Class: AlexaWebService::Verify

Inherits:

Object

Object
AlexaWebService::Verify

show all

Defined in:: lib/alexa_web_service/verify.rb

Instance Method Summary collapse

#check_signature(certificate) ⇒ Object
#get_certificate ⇒ Object
#initialize(request_env, request_body) ⇒ Verify constructor

A new instance of Verify.
#valid_address? ⇒ Boolean
#valid_certificate?(certificate) ⇒ Boolean
#valid_timestamp? ⇒ Boolean
#verify_request ⇒ Object

Constructor Details

#initialize(request_env, request_body) ⇒ `Verify`

Returns a new instance of Verify.

# File 'lib/alexa_web_service/verify.rb', line 4

def initialize(request_env, request_body)
  @request_body = request_body
  @timestamp = JSON.parse(request_body)["request"]["timestamp"]
  @url = request_env["HTTP_SIGNATURECERTCHAINURL"]
  @signature = request_env["HTTP_SIGNATURE"]
  @digest = OpenSSL::Digest::SHA1.new
end

Instance Method Details

#check_signature(certificate) ⇒ `Object`



37
38
39

# File 'lib/alexa_web_service/verify.rb', line 37

def check_signature(certificate)
  certificate.public_key.verify(@digest, Base64.decode64(@signature), @request_body) rescue false
end

#get_certificate ⇒ `Object`

# File 'lib/alexa_web_service/verify.rb', line 27

def get_certificate
  begin
    OpenSSL::X509::Certificate.new HTTParty.get(@url)
  rescue TypeError
    "Bad Request"
  rescue OpenSSL::SSL::SSLError
    "Bad Request"
  end
end

#valid_address? ⇒ `Boolean`

Returns:

(Boolean)

# File 'lib/alexa_web_service/verify.rb', line 12

def valid_address?
  valid_address = /^https:\/\/s3.amazonaws.com(:443)?\/echo.api\/.*?$/
  @url == @url.match(valid_address)[0] rescue false
end

#valid_certificate?(certificate) ⇒ `Boolean`

Returns:

(Boolean)

# File 'lib/alexa_web_service/verify.rb', line 21

def valid_certificate?(certificate)
  certificate.subject.to_a.last.include?("echo-api.amazon.com") && 
  Time.now.utc > certificate.not_before && 
  Time.now.utc < certificate.not_after
end

#valid_timestamp? ⇒ `Boolean`

Returns:

(Boolean)



17
18
19

# File 'lib/alexa_web_service/verify.rb', line 17

def valid_timestamp?
  Time.now < DateTime.parse(@timestamp).to_time + 150 rescue false
end

#verify_request ⇒ `Object`

# File 'lib/alexa_web_service/verify.rb', line 41

def verify_request

  if valid_address? && valid_timestamp?
    @certificate = get_certificate
  else
    "Bad Request"
  end

  if valid_certificate?(@certificate)
    @verify = check_signature(@certificate)
  else
    "Invalid Certificate"
  end

  if @verify
    "OK"
  else
    "Invalid Signature"
  end
end

Class: AlexaWebService::Verify

Instance Method Summary collapse

Constructor Details

#initialize(request_env, request_body) ⇒ Verify

Instance Method Details

#check_signature(certificate) ⇒ Object

#get_certificate ⇒ Object

#valid_address? ⇒ Boolean

#valid_certificate?(certificate) ⇒ Boolean

#valid_timestamp? ⇒ Boolean

#verify_request ⇒ Object

#initialize(request_env, request_body) ⇒ `Verify`

#check_signature(certificate) ⇒ `Object`

#get_certificate ⇒ `Object`

#valid_address? ⇒ `Boolean`

#valid_certificate?(certificate) ⇒ `Boolean`

#valid_timestamp? ⇒ `Boolean`

#verify_request ⇒ `Object`