SNS Message Manager

[zoewangg]

This issue tracks the 2.x implementation of equivalent functionality to the 1.11.x SnsMessageManager

[henricook]

I wanted to use a library to validate incoming SNS messages (notifications received from an SES ConfigurationSet) and had to use v1 because of the lack of Message Manager. As i'm on a Scala project after validating i just parse it off into a case class and don't really make use of the rest of the library.

If it sounds like i've done the right thing for now, great and :+1: for future V2 integration of a validator of some sort. If you think i could have done the validation with V2 please do let me know!

[debora-ito]

Request from Java SDK v1:

A way to access the optional Message Attributes in the SnsMessage.

[debora-ito]

Request from Java SDK v1:

Ability to set a custom httpClient, so I can set proxy config.

For more context: https://github.com/aws/aws-sdk-java/issues/2710

[Saberos]

Any chance to also resolve this issue in the SDK v2 implementation: https://github.com/aws/aws-sdk-net/issues/1104?

Just ran into the same issue in the Java SDK v1 implementation. SNS->Lambda contains field SignatureCertUrl (docs) while SignatureChecker expects SignatureCertURL.

[lpellegr]

3 years after the initial report there is still no equivalent for a basic security check that I guess most SNS users should make...

[ryanthon]

Is there any update on implementing this?

[henricook]

Three years on and I'm still using V1 as in my original comment. If you want to provide a migration path off using SnsMessageManager instead of migrating it to V2 in code that could also be helpful

[kazaff]

Can't believe this problom is still existing. How can I verify the sns message by spring-cloud-aws-sns? Does anyone solve this issue?

[kazaff]

Three years on and I'm still using V1 as in my original comment. If you want to provide a migration path off using SnsMessageManager instead of migrating it to V2 in code that could also be helpful

Hi @henricook , I wonder that how you can still using V1? I mean the SNS service had been updated, but you can still use Public Key method to verfiy message? I have try to create a new topic and found that no where to get the public key ...

[henricook]

  private val messageManager = new SnsMessageManager(Regions.EU_WEST_1.getName)

  def parseMessage(messageBody: InputStream): Try[Unit] = Try(messageManager.parseMessage(messageBody))

Takes care of everything for you 🤷🏻 - this is what you can't do in V2 (it seems) currently

[kazaff]

  private val messageManager = new SnsMessageManager(Regions.EU_WEST_1.getName)

  def parseMessage(messageBody: InputStream): Try[Unit] = Try(messageManager.parseMessage(messageBody))

Takes care of everything for you 🤷🏻 - this is what you can't do in V2 (it seems) currently

Sorry, I can't understand your code... it's scala? I want make sure that you mixed use V1 (only for verification) and V2 (for rest of stuff) in your project? As far as I know, V1 verifies the message by Public Key, but this method don't support V2(at least I can't find the Public Key signature or something like that on V2 documents)..

[henricook]

No, i'm only using V1 in my project. I'm blocked from using V2 because I want the ability to verify received messages from SES/SNS-JSON-HTTP callbacks using the library, like I do in V1 with SnsMessageManager.

[kazaff]

No, i'm only using V1 in my project. I'm blocked from using V2 because I want the ability to verify received messages from SES/SNS-JSON-HTTP callbacks using the library, like I do in V1 with SnsMessageManager.

oh.. Got it. Thank you for your help, my bro.

[kazaff]

I have pushed some code to spring-cloud-aws(https://github.com/awspring/spring-cloud-aws/pull/684) which base on V2. It can verify the message by sns signingCertUrl.

Hope will help you guys.

[sindhu-cbs]

Hi All, any update on this issue? I'm using v1 for parseMessage() in SnsMessageManager.java. Is there an equivalent method in v2 to validate the authenticity of an incoming SNS message?

[StephanWels]

@sindhu-cbs - same here! Can't find the equivalent in v2. Guess we haver to stick to v1 for now?

[henricook]

Missing SnsMessageManager::parseMessage is the only reason we've been on V1 for the last four years+

[lpellegr]

As of July 31, 2024 v1 is deprecated but still no migration path for SnsMessageManager::parseMessage...

[henricook]

Is there some other way to parse a message/check its signature that I don't know about? It seems like such a bizarre gap 😅

[pbartoszek]

I am shocked it's not in v2 too...

[detinho]

Is there some other way to parse a message/check its signature that I don't know about? It seems like such a bizarre gap 😅

@henricook you have to do it manually as my current understanding. I seems to me that they are pushing to use SQS or other AWS services as a target endpoint.