Message Signature Verification

Scenarios

To ensure message security, SMN provides signature authentication for HTTP/HTTPS subscription confirmation messages, subscription cancellation messages, and notification messages. After you receive HTTP/HTTPS messages, check them based on the signatures.

Procedure

After receiving an HTTP/HTTPS message, check it with the following procedure:

1. Verify the key-value pairs (which vary depending on the message type) contained in the message signature. For details, see Signature Strings for Different Message Types.
2. Download the X509 certificate from the certificate URL (signing_cert_url) contained in the message.
   

   The request to download the certificate is always sent over HTTPS. When you download a certificate, verify the identity of the certificate server.

3. Extract the public key from the X509 certificate for verifying the message reliability and integrity.
4. Determine which method will be used to verify the signature based on the message type (the type field in the message).
5. Create signature strings. Obtain the signature parameters from the message and sort them in alphabetical order. Each parameter occupies a line, with its value following in the next line.

Signature Strings for Different Message Types

1. Notification messages
   • A notification message signature must contain the following parameters (If the value of subject is empty, do not include it in the signature):

     message
     message_id
     subject
     timestamp
     topic_urn
     type

   • For example, the signature information for a notification message is as follows:
     

     Each parameter occupies a line, with its value following in the next line.

     message
     My test message
     message_id
     88c726942175432bac921eafd0036163
     subject
     demo
     timestamp
     2016-08-15T07:29:16Z
     topic_urn
     urn:smn:regionId:74dc9e44d0cc4573adfce91cdfdd3ba9:xxxx
     type
     Notification

2. Subscription confirmation and subscription cancellation messages
   • A subscription confirmation or subscription cancellation message signature must contain the following parameters:

     message
     message_id
     subscribe_url
     timestamp
     topic_urn
     type

   • For example, the signature information for a subscription confirmation message is as follows:
     

     Each parameter occupies a line, with its value following in the next line.

     message
     You are invited to subscribe to topic: urn:smn:regionId:d91989905b8449b896f3a4f0ad57222d:demo. To confirm this subscription, Please visit the following SubscribeURL in this message.
     message_id
     def5c309cbff44d5a870787ed937edf8
     subscribe_url
     https://IP address/smn/subscription/confirm?Region ID&Token&Topic URN:demo
     timestamp
     2016-08-15T07:29:16Z
     topic_urn
     urn:smn:regionId:d91989905b8449b896f3a4f0ad57222d:demo
     type
     SubscriptionConfirmation