Lambda SNS Message fix (#1579)

* Convert msg if from lambda * Add changelog entry
aws · Aug 24, 2017 · 09b5937 · 09b5937
1 parent d93dc7a
commit 09b5937
Show file tree

Hide file tree

Showing 3 changed files with 35 additions and 0 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,6 +1,8 @@
 Unreleased Changes
 ------------------
 
+* Feature - Aws::SNS - MessageVerifier now support Lamdba message verification
+
 2.10.32 (2017-08-23)
 ------------------
 

diff --git a/aws-sdk-resources/lib/aws-sdk-resources/services/sns/message_verifier.rb b/aws-sdk-resources/lib/aws-sdk-resources/services/sns/message_verifier.rb
@@ -59,6 +59,7 @@ def authentic?(message_body)
       #   verification.
       def authenticate!(message_body)
         msg = Json.load(message_body)
+        msg = convert_lambda_msg(msg) if is_from_lambda(msg)
         if public_key(msg).verify(sha1, signature(msg), canonical_string(msg))
           true
         else
@@ -69,6 +70,19 @@ def authenticate!(message_body)
 
       private
 
+      def is_from_lambda(message)
+        message.key? 'SigningCertUrl'
+      end
+
+      def convert_lambda_msg(message)
+        cert_url = message.delete('SigningCertUrl')
+        unsubscribe_url = message.delete('UnsubscribeUrl')
+
+        message['SigningCertURL'] = cert_url
+        message['UnsubscribeURL'] = unsubscribe_url
+        message
+      end
+
       def sha1
         OpenSSL::Digest::SHA1.new
       end

diff --git a/aws-sdk-resources/spec/services/sns/message_verifier_spec.rb b/aws-sdk-resources/spec/services/sns/message_verifier_spec.rb
@@ -23,6 +23,21 @@ module SNS
 }
       JSON
 
+      let(:lambda_message) { <<-JSON.strip }
+{
+  "Type" : "Notification",
+  "MessageId" : "5b324425-3d5e-4fdf-a3f6-f46b8f93df79",
+  "TopicArn" : "arn:aws:sns:eu-west-1:382739154790:for_justeat_aws_specs",
+  "Subject" : "sdfghdsfg",
+  "Message" : "dfgdsfg",
+  "Timestamp" : "2012-04-30T11:07:54.008Z",
+  "SignatureVersion" : "1",
+  "Signature" : "CTbst0fA37gbKnC0fiWK6HB0nQOr767MSLCJaWb0GyXc7283m1gozU3lRvOBaKP5Cwcj+clhR+rAN1m0Cp6W63oxBEu9n1Z50oyWx/tWtQd2j+MPaes+tNJSGohjHSe5qAqMwvYFYTZkbgFDFoWuVQLQuRj9I53hR1Eo3waHkJQ=",
+  "SigningCertUrl" : #{signing_cert_url.inspect},
+  "UnsubscribeUrl" : "https://sns.eu-west-1.amazonaws.com/?Action=Unsubscribe&SubscriptionArn=arn:aws:sns:eu-west-1:382739154790:for_justeat_aws_specs:674f4ab3-2d1d-4df9-b411-b8a336f0ef7d"
+}
+      JSON
+
       let(:cert) { <<-CERT.strip }
 -----BEGIN CERTIFICATE-----
 MIIE+TCCA+GgAwIBAgIQax6zU8p9DAWTsa4uy9uF1jANBgkqhkiG9w0BAQUFADCB
@@ -67,6 +82,10 @@ module SNS
           expect(verifier.authenticate!(message)).to be(true)
         end
 
+        it 'returns true for a valid lambda message' do
+          expect(verifier.authenticate!(lambda_message)).to be(true)
+        end
+
         it 'raises when the SigningCertURL is not https' do
           msg = Json.load(message)
           msg['SigningCertURL'] = msg['SigningCertURL'].sub(/https/, 'http')