• Home
• com.ingenico.connect.gateway
• connect-sdk-java
• 6.47.0
• source code
• SignatureValidator.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

com.ingenico.connect.gateway.sdk.java.webhooks.SignatureValidator Maven / Gradle / Ivy

package com.ingenico.connect.gateway.sdk.java.webhooks;

import java.nio.charset.Charset;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.util.List;

import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;

import org.apache.commons.codec.binary.Base64;

import com.ingenico.connect.gateway.sdk.java.RequestHeader;

/**
 * Validator for webhooks signatures. Thread-safe.
 */
public class SignatureValidator {

	private static final Charset CHARSET = Charset.forName("UTF-8");

	private final SecretKeyStore secretKeyStore;

	public SignatureValidator(SecretKeyStore secretKeyStore) {
		if (secretKeyStore == null) {
			throw new IllegalArgumentException("secretKeyStore is required");
		}
		this.secretKeyStore = secretKeyStore;
	}

	// body as byte array

	/**
	 * Validates the given body using the given request headers.
	 *
	 * @throws SignatureValidationException If the body could not be validated successfully.
	 */
	public void validate(byte[] body, List requestHeaders) {
		try {
			validateBody(body, requestHeaders);

		} catch (GeneralSecurityException e) {
			throw new SignatureValidationException(e);
		}
	}

	// body as String

	/**
	 * Validates the given body using the given request headers.
	 *
	 * @throws SignatureValidationException If the body could not be validated successfully.
	 */
	public void validate(String body, List requestHeaders) {
		validate(body.getBytes(CHARSET), requestHeaders);
	}

	// utility methods

	private void validateBody(byte[] body, List requestHeaders) throws GeneralSecurityException {
		String signature = getHeaderValue(requestHeaders, "X-GCS-Signature");
		String keyId = getHeaderValue(requestHeaders, "X-GCS-KeyId");
		String secretKey = secretKeyStore.getSecretKey(keyId);

		Mac hmac = Mac.getInstance("HmacSHA256");
		SecretKeySpec key = new SecretKeySpec(secretKey.getBytes(CHARSET), "HmacSHA256");
		hmac.init(key);

		byte[] unencodedResult = hmac.doFinal(body);
		byte[] expectedSignature = Base64.encodeBase64(unencodedResult);

		boolean isValid = MessageDigest.isEqual(signature.getBytes(CHARSET), expectedSignature);
		if (!isValid) {
			throw new SignatureValidationException("failed to validate signature '" + signature + "'");
		}
	}

	// general utility methods

	private static String getHeaderValue(List requestHeaders, String headerName) {
		String value = null;
		for (RequestHeader header : requestHeaders) {
			if (headerName.equalsIgnoreCase(header.getName())) {
				if (value == null) {
					value = header.getValue();
				} else {
					throw new SignatureValidationException("enocuntered multiple occurrences of header '" + headerName + "'");
				}
			}
		}
		if (value == null) {
			throw new SignatureValidationException("could not find header '" + headerName + "'");
		}
		return value;
	}
}