Merge branch 'DEVEXP-201-verification-webhooks' into DEVEXP-201-store…

…-application-credentials-at-sinchclient-configuration-level

client/src/main/com/sinch/sdk/auth/adapters/VerificationApplicationAuthManager.java

@@ -58,7 +58,7 @@ public Collection<Pair<String, String>> getAuthorizationHeaders(
 
     return Arrays.asList(
         new Pair<>("Authorization", AUTH_KEYWORD + " " + key + ":" + encoded),
-        new Pair<>(XTIMESTAMP_HEADER, timestamp.toString()));
+        new Pair<>(XTIMESTAMP_HEADER, timestamp));
   }
 
   private String getBodyMD5Hash(String body) {

client/src/main/com/sinch/sdk/domains/verification/adapters/WebHooksService.java

@@ -15,8 +15,8 @@ public class WebHooksService implements com.sinch.sdk.domains.verification.WebHo
 
   private final Map<String, AuthManager> authManagers;
 
-  public WebHooksService(Map<String, AuthManager> authManagerSupplier) {
-    this.authManagers = authManagerSupplier;
+  public WebHooksService(Map<String, AuthManager> authManagers) {
+    this.authManagers = authManagers;
   }
 
   public boolean checkAuthentication(
@@ -37,6 +37,13 @@ public boolean checkAuthentication(
     String authorizationKeyword = split.length > 0 ? split[0] : "";
     String authorizationHash = split.length > 1 ? split[1] : "";
 
+    String computedHash = computeHash(ciHeaders, authorizationKeyword, method, path, jsonPayload);
+
+    return computedHash.equals(authorizationHash);
+  }
+
+  private String computeHash(Map<String, String> ciHeaders, String authorizationKeyword,
+      String method, String path, String jsonPayload) {
     // getting content type header
     String contentTypeHeader = ciHeaders.getOrDefault("content-type", "");
 
@@ -59,9 +66,7 @@ public boolean checkAuthentication(
             .map(Pair::getRight)
             .orElse("");
     String[] newSplit = computedAuthorization.split(" ");
-    String computedHash = newSplit.length > 1 ? newSplit[1] : "";
-
-    return computedHash.equals(authorizationHash);
+    return newSplit.length > 1 ? newSplit[1] : "";
   }
 
   @Override

client/src/test/java/com/sinch/sdk/domains/verification/adapters/WebhooksServiceTest.java

@@ -42,11 +42,26 @@ void checkApplicationAuthentication() throws ApiException {
   }
 
   @Test
-  void checkApplicationAuthenticationFailure() throws ApiException {
+  void checkApplicationAuthenticationFailureOnKey() throws ApiException {
 
     Map<String, String> headers =
         Stream.of(
-                new AbstractMap.SimpleEntry<>("authorization", "application foo="),
+                new AbstractMap.SimpleEntry<>("authorization", "application badkey:xfKhO0XvlRNJraahUBEJzzi1f3Fn3pYO41/ZzwOHPaQ="),
+                new AbstractMap.SimpleEntry<>("content-type", "application/json; charset=utf-8"),
+                new AbstractMap.SimpleEntry<>("x-timestamp", "2023-12-01T15:01:20.0406449Z"))
+            .collect(Collectors.toMap(Map.Entry::getKey, Map.Entry::getValue));
+
+    boolean authenticationResult =
+        webHooksService.checkAuthentication("POST", "/VerificationRequestEvent", headers, request);
+
+    Assertions.assertThat(authenticationResult).isEqualTo(false);
+  }
+  @Test
+  void checkApplicationAuthenticationFailureOnHash() throws ApiException {
+
+    Map<String, String> headers =
+        Stream.of(
+                new AbstractMap.SimpleEntry<>("authorization", "application 789:fooHash="),
                 new AbstractMap.SimpleEntry<>("content-type", "application/json; charset=utf-8"),
                 new AbstractMap.SimpleEntry<>("x-timestamp", "2023-12-01T15:01:20.0406449Z"))
             .collect(Collectors.toMap(Map.Entry::getKey, Map.Entry::getValue));