Package io.micronaut.aws.alexa.httpserver.verifiers

Class SkillRequestTimestampVerifier

java.lang.Object

io.micronaut.aws.alexa.httpserver.verifiers.SkillRequestTimestampVerifier

All Implemented Interfaces:

SkillServletVerifier

public class SkillRequestTimestampVerifier
extends Object
implements SkillServletVerifier

NOTICE: This class is forked from https://github.com/alexa/alexa-skills-kit-sdk-for-java ask-sdk-servlet-support module Verifies whether or not timestamps are valid within a certain tolerance.

Every request sent by Alexa includes a timestamp. This information is part of the signed portion of the request, so it cannot be changed without also invalidating the request signature. Using this timestamp to verify the freshness of the request before responding protects the client's service from attackers attempting a "replay" attack in which they acquire a properly signed request and then repeatedly resend it to disrupt your service.

See Also:

• Checking the Timestamp of the Request

Constructor Summary

Constructors

Constructor	Description
SkillRequestTimestampVerifier(long toleranceInMilliseconds)	Constructs a new timestamp verifier with the provided tolerance milliseconds.
SkillRequestTimestampVerifier(long tolerance, TimeUnit timeUnit)	Constructs a new timestamp verifier with the provided tolerance and timeUnit.

Method Summary

Modifier and Type	Method	Description
void	verify(AlexaHttpRequest alexaHttpRequest)	Validates if the provided date is inclusively within the verifier tolerance, either in the past or future, of the current system time.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

SkillRequestTimestampVerifier

public SkillRequestTimestampVerifier(long toleranceInMilliseconds)

Constructs a new timestamp verifier with the provided tolerance milliseconds.

Parameters:

toleranceInMilliseconds - the tolerance of this verifier, in milliseconds. must be non-negative and less than 3600000L.

SkillRequestTimestampVerifier

public SkillRequestTimestampVerifier(long tolerance,
 TimeUnit timeUnit)

Constructs a new timestamp verifier with the provided tolerance and timeUnit.

Parameters:

tolerance - the tolerance of this verifier must be non-negative and less than 3600000L after converting to milliseconds.

timeUnit - TimeUnit must be non-null.

Method Details

verify

public void verify(AlexaHttpRequest alexaHttpRequest)

Validates if the provided date is inclusively within the verifier tolerance, either in the past or future, of the current system time. This method will throw a SecurityException if the tolerance is not in the expected range, or if the request is null or does not contain a timestamp value. Verifies an incoming request.

Specified by:

verify in interface SkillServletVerifier

Parameters:

alexaHttpRequest - request performed by Alexa