Chilkat Examples

ChilkatHOMEAndroid™Classic ASPCC++C#Mono C#.NET Core C#C# UWP/WinRTDataFlexDelphi ActiveXDelphi DLLVisual FoxProJavaLianjaMFCObjective-CPerlPHP ActiveXPHP ExtensionPowerBuilderPowerShellPureBasicCkPythonChilkat2-PythonRubySQL ServerSwift 2Swift 3/4TclUnicode CUnicode C++Visual Basic 6.0VB.NETVB.NET UWP/WinRTVBScriptXojo PluginNode.jsExcelGo

Android™ Examples

Web API Categories

ASN.1
Amazon Glacier
Amazon S3
Amazon S3 (new)
Amazon SES
Amazon SNS
Amazon SQS
Async
Azure Cloud Storage
Azure Service Bus
Base64
Bounced Email
Box
CAdES
CSR
CSV
Certificates
Compression
DKIM / DomainKey
DSA
Diffie-Hellman
Digital Signatures
Dropbox
Dynamics CRM
ECC
Email Object
Encryption
FTP
FileAccess
Firebase
GMail REST API
Geolocation
Google APIs
Google Calendar
Google Cloud Storage
Google Drive
Google Photos
Google Sheets
Google Tasks
Gzip
HTML-to-XML/Text

HTTP
HTTP Misc
IMAP
JSON
JSON Web Encryption (JWE)
JSON Web Signatures (JWS)
JSON Web Token (JWT)
Java KeyStore (JKS)
MHT / HTML Email
MIME
Microsoft Graph
NTLM
OAuth1
OAuth2
OneDrive
OpenSSL
Outlook
PEM
PFX/P12
POP3
PRNG
REST
REST Misc
RSA Encryption
SCP
SFTP
SMTP
SSH
SSH Key
SSH Tunnel
SharePoint
Socket/SSL/TLS
Spider
Stream
Tar Archive
Upload
WebSocket
XAdES
XML
XML Digital Signatures
XMP
Zip
curl

 

 

 

(Android™) Verify Signature of Alexa Custom Skill Request

This example verifies the signature of an Alexa Custom Skill Request.

Chilkat Android™ Downloads

Android™ Java Libraries

Android C/C++ Libraries

// Important: Don't forget to include the call to System.loadLibrary
// as shown at the bottom of this code sample.
package com.test;

import android.app.Activity;
import com.chilkatsoft.*;

import android.widget.TextView;
import android.os.Bundle;

public class SimpleActivity extends Activity {

  private static final String TAG = "Chilkat";

  // Called when the activity is first created.
  @Override
  public void onCreate(Bundle savedInstanceState) {
    super.onCreate(savedInstanceState);

    // This example assumes you have a web service that will receive requests from Alexa.
    // A sample request sent by Alexa will look like the following:

    // Connection: Keep-Alive
    // Content-Length: 2583
    // Content-Type: application/json; charset=utf-8
    // Accept: application/json
    // Accept-Charset: utf-8
    // Host: your.web.server.com
    // User-Agent: Apache-HttpClient/4.5.x (Java/1.8.0_172)
    // Signature: dSUmPwxc9...aKAf8mpEXg==
    // SignatureCertChainUrl: https://s3.amazonaws.com/echo.api/echo-api-cert-6-ats.pem
    // 
    // {"version":"1.0","session":{"new":true,"sessionId":"amzn1.echo-api.session.433 ... }}

    // First, assume we've written code to get the 3 pieces of data we need:
    String signature = "dSUmPwxc9...aKAf8mpEXg==";
    String certChainUrl = "https://s3.amazonaws.com/echo.api/echo-api-cert-6-ats.pem";
    String jsonBody = "{\"version\":\"1.0\",\"session\":{\"new\":true,\"sessionId\":\"amzn1.echo-api.session.433 ... }}";

    // To validate the signature, we do the following:

    // First, download the PEM-encoded X.509 certificate chain that Alexa used to sign the message 
    CkHttp http = new CkHttp();
    CkStringBuilder sbPem = new CkStringBuilder();
    boolean success = http.QuickGetSb(certChainUrl,sbPem);
    if (success == false) {
        Log.i(TAG, http.lastErrorText());
        return;
        }

    CkPem pem = new CkPem();
    success = pem.LoadPem(sbPem.getAsString(),"passwordNotUsed");
    if (success == false) {
        Log.i(TAG, pem.lastErrorText());
        return;
        }

    // The 1st certificate should be the signing certificate.
    CkCert cert = pem.GetCert(0);
    if (pem.get_LastMethodSuccess() == false) {
        Log.i(TAG, pem.lastErrorText());
        return;
        }

    // Get the public key from the cert.
    CkPublicKey pubKey = cert.ExportPublicKey();
    if (cert.get_LastMethodSuccess() == false) {
        Log.i(TAG, cert.lastErrorText());

        return;
        }

    // Use the public key extracted from the signing certificate to decrypt the encrypted signature to produce the asserted hash value.
    CkRsa rsa = new CkRsa();
    success = rsa.ImportPublicKeyObj(pubKey);
    if (success == false) {
        Log.i(TAG, cert.lastErrorText());

        return;
        }

    // RSA "decrypt" the signature.
    // (Amazon's documentation is confusing, because we're simply verifiying the signature against the SHA-1 hash
    // of the request body.  This happens in a single call to VerifyStringENC...)
    rsa.put_EncodingMode("base64");
    boolean bVerified = rsa.VerifyStringENC(jsonBody,"sha1",signature);
    if (bVerified == true) {
        Log.i(TAG, "The signature is verified against the JSON body of the request. Yay!");
        }
    else {
        Log.i(TAG, "Sorry, not verified.  Crud!");
        }


  }

  static {
      System.loadLibrary("chilkat");

      // Note: If the incorrect library name is passed to System.loadLibrary,
      // then you will see the following error message at application startup:
      //"The application <your-application-name> has stopped unexpectedly. Please try again."
  }
}

 

© 2000-2019 Chilkat Software, Inc. All Rights Reserved.