NAME

    Net::Amazon::AlexaValidator - implements all security-related checks
    required for Amazon Alexa Skills.

SYNOPSIS

      my $alexa_validator = Net::Amazon::AlexaValidator->new({
        application_id => 'my_application_id_from_amazon_dev_site',
        echo_domain    => 'DNS:echo-api.amazon.com',
        cert_dir       => '/tmp/',
        });
      my $request = $c->req; # Requires a L<Catalyst::Request> object
      my $ret = $alexa_validator->validate_request($request);

DESCRIPTION

    Highlights of the validation include:

      * Verifies the Signature Certificate URL. Amazon's requirements are
      listed here:
      https://developer.amazon.com/public/solutions/alexa/alexa-skills-kit/docs/developing-an-alexa-skill-as-a-web-service#h2_verify_sig_cert

      * Downloads the PEM-encoded X.509 certificate chain that Alexa used
      to sign the message as specified by the SignatureCertChainUrl header
      value on the request.

      * Validates that the signing certificate has not expired (examine
      both the Not Before and Not After dates).

      * Validates that the domain echo-api.amazon.com is present in the
      Subject Alternative Names (SANs) section of the signing certificate.

      * Validates that all certificates in the chain combine to create a
      chain of trust to a trusted root CA certificate.

      * Base64-decodes the Signature header value on the request to obtain
      the encrypted signature.

      * Uses the public key extracted from the signing certificate to
      decrypt the encrypted signature to produce the asserted hash value.
      Generates a SHA-1 hash value from the full HTTPS request body to
      produce the derived hash value, and compares the asserted hash value
      and derived hash values to ensure that they match.

      * Checks the request timestamp to ensure that the request is not an
      old request being sent as part of a "replay" attack.

Configuration options

 echo_domain

    The echo domain that must be present in the Subject Alternative Names
    (SANs) section of the signing certificate

 application_id

    Application ID from your app's Amazon Alexa App settings

 cert_dir

    Directory in which to store your Alexa certificate, once validated

Subroutines

 validate_request

    Verifies this is a valid Amazon Alexa request. Checks things like
    application_id, certificates, timestamp.

    returns { success, error_msg }