Skip to content

Commit aa5a2bf

Browse files
nikhilymnikhilym
authored
Update os specific verifier constant path (#94)
This commit makes the following changes : - verfier_constants path from posix path to os specific path check, which helps in valid request verification in other than posix os. - default timestamp tolerance value from 30 seconds to 150 seconds. - The docstring links to the right documentation on developer docs. Thanks @JACTheCreator for raising #89 to get this to our attention.
1 parent 32896d5 commit aa5a2bf

File tree

1 file changed

+11
-10
lines changed

1 file changed

+11
-10
lines changed

ask-sdk-webservice-support/ask_sdk_webservice_support/verifier_constants.py

Lines changed: 11 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -15,44 +15,45 @@
1515
# specific language governing permissions and limitations under the
1616
# License.
1717
#
18+
import os
1819

1920
#: Header key to be used, to retrieve request header that contains the
2021
#: URL for the certificate chain needed to verify the request signature.
21-
#: For more info, check `link <https://developer.amazon.com/docs/custom-skills/host-a-custom-skill-as-a-web-service.html#checking-the-signature-of-the-request>`__.
22+
#: For more info, check `link <https://developer.amazon.com/docs/custom-skills/host-a-custom-skill-as-a-web-service.html#check-request-signature>`__.
2223
SIGNATURE_CERT_CHAIN_URL_HEADER = "SignatureCertChainUrl"
2324

2425
#: Header key to be used, to retrieve request header that contains the
2526
#: request signature.
26-
#: For more info, check `link <https://developer.amazon.com/docs/custom-skills/host-a-custom-skill-as-a-web-service.html#checking-the-signature-of-the-request>`__.
27+
#: For more info, check `link <https://developer.amazon.com/docs/custom-skills/host-a-custom-skill-as-a-web-service.html#check-request-signature>`__.
2728
SIGNATURE_HEADER = "Signature"
2829

2930
#: Case insensitive protocol to be checked on signature certificate url.
30-
#: For more info, check `link <https://developer.amazon.com/docs/custom-skills/host-a-custom-skill-as-a-web-service.html#cert-verify-signature-certificate-url>`__.
31+
#: For more info, check `link <https://developer.amazon.com/docs/custom-skills/host-a-custom-skill-as-a-web-service.html#check-request-signature>`__.
3132
CERT_CHAIN_URL_PROTOCOL = "https"
3233

3334
#: Case insensitive hostname to be checked on signature certificate url.
34-
#: For more info, check `link <https://developer.amazon.com/docs/custom-skills/host-a-custom-skill-as-a-web-service.html#cert-verify-signature-certificate-url>`__.
35+
#: For more info, check `link <https://developer.amazon.com/docs/custom-skills/host-a-custom-skill-as-a-web-service.html#check-request-signature>`__.
3536
CERT_CHAIN_URL_HOSTNAME = "s3.amazonaws.com"
3637

3738
#: Path presence to be checked on signature certificate url.
38-
#: For more info, check `link <https://developer.amazon.com/docs/custom-skills/host-a-custom-skill-as-a-web-service.html#cert-verify-signature-certificate-url>`__.
39-
CERT_CHAIN_URL_STARTPATH = "/echo.api/"
39+
#: For more info, check `link <https://developer.amazon.com/docs/custom-skills/host-a-custom-skill-as-a-web-service.html#check-request-signature>`__.
40+
CERT_CHAIN_URL_STARTPATH = "{0}echo.api{0}".format(os.path.sep)
4041

4142
#: Port to be checked on signature certificate url.
42-
#: For more info, check `link <https://developer.amazon.com/docs/custom-skills/host-a-custom-skill-as-a-web-service.html#cert-verify-signature-certificate-url>`__.
43+
#: For more info, check `link <https://developer.amazon.com/docs/custom-skills/host-a-custom-skill-as-a-web-service.html#check-request-signature>`__.
4344
CERT_CHAIN_URL_PORT = 443
4445

4546
#: Domain presence check in Subject Alternative Names (SANs) of
4647
#: signing certificate.
47-
#: For more info, check `link <https://developer.amazon.com/docs/custom-skills/host-a-custom-skill-as-a-web-service.html#checking-the-signature-of-the-request>`__.
48+
#: For more info, check `link <https://developer.amazon.com/docs/custom-skills/host-a-custom-skill-as-a-web-service.html#check-request-signature>`__.
4849
CERT_CHAIN_DOMAIN = "echo-api.amazon.com"
4950

5051
#: Character encoding used in the request.
5152
CHARACTER_ENCODING = "utf-8"
5253

5354
#: Default allowable tolerance in request timestamp.
54-
#: For more info, check `link <https://developer.amazon.com/docs/custom-skills/host-a-custom-skill-as-a-web-service.html#timestamp>`__.
55-
DEFAULT_TIMESTAMP_TOLERANCE_IN_MILLIS = 30000
55+
#: For more info, check `link <https://developer.amazon.com/docs/custom-skills/host-a-custom-skill-as-a-web-service.html#check-request-timestamp>`__.
56+
DEFAULT_TIMESTAMP_TOLERANCE_IN_MILLIS = 150000
5657

5758
#: Maximum allowable tolerance in request timestamp.
5859
#: For more info, check `link <https://developer.amazon.com/docs/smapi/skill-events-in-alexa-skills.html#delivery-of-events-to-the-skill>`__.

0 commit comments

Comments
 (0)