AWS::SNS::Verify - Verifies authenticity of SNS messages.
version 0.0105
my $body = request->body; # example fetch raw body from Dancer my $sns = AWS::SNS::Verify->new(body => $body); if ($sns->verify) { return $sns->message; }
This module will parse a message from Amazon Simple Notification Service and validate its signature. This way you know the message came from AWS and not some third-party. More info here: http://docs.aws.amazon.com/sns/latest/dg/SendMessageToHttp.verify.signature.html.
Constructor.
Required. JSON string posted by AWS SNS. Looks like:
{ "Type" : "Notification", "MessageId" : "a890c547-5d98-55e2-971d-8826fff56413", "TopicArn" : "arn:aws:sns:us-east-1:041977924901:foo", "Subject" : "test subject", "Message" : "test message", "Timestamp" : "2015-02-20T20:59:25.401Z", "SignatureVersion" : "1", "Signature" : "kzi3JBQz64uFAXG9ZuAwPI2gYW5tT7OF83oeHb8v0/XRPsy0keq2NHTCpQVRxCgPOJ/QUB2Yl/L29/W4hiHMo9+Ns0hrqyasgUfjq+XkVR1WDuYLtNaEA1vLnA0H9usSh3eVVlLhpYzoT4GUoGgstRVvFceW2QVF9EYUQyromlcbOVtVpKCEINAvGEEKJNGTXQQUkPUka3YMhHitgQg1WlFBmf+oweSYUEj8+RoguWsn6vluxD0VtIOGOml5jlUecfhDqnetF5pUVYMqCHPfHn6RBguiW+XD6XWsdKKxkjqo90a65Nlb72gPSRw6+sIEIgf4J39WFZK+FCpeSm0qAg==", "SigningCertURL" : "https://sns.us-east-1.amazonaws.com/SimpleNotificationService-d6d679a1d18e95c2f9ffcf11f4f9e198.pem", "UnsubscribeURL" : "https://sns.us-east-1.amazonaws.com/?Action=Unsubscribe&SubscriptionArn=arn:aws:sns:us-east-1:041977924901:foo:20b2d060-2a32-4506-9cb0-24b8b9e605e1", "MessageAttributes" : { "AWS.SNS.MOBILE.MPNS.Type" : {"Type":"String","Value":"token"}, "AWS.SNS.MOBILE.WNS.Type" : {"Type":"String","Value":"wns/badge"}, "AWS.SNS.MOBILE.MPNS.NotificationClass" : {"Type":"String","Value":"realtime"} } }
By default AWS::SNS::Verify will fetch the certificate string by issuing an HTTP GET request to SigningCertURL. The SigningCertURL in the message must be a AWS SNS endpoint.
SigningCertURL
If you wish to use a cached version, then pass it in.
If you're using a fake SNS server in your local test environment, the SigningCertURL won't be an AWS endpoint. If so, set validate_signing_cert_url to 0.
Don't ever do this in any kind of Production environment.
Returns a 1 on success, or die with an Ouch on a failure.
Returns a hash reference of the decoded body that was passed in to the constructor.
If you want to cache the certificate in a local cache, then get it using this method.
You should never need to call this, it decodes the base64 signature.
You should never need to call this, it fetches the signing certificate.
You should never need to call this, it generates the signature string required to verify the request.
You should never need to call this, it checks the validity of the certificate signing URL per https://github.com/aws/aws-php-sns-message-validator/blob/master/src/MessageValidator.php#L22
Requires Perl 5.12 or higher and these modules:
Ouch
JSON
HTTP::Tiny
MIME::Base64
Moo
Crypt::OpenSSL::RSA
Crypt::OpenSSL::X509
http://github.com/rizen/AWS-SNS-Verify
http://github.com/rizen/AWS-SNS-Verify/issues
JT Smith <jt_at_plainblack_dot_com>
AWS::SNS::Verify is Copyright 2015 Plain Black Corporation (http://www.plainblack.com) and is licensed under the same terms as Perl itself.
To install AWS::SNS::Verify, copy and paste the appropriate command in to your terminal.
cpanm
cpanm AWS::SNS::Verify
CPAN shell
perl -MCPAN -e shell install AWS::SNS::Verify
For more information on module installation, please visit the detailed CPAN module installation guide.