/**
  * Validates a message from SNS to ensure that it was delivered by AWS
  *
  * @param Message $message The message to validate
  *
  * @throws CannotGetPublicKeyFromCertificateException If the certificate cannot be retrieved
  * @throws CertificateFromUnrecognizedSourceException If the certificate's source cannot be verified
  * @throws InvalidMessageSignatureException           If the message's signature is invalid
  */
 public function validate(Message $message)
 {
     // Get the cert's URL and ensure it is from AWS
     $certUrl = Url::factory($message->get('SigningCertURL'));
     $this->validateUrl($certUrl);
     // Get the cert itself and extract the public key
     $certificate = $this->client->get((string) $certUrl)->send()->getBody();
     $publicKey = openssl_get_publickey($certificate);
     if (!$publicKey) {
         throw new CannotGetPublicKeyFromCertificateException();
     }
     // Verify the signature of the message
     $stringToSign = $message->getStringToSign();
     $incomingSignature = base64_decode($message->get('Signature'));
     if (!openssl_verify($stringToSign, $incomingSignature, $publicKey, OPENSSL_ALGO_SHA1)) {
         throw new InvalidMessageSignatureException();
     }
 }
 /**
  * Validates a message from SNS to ensure that it was delivered by AWS
  *
  * @param Message $message The message to validate
  *
  * @throws MessageValidatorException If the certificate cannot be
  *     retrieved, if the certificate's source cannot be verified, or if the
  *     message's signature is invalid.
  */
 public function validate(Message $message)
 {
     // Get and validate the URL for the certificate.
     $certUrl = Url::fromString($message->get('SigningCertURL'));
     $this->validateUrl($certUrl);
     // Get the cert itself and extract the public key
     $certificate = $this->client->get((string) $certUrl)->getBody();
     $key = openssl_get_publickey($certificate);
     if (!$key) {
         throw new MessageValidatorException('Cannot get the public key ' . 'from the certificate.');
     }
     // Verify the signature of the message
     $content = $message->getStringToSign();
     $signature = base64_decode($message->get('Signature'));
     if (!openssl_verify($content, $signature, $key, OPENSSL_ALGO_SHA1)) {
         throw new MessageValidatorException('The message signature is ' . 'invalid.');
     }
 }
Beispiel #3
0
 /**
  * @dataProvider getDataForStringToSignTest
  */
 public function testBuildsStringToSignCorrectly(array $messageData, $expectedSubject, $expectedStringToSign)
 {
     $message = new Message(new Collection($messageData));
     $this->assertEquals($expectedSubject, $message->get('Subject'));
     $this->assertEquals($expectedStringToSign, $message->getStringToSign());
 }