Add SHA256 support (#60)

SHA256 support
aws · Aug 22, 2022 · ea20e69 · ea20e69
1 parent e494478
commit ea20e69
Show file tree

Hide file tree

Showing 3 changed files with 189 additions and 72 deletions.
diff --git a/src/MessageValidator.php b/src/MessageValidator.php
@@ -9,6 +9,7 @@
 class MessageValidator
 {
     const SIGNATURE_VERSION_1 = '1';
+    const SIGNATURE_VERSION_2 = '2';
 
     /**
      * @var callable Callable used to download the certificate content.
@@ -105,7 +106,8 @@ public function validate(Message $message)
         // Verify the signature of the message.
         $content = $this->getStringToSign($message);
         $signature = base64_decode($message['Signature']);
-        if (openssl_verify($content, $signature, $key, OPENSSL_ALGO_SHA1) != 1) {
+        $algo = ($message['SignatureVersion'] === self::SIGNATURE_VERSION_1 ? OPENSSL_ALGO_SHA1 : OPENSSL_ALGO_SHA256);
+        if (openssl_verify($content, $signature, $key, $algo) !== 1) {
             throw new InvalidSnsMessageException(
                 'The message signature is invalid.'
             );
@@ -151,7 +153,8 @@ public function getStringToSign(Message $message)
             'Type',
         ];
 
-        if ($message['SignatureVersion'] !== self::SIGNATURE_VERSION_1) {
+        if ($message['SignatureVersion'] !== self::SIGNATURE_VERSION_1
+            && $message['SignatureVersion'] !== self::SIGNATURE_VERSION_2) {
             throw new InvalidSnsMessageException(
                 "The SignatureVersion \"{$message['SignatureVersion']}\" is not supported."
             );