I'm trying to run through the Amazon FPS quickstart guide for PHP and am having trouble verifying the return url provided by the CBUI.
Here is the url:
http://local-screen.com/wp-content/plugins/lclscrn_projects/amazon_fps/FPS/ReturnUrlVerificationSampleCode.php?tokenID=N1G9E5I7BH72563866UZ23YZ1X1AL9AZ2A9291Q1PKDATS8R7BLZ6Y7LEHY2QRHS&signatureMethod=RSA-SHA1&status=SC&signatureVersion=2&signature=WbBPFQku5BA67CR9vWr664eLNDahErYWZM6GrOYTnlDmLZf0rBm0XATrGPLgj5V94GsP0n%2BJ0uye%0A0MRZ3gastZX9M0cjbaPBcCjW1ydt%2BtCiatd%2BjQA6ZRs7XD%2BmWMqHVT3b4eY5WXKHHHQIvp4xLjJY%0AxuwtLf4MaYuiATtdnCY%3D&certificateUrl=https%3A%2F%2Ffps.sandbox.amazonaws.com%2Fcerts%2F090911%2FPKICert.pem%3FrequestId%3Dbjyk7pqb789b33qxg4h9lx8kn8ijplnc5pow0ycey00olslowmv&expiry=01%2F2018&callerReference=%241%24yo8s
This is the error I'm getting:
Verifying return url signed using signature v2 ....
Fatal error: Uncaught exception 'Amazon_FPS_SignatureException' with message 'Certificate could not be verified by the FPS service' in /home/content/85/9687085/html/wp-content/plugins/lclscrn_projects/amazon_fps/FPS/SignatureUtilsForOutbound.php:103 Stack trace: #0 /home/content/85/9687085/html/wp-content/plugins/lclscrn_projects/amazon_fps/FPS/SignatureUtilsForOutbound.php(50): Amazon_FPS_SignatureUtilsForOutbound->validateSignatureV2(Array, 'http://local-sc...', 'GET') #1 /home/content/85/9687085/html/wp-content/plugins/lclscrn_projects/amazon_fps/FPS/ReturnUrlVerificationSampleCode.php(93): Amazon_FPS_SignatureUtilsForOutbound->validateRequest(Array, 'http://local-sc...', 'GET') #2 /home/content/85/9687085/html/wp-content/plugins/lclscrn_projects/amazon_fps/FPS/ReturnUrlVerificationSampleCode.php(97): Amazon_FPS_ReturnUrlVerificationSampleCode::test() #3 {main} thrown in /home/content/85/9687085/html/wp-content/plugins/lclscrn_projects/amazon_fps/FPS/SignatureUtilsForOutbound.php on line 103
Here is the function that gets the variables and calls the validation page:
public static function test() {
$aws_access_key = self::$aws_access_key;
$aws_secret_key = self::$aws_secret_key;
$utils = new Amazon_FPS_SignatureUtilsForOutbound($aws_access_key, $aws_secret_key);
/* Verification of an return url signed using signature version 2.*/
// New parameters sent in return url signed using signature v2
$params["certificateUrl"] = self::$certificate_url;
$params["signature"] = self::$signature;
$params["signatureMethod"] = self::$signature_method;
$params["signatureVersion"] = self::$signature_version;
// foreach ($params as $param) {
// echo $param;
// echo '<br/><br/>';
// }
// echo self::$return_url;
// return;
$urlEndPoint = self::$return_url; //Your return url end point.
print "Verifying return url signed using signature v2 ....\n";
//return url is sent as a http GET request and hence we specify GET as the http method.
//Signature verification does not require your secret key
print "Is signature correct: " . $utils->validateRequest($params, $urlEndPoint, "GET") . "\n";
}
I also have the output of the foreach loop above which I can PM if somebody needs it. I just don't understand why I can't validate this url. Any help would be greatly appreciated.
Nick
I'm using the PHP sample code from Amazon as well, and was running into the exact same error message.
Solution
Requirement 1: The value of
HttpParametersthat you pass in the VerifySignature request must have parameters in the same order as passed to your return URL by Amazon's UI. So instead of manually fetching each GET parameter as Amazon's sample code does, simply use the$_GETobject as the value of the$parametersvariable inSignatureUtilsForOutbound.php.Requirement 2: You need to test from a box that is accessible on the Internet. You will always get this error if you're testing from localhost.