Interacting (launch/intent/etc) with the skill based on ASK SDK for Java fails because of certificate validation error

[Stvad]

Hey, I have a skill that is based on ASK SDK for Java and I'm trying to interact with it using bst.

The problem I'm facing is that all the requests are rejected with the following error Error: Invalid response: 400 Message: Missing signature/certificate for the provided skill request.

I saw that in the documentation you're recommending to run Java skills with -DdisableRequestSignatureCheck=true parameter, but I don't believe it applies to the ASK SDK (at least not it's current version).

Is there a way to work around this and make bst launch/intent/etc work for the skill using this platform?

[jkelvie]

Yes, I am not sure how to disable the signature checking on the latest version. It appears the disableSignatureCheck flag went away with version one. I'm looking for how to do it on V2. No luck so far.

[jkelvie]

I did a bit more digging - it does not seem there is an easy way to do this. My best recommendation - use reflection to access this property:
https://github.com/alexa/alexa-skills-kit-sdk-for-java/blob/2.0.x/ask-sdk-servlet-support/src/com/amazon/ask/servlet/SkillServlet.java#L79

And set it to an empty list. Though there is a constructor for passing in custom verifiers, it is not accessible. But you can use reflection on the field pretty easily to set that field (verifiers) to an empty list. Hope that makes sense - and I realize it is a hack (though a fairly simple one).

If I have the time I will send the maintainers a PR to keep using the old flag.

[Stvad]

Hey, @jkelvie thanks for looking into this!

Yeah, I've discovered more or less the same thing when I explored the ask sdk a few days ago and I didn't want to go reflection route at that point.

If I have the time I will send the maintainers a PR to keep using the old flag.

That'd be great!