1.9

- Fixed sandbox-mode - Better docs - Smaller code cleanups
Osiris-Team · Mar 31, 2021 · 6a7f028 · 6a7f028
1 parent 2515e24
commit 6a7f028
Show file tree

Hide file tree

Showing 5 changed files with 45 additions and 20 deletions.
diff --git a/pom.xml b/pom.xml
@@ -6,7 +6,7 @@
 
     <groupId>com.osiris.payhook</groupId>
     <artifactId>PayHook</artifactId>
-    <version>1.8</version>
+    <version>1.9</version>
     <packaging>jar</packaging>
 
     <name>PayHook</name>

diff --git a/src/main/java/com/osiris/payhook/PayHook.java b/src/main/java/com/osiris/payhook/PayHook.java
@@ -28,6 +28,7 @@
  */
 public class PayHook {
     private boolean isSandboxMode = false;
+    private boolean isWarnIfSandboxModeIsEnabled = true;
 
     /**
      * Parses the provided header {@link Map}
@@ -111,6 +112,10 @@ public void validateWebhookEvent(String validId, List<String> validTypes, Webhoo
      * @throws WebHookValidationException <b style='color:red' >IMPORTANT: MESSAGE MAY CONTAIN SENSITIVE INFORMATION!</b>
      */
     public void validateWebhookEvent(WebhookEvent event) throws WebHookValidationException, ParseBodyException, IOException, CertificateException, KeyStoreException, NoSuchAlgorithmException, SignatureException, InvalidKeyException {
+
+        if (isSandboxMode && isWarnIfSandboxModeIsEnabled)
+            System.out.println("[PAYHOOK] NOTE THAT SANDBOX-MODE IS ENABLED!");
+
         WebhookEventHeader header = event.getHeader();
 
         // Check if the webhook types match
@@ -147,6 +152,16 @@ public void validateWebhookEvent(WebhookEvent event) throws WebHookValidationExc
         // Check the chain
         SSLUtil.validateCertificateChain(clientCerts, trustCerts, "RSA");
 
+        // Validate the encoded signature.
+        // Note:
+        // If we are in sandbox mode, we are done with validation here,
+        // because the next part will always fail if this event is a mock, sandbox event.
+        // For more information see: https://developer.paypal.com/docs/api-basics/notifications/webhooks/notification-messages/
+        if (isSandboxMode) {
+            event.setValid(true);
+            return;
+        }
+
         // Construct expected signature
         String validWebhookId           = event.getValidWebhookId();
         String actualEncodedSignature   = header.getTransmissionSignature();
@@ -162,15 +177,6 @@ public void validateWebhookEvent(WebhookEvent event) throws WebHookValidationExc
         header.setWebhookId(arrayDecodedSignature[2]);
         header.setCrc32(arrayDecodedSignature[3]);
 
-        // Validate the encoded signature.
-        // If we are in sandbox mode, we are done with validation here,
-        // because the next part will always fail if this event is a mock, sandbox event.
-        // For more information see: https://developer.paypal.com/docs/api-basics/notifications/webhooks/notification-messages/
-        if (isSandboxMode) {
-            event.setValid(true);
-            return;
-        }
-
         boolean isSigValid = SSLUtil.validateTransmissionSignature(clientCerts, authAlgo, actualEncodedSignature, expectedDecodedSignature);
         if (isSigValid){
             // Lastly check if the webhook ids match
@@ -237,4 +243,20 @@ public boolean isSandboxMode() {
     public void setSandboxMode(boolean sandboxMode) {
         isSandboxMode = sandboxMode;
     }
+
+    /**
+     * See {@link PayHook#setWarnIfSandboxModeIsEnabled(boolean)} for details.
+     */
+    public boolean isWarnIfSandboxModeIsEnabled() {
+        return isWarnIfSandboxModeIsEnabled;
+    }
+
+    /**
+     * If enabled a warning is printed to {@link System#out}
+     * each time before performing a validation, stating that the sandbox-mode is enabled. <br>
+     * Enabled by default. <br>
+     */
+    public void setWarnIfSandboxModeIsEnabled(boolean warnIfSandboxModeIsEnabled) {
+        isWarnIfSandboxModeIsEnabled = warnIfSandboxModeIsEnabled;
+    }
 }
diff --git a/src/main/java/com/osiris/payhook/WebhookEventHeader.java b/src/main/java/com/osiris/payhook/WebhookEventHeader.java
@@ -49,8 +49,10 @@ public String getTimestamp() {
 
     /**
      * The ID of the webhook resource for the destination URL to which PayPal delivers the event notification. <br>
-     * IMPORTANT: SINCE THE WEBHOOK-ID IS INSIDE THE ENCODED TRANSMISSION-SIGNATURE, THIS RETURNS NULL
-     * UNLESS YOU SUCCESSFULLY EXECUTED {@link PayHook#validateWebhookEvent(WebhookEvent)} ONCE BEFORE!
+     * NOTE 1: SINCE THE WEBHOOK-ID IS INSIDE THE ENCODED TRANSMISSION-SIGNATURE, THIS RETURNS NULL
+     * UNLESS YOU SUCCESSFULLY EXECUTED {@link PayHook#validateWebhookEvent(WebhookEvent)} ONCE BEFORE! <br>
+     * NOTE 2: IF YOU HAVE SANDBOX-MODE ENABLED THIS WILL ALWAYS RETURN NULL, EVEN IF YOU ALREADY
+     * EXECUTED {@link PayHook#validateWebhookEvent(WebhookEvent)} ONCE BEFORE.
      */
     public String getWebhookId() {
         return webhookId;
@@ -65,8 +67,10 @@ public void setWebhookId(String webhookId) {
 
     /**
      * The Cyclic Redundancy Check (CRC32) checksum for the body of the HTTP payload. <br>
-     * IMPORTANT: SINCE THE CRC32 IS INSIDE THE ENCODED TRANSMISSION-SIGNATURE, THIS RETURNS NULL
-     * UNLESS YOU SUCCESSFULLY EXECUTED {@link PayHook#validateWebhookEvent(WebhookEvent)} ONCE BEFORE!
+     * NOTE 1: SINCE THE CRC32 IS INSIDE THE ENCODED TRANSMISSION-SIGNATURE, THIS RETURNS NULL
+     * UNLESS YOU SUCCESSFULLY EXECUTED {@link PayHook#validateWebhookEvent(WebhookEvent)} ONCE BEFORE! <br>
+     * NOTE 2: IF YOU HAVE SANDBOX-MODE ENABLED THIS WILL ALWAYS RETURN NULL, EVEN IF YOU ALREADY
+     * EXECUTED {@link PayHook#validateWebhookEvent(WebhookEvent)} ONCE BEFORE. <br>
      */
     public String getCrc32() {
         return crc32;

diff --git a/src/main/java/com/osiris/payhook/paypal/Constants.java b/src/main/java/com/osiris/payhook/paypal/Constants.java
@@ -25,10 +25,4 @@ private Constants() {}
     // Default Trust Certificate that comes packaged with SDK.
     public static final String PAYPAL_TRUST_DEFAULT_CERT = "DigiCertSHA2ExtendedValidationServerCA.crt";
 
-    // Webhook Id to be set for validation purposes
-    public static final String PAYPAL_WEBHOOK_ID = "webhook.id";
-
-    // Webhook Id to be set for validation purposes
-    public static final String PAYPAL_WEBHOOK_CERTIFICATE_AUTHTYPE = "webhook.authType";
-
 }
diff --git a/src/test/java/com/osiris/payhook/paypal/SSLUtilTest.java b/src/test/java/com/osiris/payhook/paypal/SSLUtilTest.java
@@ -0,0 +1,5 @@
+package com.osiris.payhook.paypal;
+
+class SSLUtilTest {
+
+}