/** * Verifies the signature in an HttpServletRequest. * * @param request The HttpServletRequest to be verified * @param secretKey The pre-shared secret key used by the sender of the request to create the signature * * @return true if the signature is correct for this request and secret key. */ public static boolean verifyRequestSignature(HttpServletRequest request, String secretKey) { return verifyRequestSignature(request, secretKey, System.currentTimeMillis()); }
private void validateRequest(HttpServletRequest request) throws NexmoCallbackRequestValidationException { boolean passed = true; if (this.validateUsernamePassword) { String username = request.getParameter("username"); String password = request.getParameter("password"); if (this.expectedUsername != null) if (!this.expectedUsername.equals(username)) passed = false; if (this.expectedPassword != null) if (!this.expectedPassword.equals(password)) passed = false; } if (!passed) { throw new NexmoCallbackRequestValidationException("Bad Credentials"); } if (this.validateSignature) { if (!RequestSigning.verifyRequestSignature(request, this.signatureSharedSecret)) { throw new NexmoCallbackRequestValidationException("Bad Signature"); } } }
@Test public void testVerifyRequestSignatureMissingTimestamp() { HttpServletRequest request = constructDummyRequest(); when(request.getParameter("timestamp")).thenReturn(null); assertFalse(RequestSigning.verifyRequestSignature(request, "abcde", 2100000)); }
@Test public void testVerifyRequestSignatureNoSig() { HttpServletRequest request = constructDummyRequest(); when(request.getParameter("sig")).thenReturn(null); assertFalse(RequestSigning.verifyRequestSignature(request, "abcde", 2100000)); }
@Test public void testVerifyRequestSignatureBadTimestamp() { HttpServletRequest request = constructDummyRequest(); when(request.getParameter("timestamp")).thenReturn("not a date time string"); assertFalse(RequestSigning.verifyRequestSignature(request, "abcde", 2100000)); }
@Test public void testVerifyRequestSignatureHandlesNullParams() { Map<String, String[]> params = constructDummyParams(); params.put("b", new String[]{ null }); params.put("sig", new String[]{"a3368bf718ba104dcb392d8877e8eb2b"}); HttpServletRequest request = constructDummyRequest(params); assertTrue(RequestSigning.verifyRequestSignature(request, "abcde", 2100000)); }
@Test public void testVerifyRequestSignature() { HttpServletRequest request = constructDummyRequest(); assertTrue(RequestSigning.verifyRequestSignature(request, "abcde", 2100000)); }