Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SpeechletRequestSignatureVerifier not using Signature.verify's output #2

Closed
mehnaazm opened this issue Feb 5, 2016 · 3 comments
Closed

SpeechletRequestSignatureVerifier not using Signature.verify's output #2

mehnaazm opened this issue Feb 5, 2016 · 3 comments

Comments

@mehnaazm
Copy link

mehnaazm commented Feb 5, 2016

URGENT.
SpeechletRequestSignatureVerifier this Class
signature.verify(Base64.decodeBase64(baseEncoded64Signature .getBytes(Sdk.CHARACTER_ENCODING)))
line 90 in code. returns true if valid and false if invalid. this is not being checked why?
@surajr-amzn
Copy link

We've applied a fix as part of commit 7411ac4246115f5d3db03d9477a6818ad57aa977 .

@marcolettieri
Copy link

marcolettieri commented Sep 1, 2016
edited

Why signature.verify returns always false to me, even if tested from service simulator?
Any ideas?

On the Speechlet servlet we do this:

try {
    byte[] serializedSpeechletRequest = IOUtils.toByteArray(request.getInputStream());
    AmazonSignatureVerifier.checkRequestSignature(serializedSpeechletRequest,
        request.getHeader("Signature"),request.getHeader("SignatureCertChainUrl"));
} catch (Exception e1) {
        e1.printStackTrace();
        int statusCode = HttpServletResponse.SC_BAD_REQUEST;
            response.setStatus(statusCode);
            return "{\"error\":\""+e1.getMessage()+"\"}";
}

@chenglim
Copy link

chenglim commented Jan 2, 2018

I'm having the same issue, always returning FALSE.

breedloj added a commit that referenced this issue May 17, 2018
@breedloj
Merge pull request #2 from alexa/2.0.x
7e672a0 
Sync with latest changes
@ts8ta ts8ta mentioned this issue Jun 15, 2018
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@chenglim @marcolettieri @mehnaazm @pvasudev-amzn @surajr-amzn