-
My application has verification validation for incoming SNS messages on a subscriber as documented here: https://docs.aws.amazon.com/sns/latest/dg/sns-verify-signature-of-message.html From what i can tell, the signature and other message data is hard coded: https://github.com/getmoto/moto/blob/master/moto/sns/models.py#L306C14-L306C28 So when my code tries to validate the signature/cert url, moto is using a hard coded url of : https://sns.us-east-1.amazonaws.com/SimpleNotificationService-f3ecfb7224c7233fe7bb5f59f96de52f.pem Is there any plans to support a url that would hit moto and allow this verification run as it would in my production environment? |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 3 replies
-
Hi @surgiie, I haven't looked too deeply into the details, but that definitely sounds possible. Can you share a simplified test case, that passes against AWS, but fails against Moto? |
Beta Was this translation helpful? Give feedback.
-
Moto >= 5.0.14.dev19 now returns a One point to note - we use the So if the sample code that you provided would be changed to include this, I believe that should now work:
|
Beta Was this translation helpful? Give feedback.
Moto >= 5.0.14.dev19 now returns a
SigningCertificateURL
that points to a valid certificate.One point to note - we use the
cryptography
-library to create the certificate, and they don't supportSHA-1
anymore because it is not secure. So Moto always creates the certificate usingSHA-256
, and we return theSignatureVersion="2"
to reflect this.So if the sample code that you provided would be changed to include this, I believe that should now work: