Message Signature Verification
Scenarios
To ensure message security, SMN provides signature authentication for HTTP/HTTPS subscription confirmation messages, subscription cancellation messages, and notification messages. After you receive HTTP/HTTPS messages, check them based on the signatures.
Procedure
After receiving an HTTP/HTTPS message, check it with the following procedure:
- Verify the key-value pairs (which vary depending on the message type) contained in the message signature. For details, see Signature Strings for Different Message Types.
- Download the X509 certificate from the certificate URL (signing_cert_url) contained in the message.Note
The request to download the certificate is always sent over HTTPS. When you download a certificate, verify the identity of the certificate server.
- Extract the public key from the X509 certificate for verifying the message reliability and integrity.
- Determine which method will be used to verify the signature based on the message type (the type field in the message).
- Create signature strings. Obtain the signature parameters from the message and sort them in alphabetical order. Each parameter occupies a line, with its value following in the next line.
Signature Strings for Different Message Types
- Notification messages
- A notification message signature must contain the following parameters (If subject is left blank, omit subject in the signature):messagemessage_idsubjecttimestamptopic_urntype
- Example signature information for a notification messagemessageMy test messagemessage_id88c726942175432bac921eafd0036163subjectdemotimestamp2016-08-15T07:29:16Ztopic_urnurn:smn:regionId:74dc9e44d0cc4573adfce91cdfdd3ba9:xxxxtypeNotificationNote
Each parameter occupies a line and its value follows in the next line.
- A notification message signature must contain the following parameters (If subject is left blank, omit subject in the signature):
- Subscription confirmation and subscription cancellation messages
- A subscription confirmation or subscription cancellation message signature must contain the following parameters:messagemessage_idsubscribe_urltimestamptopic_urntype
- Example signature information for a subscription confirmation messagemessageYou are invited to subscribe to topic: urn:smn:regionId:d91989905b8449b896f3a4f0ad57222d:demo. To confirm this subscription, please visit the following SubscribeURL in this message.message_iddef5c309cbff44d5a870787ed937edf8subscribe_urlhttps://IP address/smn/subscription/confirm?Region ID&Token&Topic URN:demotimestamp2016-08-15T07:29:16Ztopic_urnurn:smn:regionId:d91989905b8449b896f3a4f0ad57222d:demotypeSubscriptionConfirmationNote
Each parameter occupies a line and its value follows in the next line.
- A subscription confirmation or subscription cancellation message signature must contain the following parameters:
Parent topic: HTTP/HTTPS Messages
- Scenarios
- Procedure
- Signature Strings for Different Message Types