Skip to content

Instantly share code, notes, and snippets.

@twslankard
Created October 20, 2010 18:35
Show Gist options
  • Save twslankard/637020 to your computer and use it in GitHub Desktop.
Save twslankard/637020 to your computer and use it in GitHub Desktop.
Verifying Amazon SNS Notification Signatures
<?php
// get the raw HTTP post data
$postdata = file_get_contents('php://input');
// the post data is JSON, so let's decode it and grab the various fields
$json = json_decode($postdata);
$subject = $json->Subject;
$message = $json->Message;
$signature = $json->Signature;
$message_id = $json->MessageId;
$timestamp = $json->Timestamp;
$topic_arn = $json->TopicArn;
$type = $json->Type;
// decode the signature
$decoded_signature = base64_decode($signature);
// generate the canonical string that will be used to verify the signature
$data = "Message\n$message\nMessageId\n$message_id\n";
// only add the subject if it is set
if($subject != null) {
$data .= "Subject\n$subject\n";
}
$data .= "Timestamp\n$timestamp\nTopicArn\n$topic_arn\nType\n$type\n";
$data = utf8_encode($data);
// grab the Amazon SNS certificate file
$cert = file_get_contents("sns.pem");
// retrieve the public key from the certificate
$pkeyid = openssl_get_publickey($cert) or die("Couldn't read public key");
// verifiy the canonical string using the public key and the decoded signature
$ok = openssl_verify($data, $decoded_signature, $pkeyid, OPENSSL_ALGO_SHA1);
if ($ok == 1) {
// signature was good
} elseif ($ok == 0) {
// signature was bad
} else {
// and error occurred
}
// free the key from memory
openssl_free_key($pkeyid);
?>
@SK55555
Copy link

SK55555 commented Feb 26, 2018

how we get file_get_contents("sns.pem"); this sns.pem file .i know that we have to read SigningCERTURL but how can i get sns.pem ?????

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment