forked from docs/doc-exports
guoyanyan
c483984844
Reviewed-by: Hasko, Vladimir <vladimir.hasko@t-systems.com> Co-authored-by: guoyanyan <guoyanyan3@huawei.com> Co-committed-by: guoyanyan <guoyanyan3@huawei.com>
5.4 KiB
5.4 KiB
Message Signature Verification
Scenarios
To ensure message security, SMN provides signature authentication for HTTP/HTTPS subscription confirmation messages, subscription cancellation messages, and notification messages. After you receive HTTP/HTTPS messages, check them based on the signatures.
Procedure
After receiving an HTTP/HTTPS message, check it with the following procedure:
- Verify the key-value pairs (which vary depending on the message type) contained in the message signature. For details, see Signature Strings for Different Message Types.
- Download the X509 certificate from the certificate URL (signing_cert_url) contained in the message.
The request to download the certificate is always sent over HTTPS. When you download a certificate, verify the identity of the certificate server.
- Extract the public key from the X509 certificate for verifying the message reliability and integrity.
- Determine which method will be used to verify the signature based on the message type (the type field in the message).
- Create signature strings. Obtain the signature parameters from the message and sort them in alphabetical order. Each parameter occupies a line, with its value following in the next line.
Signature Strings for Different Message Types
- Notification messages
- A notification message signature must contain the following parameters (If the value of subject is empty, do not include it in the signature):
message message_id subject timestamp topic_urn type
- For example, the signature information for a notification message is as follows:
Each parameter occupies a line, with its value following in the next line.
message My test message message_id 88c726942175432bac921eafd0036163 subject demo timestamp 2016-08-15T07:29:16Z topic_urn urn:smn:regionId:74dc9e44d0cc4573adfce91cdfdd3ba9:xxxx type Notification
- A notification message signature must contain the following parameters (If the value of subject is empty, do not include it in the signature):
- Subscription confirmation and subscription cancellation messages
- A subscription confirmation or subscription cancellation message signature must contain the following parameters:
message message_id subscribe_url timestamp topic_urn type
- For example, the signature information for a subscription confirmation message is as follows:
Each parameter occupies a line, with its value following in the next line.
message You are invited to subscribe to topic: urn:smn:regionId:d91989905b8449b896f3a4f0ad57222d:demo. To confirm this subscription, Please visit the following SubscribeURL in this message. message_id def5c309cbff44d5a870787ed937edf8 subscribe_url https://IP address/smn/subscription/confirm?Region ID&Token&Topic URN:demo timestamp 2016-08-15T07:29:16Z topic_urn urn:smn:regionId:d91989905b8449b896f3a4f0ad57222d:demo type SubscriptionConfirmation
- A subscription confirmation or subscription cancellation message signature must contain the following parameters:
Parent topic: HTTP/HTTPS Messages