Net::Amazon::AlexaValidator - implements all security-related checks required for Amazon Alexa Skills.
my $alexa_validator = Net::Amazon::AlexaValidator->new({ application_id => 'my_application_id_from_amazon_dev_site', echo_domain => 'DNS:echo-api.amazon.com', cert_dir => '/tmp/', }); my $request = $c->req; # Requires a L<Catalyst::Request> object my $ret = $alexa_validator->validate_request($request);
Highlights of the validation include:
Verifies the Signature Certificate URL. Amazon's requirements are listed here: https://developer.amazon.com/public/solutions/alexa/alexa-skills-kit/docs/developing-an-alexa-skill-as-a-web-service#h2_verify_sig_cert
Downloads the PEM-encoded X.509 certificate chain that Alexa used to sign the message as specified by the SignatureCertChainUrl header value on the request.
Validates that the signing certificate has not expired (examine both the Not Before and Not After dates).
Validates that the domain echo-api.amazon.com is present in the Subject Alternative Names (SANs) section of the signing certificate.
Validates that all certificates in the chain combine to create a chain of trust to a trusted root CA certificate.
Base64-decodes the Signature header value on the request to obtain the encrypted signature.
Uses the public key extracted from the signing certificate to decrypt the encrypted signature to produce the asserted hash value. Generates a SHA-1 hash value from the full HTTPS request body to produce the derived hash value, and compares the asserted hash value and derived hash values to ensure that they match.
Checks the request timestamp to ensure that the request is not an old request being sent as part of a "replay" attack.
The echo domain that must be present in the Subject Alternative Names (SANs) section of the signing certificate
Application ID from your app's Amazon Alexa App settings
Directory in which to store your Alexa certificate, once validated
Verifies this is a valid Amazon Alexa request. Checks things like application_id, certificates, timestamp.
returns { success, error_msg }
To install Net::Amazon::AlexaValidator, copy and paste the appropriate command in to your terminal.
cpanm
cpanm Net::Amazon::AlexaValidator
CPAN shell
perl -MCPAN -e shell install Net::Amazon::AlexaValidator
For more information on module installation, please visit the detailed CPAN module installation guide.