Message Signature Verification

Scenarios

To ensure message security, SMN provides signature authentication for HTTP/HTTPS subscription confirmation messages, subscription cancellation messages, and notification messages. After you receive HTTP/HTTPS messages, check them based on the signatures.

Procedure

After receiving an HTTP/HTTPS message, check it with the following procedure:

  1. Verify the key-value pairs (which vary depending on the message type) contained in the message signature. For details, see Signature Strings for Different Message Types.

  2. Download the X509 certificate from the certificate URL (signing_cert_url) contained in the message.

    Note

    The request to download the certificate is always sent over HTTPS. When you download a certificate, verify the identity of the certificate server.

  3. Extract the public key from the X509 certificate for verifying the message reliability and integrity.

  4. Determine which method will be used to verify the signature based on the message type (the type field in the message).

  5. Create signature strings. Obtain the signature parameters from the message and sort them in alphabetical order. Each parameter occupies a line, with its value following in the next line.

Signature Strings for Different Message Types

  1. Notification messages

    • A notification message signature must contain the following parameters (If the value of subject is empty, do not include it in the signature):

      message
message_id
subject
timestamp
topic_urn
type

    • For example, the signature information for a notification message is as follows:

      Note

      Each parameter occupies a line, with its value following in the next line.

      message
My test message
message_id
88c726942175432bac921eafd0036163
subject
demo
timestamp
2016-08-15T07:29:16Z
topic_urn
urn:smn:regionId:74dc9e44d0cc4573adfce91cdfdd3ba9:xxxx
type
Notification

  2. Subscription confirmation and subscription cancellation messages

    • A subscription confirmation or subscription cancellation message signature must contain the following parameters:

      message
message_id
subscribe_url
timestamp
topic_urn
type

    • For example, the signature information for a subscription confirmation message is as follows:

      Note

      Each parameter occupies a line, with its value following in the next line.

      message
You are invited to subscribe to topic: urn:smn:regionId:d91989905b8449b896f3a4f0ad57222d:demo. To confirm this subscription, Please visit the following SubscribeURL in this message.
message_id
def5c309cbff44d5a870787ed937edf8
subscribe_url
https://IP address/smn/subscription/confirm?Region ID&Token&Topic URN:demo
timestamp
2016-08-15T07:29:16Z
topic_urn
urn:smn:regionId:d91989905b8449b896f3a4f0ad57222d:demo
type
SubscriptionConfirmation
last updated: 2024-05-19 01:09