|
14 | 14 | import org.apache.commons.codec.binary.Hex; |
15 | 15 |
|
16 | 16 | public class Utils { |
17 | | - /** |
18 | | - * Verify a request's signature |
19 | | - * |
20 | | - * @param requestBody The request's body |
21 | | - * @param signatureHeader The request's `freeclimb-signature` header |
| 17 | + /** |
| 18 | + * Verify a request's signature |
| 19 | + * |
| 20 | + * @param requestBody The request's body |
| 21 | + * @param signatureHeader The request's `freeclimb-signature` header |
22 | 22 | * @param signingSecret A signing secret from the FreeClimb account |
23 | | - * @param tolerance Acceptable duration threshold represented in |
24 | | - * milliseconds, defaulting to 5 minutes when not |
25 | | - * provided |
| 23 | + * @param tolerance Acceptable duration threshold represented in |
| 24 | + * milliseconds, defaulting to 5 minutes when not |
| 25 | + * provided |
26 | 26 | * @throws FreeClimbException upon failed verification |
27 | | - */ |
28 | | - public static void verifyRequest(String requestBody, String signatureHeader, String signingSecret, int tolerance) throws FreeClimbException { |
29 | | - String[] values = signatureHeader.split(","); |
| 27 | + */ |
| 28 | + public static void verifyRequest(String requestBody, String signatureHeader, String signingSecret, int tolerance) throws FreeClimbException { |
| 29 | + String[] values = signatureHeader.split(","); |
30 | 30 |
|
31 | | - long time = 0; |
32 | | - List<String> v1 = new ArrayList<String>(); |
33 | | - for (String queryString : values) { |
34 | | - try { |
35 | | - final int idex =queryString.indexOf("="); |
36 | | - String key = idex > 0 |
37 | | - ? URLDecoder.decode(queryString.substring(0, idex), "UTF-8") |
38 | | - : queryString; |
39 | | - String value = (idex > 0) && (queryString.length() > idex + 1) |
40 | | - ? queryString.substring(idex + 1) |
41 | | - : null; |
42 | | - if (key.equals("t")) { |
43 | | - time = Long.parseLong(value); |
44 | | - } |
45 | | - if (key.equals("v1")) { |
46 | | - v1.add(value); |
47 | | - } |
48 | | - } catch (Exception e) { |
49 | | - throw new FreeClimbException(e); |
50 | | - } |
51 | | - } |
| 31 | + long time = 0; |
| 32 | + List<String> v1 = new ArrayList<String>(); |
| 33 | + for (String queryString : values) { |
| 34 | + try { |
| 35 | + final int idex =queryString.indexOf("="); |
| 36 | + String key = idex > 0 |
| 37 | + ? URLDecoder.decode(queryString.substring(0, idex), "UTF-8") |
| 38 | + : queryString; |
| 39 | + String value = (idex > 0) && (queryString.length() > idex + 1) |
| 40 | + ? queryString.substring(idex + 1) |
| 41 | + : null; |
| 42 | + if (key.equals("t")) { |
| 43 | + time = Long.parseLong(value); |
| 44 | + } |
| 45 | + if (key.equals("v1")) { |
| 46 | + v1.add(value); |
| 47 | + } |
| 48 | + } catch (Exception e) { |
| 49 | + throw new FreeClimbException(e); |
| 50 | + } |
| 51 | + } |
52 | 52 |
|
53 | | - long currentTime = new Date().getTime(); |
54 | | - long signatureAge = currentTime - (time*1000); |
55 | | - if (tolerance < signatureAge) { |
56 | | - throw new FreeClimbException(String.format("Request rejected - signature's timestamp failed against current tolerance of %2d milliseconds. Signature age: %2d milliseconds", tolerance, signatureAge)); |
57 | | - } |
| 53 | + long currentTime = new Date().getTime(); |
| 54 | + long signatureAge = currentTime - (time*1000); |
| 55 | + if (tolerance < signatureAge) { |
| 56 | + throw new FreeClimbException(String.format("Request rejected - signature's timestamp failed against current tolerance of %2d milliseconds. Signature age: %2d milliseconds", tolerance, signatureAge)); |
| 57 | + } |
58 | 58 |
|
59 | | - String data = time + "." + requestBody; |
60 | | - try { |
61 | | - Mac mac = Mac.getInstance("HmacSHA256"); |
62 | | - mac.init(new SecretKeySpec(signingSecret.getBytes(), "HmacSHA256")); |
63 | | - String hmac = Hex.encodeHexString(mac.doFinal(data.getBytes())); |
| 59 | + String data = time + "." + requestBody; |
| 60 | + try { |
| 61 | + Mac mac = Mac.getInstance("HmacSHA256"); |
| 62 | + mac.init(new SecretKeySpec(signingSecret.getBytes(), "HmacSHA256")); |
| 63 | + String hmac = Hex.encodeHexString(mac.doFinal(data.getBytes())); |
64 | 64 |
|
65 | | - if (!v1.contains(hmac)) { |
66 | | - throw new FreeClimbException(String.format("Unverified Request Signature - FreeClimb was unable to verify that this request originated from FreeClimb. If this request was unexpected, it may be from a bad actor. Please proceed with caution. If this request was expected, to fix this issue try checking for any typos or misspelling of your signing secret.")); |
67 | | - } |
68 | | - } catch (Exception e) { |
69 | | - throw new FreeClimbException("Failed to calculate hmac using ", e); |
70 | | - } |
71 | | - } |
| 65 | + if (!v1.contains(hmac)) { |
| 66 | + throw new FreeClimbException(String.format("Unverified Request Signature - FreeClimb was unable to verify that this request originated from FreeClimb. If this request was unexpected, it may be from a bad actor. Please proceed with caution. If this request was expected, to fix this issue try checking for any typos or misspelling of your signing secret.")); |
| 67 | + } |
| 68 | + } catch (Exception e) { |
| 69 | + throw new FreeClimbException("Failed to calculate hmac using ", e); |
| 70 | + } |
| 71 | + } |
72 | 72 |
|
73 | 73 | /** |
74 | | - * Verify a request's signature |
75 | | - * |
76 | | - * @param requestBody The request's body |
77 | | - * @param signatureHeader The request's `freeclimb-signature` header |
| 74 | + * Verify a request's signature |
| 75 | + * |
| 76 | + * @param requestBody The request's body |
| 77 | + * @param signatureHeader The request's `freeclimb-signature` header |
78 | 78 | * @param signingSecret A signing secret from the FreeClimb account |
79 | 79 | * @throws FreeClimbException upon failed verification |
80 | | - */ |
| 80 | + */ |
81 | 81 | public static void verifyRequest(String requestBody, String signatureHeader, String signingSecret) throws FreeClimbException { |
82 | | - Utils.verifyRequest(requestBody, signatureHeader, signingSecret, 5*60*1000); |
83 | | - } |
| 82 | + Utils.verifyRequest(requestBody, signatureHeader, signingSecret, 5*60*1000); |
| 83 | + } |
84 | 84 | } |
0 commit comments