/** * Validates a message from SNS to ensure that it was delivered by AWS * * @param Message $message The message to validate * * @throws CannotGetPublicKeyFromCertificateException If the certificate cannot be retrieved * @throws CertificateFromUnrecognizedSourceException If the certificate's source cannot be verified * @throws InvalidMessageSignatureException If the message's signature is invalid */ public function validate(Message $message) { // Get the cert's URL and ensure it is from AWS $certUrl = Url::factory($message->get('SigningCertURL')); $this->validateUrl($certUrl); // Get the cert itself and extract the public key $certificate = $this->client->get((string) $certUrl)->send()->getBody(); $publicKey = openssl_get_publickey($certificate); if (!$publicKey) { throw new CannotGetPublicKeyFromCertificateException(); } // Verify the signature of the message $stringToSign = $message->getStringToSign(); $incomingSignature = base64_decode($message->get('Signature')); if (!openssl_verify($stringToSign, $incomingSignature, $publicKey, OPENSSL_ALGO_SHA1)) { throw new InvalidMessageSignatureException(); } }
/** * Validates a message from SNS to ensure that it was delivered by AWS * * @param Message $message The message to validate * * @throws MessageValidatorException If the certificate cannot be * retrieved, if the certificate's source cannot be verified, or if the * message's signature is invalid. */ public function validate(Message $message) { // Get and validate the URL for the certificate. $certUrl = Url::fromString($message->get('SigningCertURL')); $this->validateUrl($certUrl); // Get the cert itself and extract the public key $certificate = $this->client->get((string) $certUrl)->getBody(); $key = openssl_get_publickey($certificate); if (!$key) { throw new MessageValidatorException('Cannot get the public key ' . 'from the certificate.'); } // Verify the signature of the message $content = $message->getStringToSign(); $signature = base64_decode($message->get('Signature')); if (!openssl_verify($content, $signature, $key, OPENSSL_ALGO_SHA1)) { throw new MessageValidatorException('The message signature is ' . 'invalid.'); } }
/** * @dataProvider getDataForStringToSignTest */ public function testBuildsStringToSignCorrectly(array $messageData, $expectedSubject, $expectedStringToSign) { $message = new Message(new Collection($messageData)); $this->assertEquals($expectedSubject, $message->get('Subject')); $this->assertEquals($expectedStringToSign, $message->getStringToSign()); }