/** * Expose {@link LineSignatureValidator} as {@link Bean}. */ @Bean public LineSignatureValidator lineSignatureValidator() { return new LineSignatureValidator( lineBotProperties.getChannelSecret().getBytes(StandardCharsets.US_ASCII)); }
/** * Validate signature. * * @param content Body of the http request in byte array. * @param headerSignature Signature value from `X-LINE-Signature` HTTP header * * @return True if headerSignature matches signature of the content. False otherwise. */ public boolean validateSignature(@NonNull byte[] content, @NonNull String headerSignature) { final byte[] signature = generateSignature(content); final byte[] decodeHeaderSignature = Base64.getDecoder().decode(headerSignature); return MessageDigest.isEqual(decodeHeaderSignature, signature); }
if (!lineSignatureValidator.validateSignature(json, signature)) { throw new LineBotCallbackException("Invalid API signature");
@Test public void validateSignature() throws Exception { LineSignatureValidator lineSignatureValidator = new LineSignatureValidator( channelSecret.getBytes(StandardCharsets.UTF_8)); String httpRequestBody = "{}"; assertThat(lineSignatureValidator .validateSignature(httpRequestBody.getBytes(StandardCharsets.UTF_8), "3q8QXTAGaey18yL8FWTqdVlbMr6hcuNvM4tefa0o9nA=")) .isTrue(); assertThat(lineSignatureValidator .validateSignature(httpRequestBody.getBytes(StandardCharsets.UTF_8), "596359635963")) .isFalse(); }
@Test public void generateSignature() throws Exception { LineSignatureValidator lineSignatureValidator = new LineSignatureValidator( channelSecret.getBytes(StandardCharsets.UTF_8)); String httpRequestBody = "{}"; byte[] headerSignature = lineSignatureValidator .generateSignature(httpRequestBody.getBytes(StandardCharsets.UTF_8)); assertThat(Base64Utils.encodeToString(headerSignature)) .isEqualTo("3q8QXTAGaey18yL8FWTqdVlbMr6hcuNvM4tefa0o9nA="); }
if (!lineSignatureValidator.validateSignature(json, signature)) { throw new LineBotCallbackException("Invalid API signature");
@Test public void testNullRequest2() throws Exception { final String signature = "SSSSIGNATURE"; final String content = "null"; doReturn(true).when(lineSignatureValidator) .validateSignature(content.getBytes(StandardCharsets.UTF_8), signature); assertThatThrownBy(() -> lineBotCallbackRequestParser.handle(signature, content)) .isInstanceOf(LineBotCallbackException.class) .hasMessage("Invalid content"); }
/** * Expose {@link LineSignatureValidator} as {@link Bean}. */ @Bean public LineSignatureValidator lineSignatureValidator() { return new LineSignatureValidator( lineBotProperties.getChannelSecret().getBytes(StandardCharsets.US_ASCII)); }
@Test public void testNullRequest() throws Exception { final byte[] requestBody = "null".getBytes(StandardCharsets.UTF_8); MockHttpServletRequest request = new MockHttpServletRequest(); request.addHeader("X-Line-Signature", "SSSSIGNATURE"); request.setContent(requestBody); doReturn(true).when(lineSignatureValidator).validateSignature(requestBody, "SSSSIGNATURE"); assertThatThrownBy(() -> lineBotCallbackRequestParser.handle(request)) .isInstanceOf(LineBotCallbackException.class) .hasMessage("Invalid content"); }
@Test public void testCallRequest() throws Exception { InputStream resource = getClass().getClassLoader().getResourceAsStream("callback-request.json"); byte[] requestBody = ByteStreams.toByteArray(resource); MockHttpServletRequest request = new MockHttpServletRequest(); request.addHeader("X-Line-Signature", "SSSSIGNATURE"); request.setContent(requestBody); doReturn(true).when(lineSignatureValidator).validateSignature(requestBody, "SSSSIGNATURE"); CallbackRequest callbackRequest = lineBotCallbackRequestParser.handle(request); assertThat(callbackRequest).isNotNull(); final List<Event> result = callbackRequest.getEvents(); final MessageEvent messageEvent = (MessageEvent) result.get(0); final TextMessageContent text = (TextMessageContent) messageEvent.getMessage(); assertThat(text.getText()).isEqualTo("Hello, world"); final String followedUserId = messageEvent.getSource().getUserId(); assertThat(followedUserId).isEqualTo("u206d25c2ea6bd87c17655609a1c37cb8"); assertThat(messageEvent.getTimestamp()).isEqualTo(Instant.parse("2016-05-07T13:57:59.859Z")); }
@Test public void testCallRequest2() throws Exception { InputStream resource = getClass().getClassLoader().getResourceAsStream("callback-request.json"); byte[] requestBody = ByteStreams.toByteArray(resource); MockHttpServletRequest request = new MockHttpServletRequest(); request.addHeader("X-Line-Signature", "SSSSIGNATURE"); request.setContent(requestBody); doReturn(true).when(lineSignatureValidator).validateSignature(requestBody, "SSSSIGNATURE"); CallbackRequest callbackRequest = lineBotCallbackRequestParser .handle("SSSSIGNATURE", new String(requestBody, StandardCharsets.UTF_8)); assertThat(callbackRequest).isNotNull(); final List<Event> result = callbackRequest.getEvents(); final MessageEvent messageEvent = (MessageEvent) result.get(0); final TextMessageContent text = (TextMessageContent) messageEvent.getMessage(); assertThat(text.getText()).isEqualTo("Hello, world"); final String followedUserId = messageEvent.getSource().getUserId(); assertThat(followedUserId).isEqualTo("u206d25c2ea6bd87c17655609a1c37cb8"); assertThat(messageEvent.getTimestamp()).isEqualTo(Instant.parse("2016-05-07T13:57:59.859Z")); } }