues(parsed));
             } else if (type.equals()) {
                 signed = stringToSign(subscribeMessageValues(parsed));
             } else if (type.equals()) {
                 signed = stringToSign(subscribeMessageValues(parsed)); // no difference, for now
             } else {
                 throw new RuntimeException("Cannot process message of type " + type);
             valid = verifySignature(signedsignaturepublicKey);
         return valid;

Does the actual Java cryptographic verification of the signature. This method does no handling of the many rare exceptions it is required to catch.

message Exact string that was signed
signature Base64-encoded signature of the message
    public boolean verifySignature(String messageString signaturePublicKey publicKey){
        boolean result = false;
        byte[] sigbytes = null;
        try {
            sigbytes = Base64.decodeBase64(signature.getBytes());
             = Signature.getInstance("SHA1withRSA"); //check the signature
            result = .verify(sigbytes);
        } catch (NoSuchAlgorithmException e) {
            // Rare exception: JVM does not support SHA1 with RSA
        } catch (InvalidKeyException e) {
            // Rare exception: The private key was incorrectly formatted
        } catch (SignatureException e) {
            // Rare exception: Catch-all exception for the signature checker
        return result;
    protected String stringToSign(SortedMap<StringStringsignables) {
        // each key and value is followed by a newline
        StringBuilder sb = new StringBuilder();
        for(String ksignables.keySet()){
        String result = sb.toString();
        return result;
    private Map<StringStringparseJSON(String jsonmessage){
        Map<StringStringparsed = new HashMap<StringString>();
        JsonFactory jf = new JsonFactory();
        try {
            JsonParser parser = jf.createJsonParser(jsonmessage);
            parser.nextToken(); //shift past the START_OBJECT that begins the JSON
            while (parser.nextToken() != .) {
                String fieldname = parser.getCurrentName();
                parser.nextToken(); // move to value, or START_OBJECT/START_ARRAY
                String value = parser.getText();
        } catch (JsonParseException e) {
            // JSON could not be parsed
        } catch (IOException e) {
            // Rare exception
        return parsed;
    private TreeMap<StringStringpublishMessageValues(Map<StringStringparsedMessage){
        TreeMap<StringStringsignables = new TreeMap<StringString>();
        String[] keys = {  };
        for(String keykeys){
        return signables;
    private TreeMap<StringStringsubscribeMessageValues(Map<StringStringparsedMessage){
        TreeMap<StringStringsignables = new TreeMap<StringString>();
        String[] keys = {  };
        for(String keykeys){
        return signables;
New to GrepCode? Check out our FAQ X