1

当我们尝试订阅我们得到的 SNS 主题之一时signature validation failed

基本上我们在打电话sig.verify(Base64.getDecoder().decode(message.getSignature()));,在这里我们得到false了回应。结果签名验证失败。

我们在 AWS 控制台中检查了 SNS 主题,但没有发现任何问题。

下面是我们用来通过 SNS 访问的一段代码。(基于角色的访问)->

snsClient = AmazonSNSClientBuilder.standard().withRegion(awsRegionName).withCredentials(new InstanceProfileCredentialsProvider(true)).build();

下面的代码用于验证证书。

URL url = new URL(message.getSignatureCertURL());
            logger.debug("SnsClient.isMessageSignatureValid:: [url -> {} ] ", url.toURI().toString());
            InputStream inStream = url.openStream();
            CertificateFactory cf = CertificateFactory.getInstance("X.509");
            X509Certificate cert = (X509Certificate) cf.generateCertificate(inStream);
            inStream.close();

            Signature sig = Signature.getInstance("SHA1withRSA");
            sig.initVerify(cert.getPublicKey());
            sig.update(getMessageBytesToSign(message));
            logger.debug("SnsClient.isMessageSignatureValid:: [getMessageBytesToSign -> {} ] ",
                    getMessageBytesToSign(message));
            logger.debug("SnsClient.isMessageSignatureValid:: [sig -> {} ] ",
                    sig);
            logger.debug("SnsClient.isMessageSignatureValid:: [isMessageSignatureValid boolean-> {}] ",
                    sig.verify(Base64.getDecoder()
                            .decode(message.getSignature())));
            logger.debug("SnsClient.isMessageSignatureValid:: [isMessageSignatureValid -> {}] ",
                    Base64.getDecoder()
                            .decode(message.getSignature()));
            return sig.verify(Base64.getDecoder()
                    .decode(message.getSignature()));
4

0 回答 0