Error: the message signature is invalid #30
Comments
|
FTR, and I don't want to finger point to anyone, we recently integrated SES webhooks message validation and naturally found this package but ultimately found many characteristics not making it to run in production. We didn't even tried to use it once due to this so we didn't realize it may even not work correctly. What guided us to a solution was https://cloudonaut.io/verify-sns-messages-delivered-via-http-or-https-in-node-js/ and together with the docs implemented our own. Sorry I can't share the code, I just checked it and it's to intertwined with our infrastructure stuff. But fetching and caching the certificate LRU style was definitely necessary for us to get this "production grade". |
|
This package stopped working for us on Nov 10, with the error @JoeyAlain mentions. Does anyone know why? What has changed? |
|
@p3v9d5ui and others who come across this, I did manage to solve this, and we're using this package successfully to validate signatures. For us, the issue was that we were passing a modified message to the validator. You must pass the raw message, allow me to explain. From AWS, we receive an encoded payload. It has a bunch of top level parameters, and then a {Message} object. This child {Message} object has additional escaping. The instructions for using this validator indicate you must pass the parsed payload directly to the validator, but you should not be unencoding anything beyond that. For us, the proper object to pass if we were to output it to the console, was a JSON string where the top level elements were all properly unescaped, but the interior {Message} object was still escaped. There were also odd spaces etc littered throughout. All of these extra escapes and spaces MUST BE preserved and left. If you run it through a parser/unencoding operation again, the message will fail and that was our problem. Once we began pushing this raw, parsed once payload object to the validator, it began working properly. And to test of course, modifying anything in the string causes the validator to fail, as it should. Good luck! |
|
Thanks @JoeyAlain . I've just experimented with this and could also get it working.... but why? Neither our code nor the library have been changed in a long time, so why did it suddenly stop working? Do you know if SNS changed their notification format in any way? |
|
I've narrowed down the issue to a single character difference. Now, I can get it to work simply by doing this:
It seems that the Message payload has a trailing new-line, and I guess the JSON.parse() operation strips this. Perhaps this extra new-line at the end is a recent change to SNS notifications. |
|
I have used this lib it supports promise & certificate cache & you can pass body directly it handles initial JSON parse if string is passed: |
|
For me, the validation fails when a notification Message contains diamonds "�". |
I'm getting "Error: the message signature is invalid" when I run this. I've used console.log to confirm several of the required components (certificate, signature) as well as confirm logical mechanics (missing keys, cert URL inaccessible). Everything seems to be checking out, yet it's coming back each time indicating invalid.
I've also tried access the message object at various places, from index.js and from the dependent node packages, to ensure everything is being passed around and everything looks good. I'm parsing the initial message string into a parsed JS object, and passing that to the MessageValidator constructor.
Any thoughts would be great. I'm using the latest version, 0.3.4.
For reference, a snapshot of the base project index.js which is attempting to kick this off, just in case I've done something wrong here.
The text was updated successfully, but these errors were encountered: