From 6a7f028f3f2639380a27aa462b1184204b25869b Mon Sep 17 00:00:00 2001 From: Osiris Team Date: Wed, 31 Mar 2021 22:13:55 +0200 Subject: [PATCH] 1.9 - Fixed sandbox-mode - Better docs - Smaller code cleanups --- pom.xml | 2 +- src/main/java/com/osiris/payhook/PayHook.java | 40 ++++++++++++++----- .../osiris/payhook/WebhookEventHeader.java | 12 ++++-- .../com/osiris/payhook/paypal/Constants.java | 6 --- .../osiris/payhook/paypal/SSLUtilTest.java | 5 +++ 5 files changed, 45 insertions(+), 20 deletions(-) create mode 100644 src/test/java/com/osiris/payhook/paypal/SSLUtilTest.java diff --git a/pom.xml b/pom.xml index 84312db..7deee0c 100644 --- a/pom.xml +++ b/pom.xml @@ -6,7 +6,7 @@ com.osiris.payhook PayHook - 1.8 + 1.9 jar PayHook diff --git a/src/main/java/com/osiris/payhook/PayHook.java b/src/main/java/com/osiris/payhook/PayHook.java index 5d52e74..076e384 100644 --- a/src/main/java/com/osiris/payhook/PayHook.java +++ b/src/main/java/com/osiris/payhook/PayHook.java @@ -28,6 +28,7 @@ */ public class PayHook { private boolean isSandboxMode = false; + private boolean isWarnIfSandboxModeIsEnabled = true; /** * Parses the provided header {@link Map} @@ -111,6 +112,10 @@ public void validateWebhookEvent(String validId, List validTypes, Webhoo * @throws WebHookValidationException IMPORTANT: MESSAGE MAY CONTAIN SENSITIVE INFORMATION! */ public void validateWebhookEvent(WebhookEvent event) throws WebHookValidationException, ParseBodyException, IOException, CertificateException, KeyStoreException, NoSuchAlgorithmException, SignatureException, InvalidKeyException { + + if (isSandboxMode && isWarnIfSandboxModeIsEnabled) + System.out.println("[PAYHOOK] NOTE THAT SANDBOX-MODE IS ENABLED!"); + WebhookEventHeader header = event.getHeader(); // Check if the webhook types match @@ -147,6 +152,16 @@ public void validateWebhookEvent(WebhookEvent event) throws WebHookValidationExc // Check the chain SSLUtil.validateCertificateChain(clientCerts, trustCerts, "RSA"); + // Validate the encoded signature. + // Note: + // If we are in sandbox mode, we are done with validation here, + // because the next part will always fail if this event is a mock, sandbox event. + // For more information see: https://developer.paypal.com/docs/api-basics/notifications/webhooks/notification-messages/ + if (isSandboxMode) { + event.setValid(true); + return; + } + // Construct expected signature String validWebhookId = event.getValidWebhookId(); String actualEncodedSignature = header.getTransmissionSignature(); @@ -162,15 +177,6 @@ public void validateWebhookEvent(WebhookEvent event) throws WebHookValidationExc header.setWebhookId(arrayDecodedSignature[2]); header.setCrc32(arrayDecodedSignature[3]); - // Validate the encoded signature. - // If we are in sandbox mode, we are done with validation here, - // because the next part will always fail if this event is a mock, sandbox event. - // For more information see: https://developer.paypal.com/docs/api-basics/notifications/webhooks/notification-messages/ - if (isSandboxMode) { - event.setValid(true); - return; - } - boolean isSigValid = SSLUtil.validateTransmissionSignature(clientCerts, authAlgo, actualEncodedSignature, expectedDecodedSignature); if (isSigValid){ // Lastly check if the webhook ids match @@ -237,4 +243,20 @@ public boolean isSandboxMode() { public void setSandboxMode(boolean sandboxMode) { isSandboxMode = sandboxMode; } + + /** + * See {@link PayHook#setWarnIfSandboxModeIsEnabled(boolean)} for details. + */ + public boolean isWarnIfSandboxModeIsEnabled() { + return isWarnIfSandboxModeIsEnabled; + } + + /** + * If enabled a warning is printed to {@link System#out} + * each time before performing a validation, stating that the sandbox-mode is enabled.
+ * Enabled by default.
+ */ + public void setWarnIfSandboxModeIsEnabled(boolean warnIfSandboxModeIsEnabled) { + isWarnIfSandboxModeIsEnabled = warnIfSandboxModeIsEnabled; + } } diff --git a/src/main/java/com/osiris/payhook/WebhookEventHeader.java b/src/main/java/com/osiris/payhook/WebhookEventHeader.java index 556c2fd..efffeb4 100644 --- a/src/main/java/com/osiris/payhook/WebhookEventHeader.java +++ b/src/main/java/com/osiris/payhook/WebhookEventHeader.java @@ -49,8 +49,10 @@ public String getTimestamp() { /** * The ID of the webhook resource for the destination URL to which PayPal delivers the event notification.
- * IMPORTANT: SINCE THE WEBHOOK-ID IS INSIDE THE ENCODED TRANSMISSION-SIGNATURE, THIS RETURNS NULL - * UNLESS YOU SUCCESSFULLY EXECUTED {@link PayHook#validateWebhookEvent(WebhookEvent)} ONCE BEFORE! + * NOTE 1: SINCE THE WEBHOOK-ID IS INSIDE THE ENCODED TRANSMISSION-SIGNATURE, THIS RETURNS NULL + * UNLESS YOU SUCCESSFULLY EXECUTED {@link PayHook#validateWebhookEvent(WebhookEvent)} ONCE BEFORE!
+ * NOTE 2: IF YOU HAVE SANDBOX-MODE ENABLED THIS WILL ALWAYS RETURN NULL, EVEN IF YOU ALREADY + * EXECUTED {@link PayHook#validateWebhookEvent(WebhookEvent)} ONCE BEFORE. */ public String getWebhookId() { return webhookId; @@ -65,8 +67,10 @@ public void setWebhookId(String webhookId) { /** * The Cyclic Redundancy Check (CRC32) checksum for the body of the HTTP payload.
- * IMPORTANT: SINCE THE CRC32 IS INSIDE THE ENCODED TRANSMISSION-SIGNATURE, THIS RETURNS NULL - * UNLESS YOU SUCCESSFULLY EXECUTED {@link PayHook#validateWebhookEvent(WebhookEvent)} ONCE BEFORE! + * NOTE 1: SINCE THE CRC32 IS INSIDE THE ENCODED TRANSMISSION-SIGNATURE, THIS RETURNS NULL + * UNLESS YOU SUCCESSFULLY EXECUTED {@link PayHook#validateWebhookEvent(WebhookEvent)} ONCE BEFORE!
+ * NOTE 2: IF YOU HAVE SANDBOX-MODE ENABLED THIS WILL ALWAYS RETURN NULL, EVEN IF YOU ALREADY + * EXECUTED {@link PayHook#validateWebhookEvent(WebhookEvent)} ONCE BEFORE.
*/ public String getCrc32() { return crc32; diff --git a/src/main/java/com/osiris/payhook/paypal/Constants.java b/src/main/java/com/osiris/payhook/paypal/Constants.java index 17c6c6a..c36a610 100644 --- a/src/main/java/com/osiris/payhook/paypal/Constants.java +++ b/src/main/java/com/osiris/payhook/paypal/Constants.java @@ -25,10 +25,4 @@ private Constants() {} // Default Trust Certificate that comes packaged with SDK. public static final String PAYPAL_TRUST_DEFAULT_CERT = "DigiCertSHA2ExtendedValidationServerCA.crt"; - // Webhook Id to be set for validation purposes - public static final String PAYPAL_WEBHOOK_ID = "webhook.id"; - - // Webhook Id to be set for validation purposes - public static final String PAYPAL_WEBHOOK_CERTIFICATE_AUTHTYPE = "webhook.authType"; - } diff --git a/src/test/java/com/osiris/payhook/paypal/SSLUtilTest.java b/src/test/java/com/osiris/payhook/paypal/SSLUtilTest.java new file mode 100644 index 0000000..09d6df0 --- /dev/null +++ b/src/test/java/com/osiris/payhook/paypal/SSLUtilTest.java @@ -0,0 +1,5 @@ +package com.osiris.payhook.paypal; + +class SSLUtilTest { + +} \ No newline at end of file