Open DayS1eeper opened 4 years ago
Expected behaviour (SNS) In Verifying the Signatures of Amazon SNS Messages https://docs.aws.amazon.com/sns/latest/dg/sns-verify-signature-of-message.html is specified that string to sign must contain Subject name-value pair if it is included in the message. It doesn't mean that Subject must be omitted if value of Subject key is empty string. In aws-php-sns-message-validator Subject field is omitted only when message doesn't contain it https://github.com/aws/aws-php-sns-message-validator/blob/ba6810807ac8936317021ccc14cdb1297d525ae1/src/MessageValidator.php#L162 , the same logic is present in Example Code for an Amazon SNS Endpoint Java Servlet https://docs.aws.amazon.com/sns/latest/dg/sns-example-code-endpoint-java-servlet.html
Verifying the Signatures of Amazon SNS Messages
string to sign
Subject
aws-php-sns-message-validator
Example Code for an Amazon SNS Endpoint Java Servlet
Current behaviour (goaws) Subject is omitted while creating string to sign if the value is empty string https://github.com/p4tin/goaws/blob/6ecd9bf473ad2b2a88dba5224957826665710dec/app/gosns/gosns.go#L257
It would be great if it were fixed.
As I am involved in other projects at the moment and you seem to have a grasp of the issue, I'd very much welcome a PR.
Expected behaviour (SNS) In
Verifying the Signatures of Amazon SNS Messages
https://docs.aws.amazon.com/sns/latest/dg/sns-verify-signature-of-message.html is specified thatstring to sign
must containSubject
name-value pair if it is included in the message. It doesn't mean thatSubject
must be omitted if value ofSubject
key is empty string. Inaws-php-sns-message-validator
Subject
field is omitted only when message doesn't contain it https://github.com/aws/aws-php-sns-message-validator/blob/ba6810807ac8936317021ccc14cdb1297d525ae1/src/MessageValidator.php#L162 , the same logic is present inExample Code for an Amazon SNS Endpoint Java Servlet
https://docs.aws.amazon.com/sns/latest/dg/sns-example-code-endpoint-java-servlet.htmlCurrent behaviour (goaws) Subject is omitted while creating
string to sign
if the value is empty string https://github.com/p4tin/goaws/blob/6ecd9bf473ad2b2a88dba5224957826665710dec/app/gosns/gosns.go#L257It would be great if it were fixed.