-
Notifications
You must be signed in to change notification settings - Fork 2.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SNS - SES Notification - Invalid signature if special characters are present #2340
Comments
@debora-ito |
Can you provide a code sample that I can use to reproduce? |
@debora-ito I've made a simple Tomcat Web Application, since this is the usecase that I currently have: I hope this helps! |
Ok, I made a simple unit test method that didn't reproduce the issue. The validation was successful through a unit test, but not with an HTTP request to the web application. I put a breakpoint inside When using the unit test, I got a I noticed that if I specify a charset whtn using
So I believe an explicit Charset has to be provided for the signature checker. I don't know if it falls within the scope of the SDK or if I should handle the encoding myself before sending the InputStream |
Ok, I verified it to be the case: Since a specific encoding is required for the signature verifiction, I believe it has to be explicitly set within the SDK |
Quick update: I'm still working on the repro case set up, will work on the issue this week. |
@jplippi apologies for losing track of this. Since you identified the issue was in the encoding of the signature checker, at this point I'll recommend you add the encoding to your application. If we add the encoding to the SDK, there's a risk we'll be double-encoding the content for customers who already added the encoding to their code, and this will be a breaking change. |
When receiving SES notifications through an HTTP/S endpoint subscribed to a SNS topic, the SDK cannot validate the signature if the string to sign contains special characters, such as
á
orç
Describe the bug
Signature verification fails when the string to sign resulting of the notification contains special characters. Since the string signature contains the email subject, the subject is susceptible to contain special characters
Expected Behavior
Signature validation passes
Current Behavior
Signature validation fails
Steps to Reproduce
SnsMessageManager().handleMessage(inputStream, SnsMessageHandler())
SnsMessageHandler
will throw an exceptionSdkClientException("Signature in SNS message was invalid")
Context
When trying to verify the signature of the SNS message to handle email bounces and complaints, signature validation would fail only for emails that contained special characters on the subject field
Your Environment
The text was updated successfully, but these errors were encountered: