def is_valid(self):
# check Application ID
sent_id = self.session['application']['applicationId']
if sent_id != settings.AMAZON_APPLICATION_ID:
# TODO: log
return False
# check timestamp
# TODO!
# check certificate URL
cert_chain_url = self.flask_request.headers.get('SignatureCertChainUrl')
if not cert_chain_url_valid(cert_chain_url):
# TODO: log
return False
# check signature
signature = self.flask_request.headers.get('Signature')
cert_text = parse_certificate(cert_chain_url)
request_body = self.flask_request.data
if not signature_valid(signature, cert_text, request_body):
# TODO: log
return False
return True
def test_cert_validation(self):
with open(self.cert_file) as f:
cert_text = f.read().strip()
with open(self.request_body_file) as f:
request_body = f.read().strip().encode('utf-8')
with open(self.signature_file) as f:
signature = f.read().strip()
self.assertTrue(signature_valid(signature, cert_text, request_body))
