1

I am sending SNS messages to a HTTP endpoint. I can pick up the message information from the JSON data but how do I authenticate the message and validate the message signature?

This is one of the messages:

{
  "Type": "Notification",
  "MessageId": "a1825ceb-aa86-531a-9712-09b49bb60b32",
  "TopicArn": "arn:aws:sns:us-west-2:xxxx:Test_Topic",
  "Message": "This is the message body",
  "Timestamp": "2019-05-22T11:13:52.513Z",
  "SignatureVersion": "1",
  "Signature": "abcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabc",
  "SigningCertURL": "https://sns.us-west-2.amazonaws.com/SimpleNotificationService-abcabcabc.pem",
  "UnsubscribeURL": "https://sns.us-west-2.amazonaws.com/?Action=Unsubscribe&SubscriptionArn=arn:aws:sns:us-west-2:yyy",
  "MessageAttributes": {
    "String2": {
      "Type": "String",
      "Value": "This is the second string"
    },
    "String1": {
      "Type": "String",
      "Value": "This is the first string"
    }
  }
}

How do I check that the Message Signature is valid?

Dec
  • 15
  • 8

1 Answers1

1

I'm using the Message class from the AWSSDK Utils, here is the code.

var msg = await ReadBody();

var message = Message.ParseMessage(msg);

if (!message.IsMessageSignatureValid())

this is the package Amazon.SimpleNotificationService.Util.Message.

Hope this helps.

Nicolas Rubiano
  • 26
  • 2
  • Hi Nicolas, I figured out how to do it almost exactly as you have described above about 2 months ago and should have updated the question here. Thanks for your help anyway! – Dec May 05 '20 at 23:25
  • Hmmm, is that all it takes to verify the signature? Is it doing what's documented here: https://docs.aws.amazon.com/sns/latest/dg/sns-verify-signature-of-message.html – Marlon Allan Supetran Mar 30 '22 at 07:19