/// import { IncomingHttpHeaders } from 'http'; /** * Provide constant value * For more info, check `link */ export declare const REQUIRED_NODE_VERSION = "12.3.0"; /** * Verifiers are run against incoming requests to verify authenticity and integrity of the request before processing * it. */ export interface Verifier { /** * Verifies an incoming request. * * @param {string} requestEnvelope The request body in string format * @param {IncomingHttpHeaders} headers The request headers */ verify(requestEnvelope: string, headers?: IncomingHttpHeaders): Promise; } /** * Implementation of Verifier which provides a utility method to verify the signature of a skill request. */ export declare class SkillRequestSignatureVerifier implements Verifier { protected certCache: Map; constructor(); /** * Verifies the certificate authenticity. * * This verifier uses the crypto module pki functions to validate the signature chain in the input request. * The verification follows the mechanism explained here : * https://developer.amazon.com/docs/custom-skills/host-a-custom-skill-as-a-web-service.html#checking-the-signature-of-the-request * @param {string} requestEnvelope Request body of the input POST request in string format * @param {IncomingHttpHeaders} headers Headers of the input POST request */ verify(requestEnvelope: string, headers: IncomingHttpHeaders): Promise; /** * Validate Url and retrieve certificate chain * * This method validates if the URL is valid and loads * the certificate chain, before returning it. * @private * @param {string} signatureCertChainUrl URL for retrieving certificate chain * @return {Promise} */ private _validateUrlAndRetrieveCertChain; /** * Validate the URL containing the certificate chain * * This method validates if the URL provided adheres to the format mentioned here : * https://developer.amazon.com/docs/custom-skills/host-a-custom-skill-as-a-web-service.html#cert-verify-signature-certificate-url * @private * @param {string} signatureCertChainUrl URL for retrieving certificate chain */ private _validateCertificateUrl; /** * Load certificate chain * * This method loads the certificate chain from the certificate * cache. If there is a cache miss, the certificate chain is * loaded from the certificate URL. If certificate chain is * loaded from URL, validate it before return. * @private * @param {string} signatureCertChainUrl URL for retrieving certificate chain * @return {Promise} */ private _loadCertChain; /** * Loads the certificate chain from the URL. * * This method use the validated certificate url to retrieve certificate chain * @private * @param {string} signatureCertChainUrl URL for retrieving certificate chain * @return {Promise} */ private _getCertChainByUrl; /** * Validate certificate chain * * This method uses the crypto module pki functions to validate the signature chain * It checks if the passed in certificate chain is valid, * i.e it is not expired and the Alexa domain is present in the * SAN extensions of the certificate chain. * @private * @param {string} pemCert Certificate chain in pem format */ private _validateCertChain; /** * Validate the request body hash with signature * * This method checks if the hash value of the request body * matches with the hash value of the signature * @param pemCert Certificate chain in pem format * @param signature Encrypted signature of the request * @param requestEnvelope Request body of the input POST request in string format */ private _validateRequestBody; } /** * Implementation of Verifier which provides a utility method to handle * the request timestamp verification of the input request. */ export declare class TimestampVerifier implements Verifier { protected toleranceInMillis: number; constructor(tolerance?: number); /** * Verifies the certificate authenticity. * * The verify method retrieves the request timestamp and check if * it falls in the limit set by the tolerance, by checking with * the current timestamp. The verification follows the mechanism explained here : * https://developer.amazon.com/docs/custom-skills/host-a-custom-skill-as-a-web-service.html#checking-the-signature-of-the-request * @param {string} requestEnvelope Request envelope of the input POST request in string format * @return {Promise} */ verify(requestEnvelope: string): Promise; }