API tools faq
paste
Guest User

Untitled

a guest
Oct 17th, 2021
178
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.29 KB | None | 0 0
raw download clone embed print report
  1. package com.console.api.webhook.example
  3. import com.nimbusds.jose.JOSEException
  4. import com.nimbusds.jose.JWSAlgorithm
  5. import com.nimbusds.jose.JWSHeader
  6. import com.nimbusds.jose.crypto.RSASSAVerifier
  7. import com.nimbusds.jose.util.Base64URL
  8. import org.junit.Assert.assertTrue
  9. import java.math.BigInteger
  10. import java.security.KeyFactory
  11. import java.security.interfaces.RSAPublicKey
  12. import java.security.spec.RSAPublicKeySpec
  13. import java.time.LocalDate
  14. import java.util.Base64
  16. class WebhookSignatureExample {
  18. companion object {
  19. @JvmStatic
  20. fun main(args: Array<String>) {
  22. // This is retrieved from the 'GET /webhook/v1/jwks' API operation
  23. val jwk = WebhookJSONWebKey(
  24. kty = "RSA",
  25. kid = LocalDate.of(2020, 3, 18),
  26. alg = "RSA256",
  27. n = "ANV-aocctqt5xDRnqomCgsO9dm4hM0Qd75TqG7z2G5Z89JQ7SRy2ok-fIJRiSU5-JfjPc3uph3gSOXyqlNoEh4YGL2R4AP7jhxy9xv0gDVtj1tExB_mmk8EUbmj8" +
  28. "hTIrfAgEJrDeB4qMk7MkkKxhHkhLNEJEPZfgYHcHcuKjp2l_vtpiuR9Ouz0febB9K4gLozrp9KHW2K-m0z02-tSurxmmij5nnJ-CEgp0wXcCS4w4G0jve4hcLlL9" +
  29. "FU8HKxrb0d4rMQgM3VAal6yG5pwMdtrsch7xA-occwWFC_tHgpDJGNvOJNFtuk7Cit_aom-6U6ssGF13sUtdrog2ePWjVxc=",
  30. e = "AQAB"
  31. )
  33. // These come from the webhook HTTP request
  34. val signatureHeader = "1IJl6VyKU4pYfqMHUd55QBNq5Etbz5a7DOCkID2Nloay76y4f02w2iMXONlyL/Bx9SkrbivOHW1l1XadkUrd5pKUK1fhpcnItukLrsK5ADQOcu" +
  35. "EjSLBg9qJffZYooXfc7hOD/fV0sN33W2vBYJspbR3P766DwG/6IO/20f9t/DcSWa79EFZPMnsCicEArNS3iIYBtdZSX5ta5EETt7S8acHbpIlSDrTcYpo0vuz19LQ6SP" +
  36. "QqN2LGdR+U7ZOiUQWdfMXhUgE7w94pHQzcOq1IHfw3CylUEcRR/DhrGqs4mBaagO6JpWzeqE1uTAiN579kOtSSqjblTb2AXALTQ3+TtA=="
  38. val requestBody = """{"eventId":"569886904","officeId":"132917981","eventType":"INTEGRATION_DEACTIVATED","event":{"integration":{"status":"INACTIVE","webhookId":"2bc47eed-08a0-4d18-a5c0-b7f18ab802e3","officeId":"132917981","createdDateTime":"2020-03-17T23:39:41.804Z","lastUpdatedDateTime":"2020-03-17T23:39:41.804Z"}},"createdDateTime":"2020-03-17T23:39:41.806Z"}"""
  40. /*
  41. * Signature verification
  42. */
  44. val keySpec = RSAPublicKeySpec(
  45. BigInteger(Base64.getUrlDecoder().decode(jwk.n)),
  46. BigInteger(Base64.getUrlDecoder().decode(jwk.e))
  47. )
  48. val rsaPublicKey = KeyFactory.getInstance(jwk.kty).generatePublic(keySpec) as RSAPublicKey
  49. val rsaVerifier = RSASSAVerifier(rsaPublicKey)
  51. try {
  52. assertTrue(
  53. "Invalid Signature",
  54. rsaVerifier.verify(
  55. JWSHeader(JWSAlgorithm.RS256),
  56. requestBody.toByteArray(),
  57. Base64URL(signatureHeader)
  58. )
  59. )
  60. println("Signature is valid")
  61. } catch (e: JOSEException) {
  62. println("Invalid signature: $e")
  63. }
  64. }
  65. }
  67. private data class WebhookJSONWebKey(
  68. val kty: String? = null,
  69. val kid: LocalDate? = null,
  70. val alg: String? = null,
  71. val n: String? = null,
  72. val e: String? = null
  73. )
  74. }
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!