stackoom
  简体   繁体   中英

SNS verification using the AWS SDK for Java, version 2

 原文  2021-08-18 09:55:45       java/ amazon-sns

Question

I use AWS SDK for Java 2.x, dependency software.amazon.awssdk:sns

I receive message from sns topic via http. I'm wondering if there're any official or non-official but well-supported libraries that can do verification of signature.

I've implemented verification using code snippets from https://docs.aws.amazon.com/sns/latest/dg/sns-example-code-endpoint-java-servlet.html , but perhaps better solution is existing

public void verifySignature(SnsMessage message) {
        String signatureVersion = message.getSignatureVersion();
        if (signatureVersion.equals("1")) {
            // Check the signature and throw an exception if the signature verification fails.
            if (isMessageSignatureVersion1Valid(message)) {
                log.info("Signature verification succeeded");
            } else {
                log.info("Signature verification failed");
                throw new SecurityException("Signature verification failed.");
            }
        } else {
            log.info("Unexpected signature version. Unable to verify signature.");
            throw new SecurityException("Unexpected signature version. Unable to verify signature.");
        }
    }

3 answers

solution1
 1  2021-08-19 08:53:16

At the time of writing (August 2021) AWS SDK for Java 2.x doesn't yet support all the features of AWS SDK for Java 1.x. But fortunately, you can use them side-by-side. Quote from the official documentation :

You can use both versions of the AWS SDK for Java in your projects.

And in 1.x you have SnsMessageManager that apparently does the job:

public class SnsMessageManager

extends Object

Unmarshalls an SNS message and validates it using the SNS public certificate.

solution2
 1  2021-08-19 12:23:33

Perhaps adding a snippet for isMessageSignatureVersion1Valid() would help as well?

solution3
 0  2022-08-26 11:18:30

For latest version of SNS SDK at the moment 1.12.286 - signature verification is done automatically during message deserialization to SnsMessage object.

You can use SnsMessageManager#parseMessage to deserialize incoming message to SnsMessage object.

From SNS SDK javadoc :

Unmarshalls a message into a subclass of SnsMessage. This will automatically validate the authenticity of the mesage to ensure it was sent by SNS. If the validity of the message cannot be verified an exception will be thrown. Params: messageBody – Input stream containing message JSON. Returns: Unmarshalled message object.

It's clear from SNS SDK source code as well:

SnsMessageManager#parseMessage -> SignatureVerifier#verifySignature

So something like this will work:

InputStream messageInputStream = "<message received from SNS>"
SnsMessage snsMessage = new SnsMessageManager().parseMessage(messageInputStream)

See this part of SNS documentation is useful for signature verification details.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Getting the subscription list under a topic in SNS via AWS SDK for Java What Json string should it be to send SNS (AWS) message for iOS with sound by AWS Java SDK? AWS Java SDK Version For Creating a Lambda CLI command to Get aws sdk for java version Download file from URL and upload it to AWS S3 without saving into memory using AWS SDK for Java, version 2 Upload a InputStream to AWS s3 asynchronously (non-blocking) using AWS SDK for Java, version 2 How to configure SNS delivery status with the AWS SDK? AWS configure get using aws java sdk Localstack - Access SNS via java aws sdk : NoSuchFieldError: ENDPOINT_OVERRIDDEN How do I set AWS SNS message attribute values with spring-cloud-aws-messaging or aws-java-sdk?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM