• Home
• com.ecwid.apiclient
• api-client
• 0.342.0
• source code
• WebhooksUtils.kt

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

com.ecwid.apiclient.v3.util.WebhooksUtils.kt Maven / Gradle / Ivy

package com.ecwid.apiclient.v3.util

import com.ecwid.apiclient.v3.dto.webhook.Webhook
import org.apache.commons.codec.binary.Base64
import org.apache.commons.codec.digest.HmacAlgorithms
import org.apache.commons.codec.digest.HmacUtils

@Suppress("unused")
object WebhooksUtils {

    const val WEBHOOK_SIGNATURE_HEADER_NAME = "X-Ecwid-Webhook-Signature"

    /**
     * Webhook signature verification
     * @param signature - webhook signature obtained from the X-Ecwid-Webhook-Signature header
     * @param webhook - the webhook itself, for which you need to check the signature
     * @param clientSecret - clientSecret of the application for which the webhook was sent
     * @return true if the signature is valid
     */
	@JvmStatic
	fun isSignatureValid(signature: String?, webhook: Webhook?, clientSecret: String): Boolean {
        if (webhook == null || signature.isNullOrEmpty()) {
			return false
		}

        val bt = HmacUtils(HmacAlgorithms.HMAC_SHA_256, clientSecret)
            .hmac("${webhook.eventCreated}.${webhook.eventId}")
        val result = Base64.encodeBase64String(bt)

        return signature == result
    }

}