Class: Adyen::Utils::HmacValidator

Inherits:

Object

• Object
• Adyen::Utils::HmacValidator

Defined in:

lib/adyen/utils/hmac_validator.rb

Constant Summary

HMAC_ALGORITHM =

'sha256'.freeze

DATA_SEPARATOR =

':'.freeze

WEBHOOK_VALIDATION_KEYS =

%w[
  pspReference originalReference merchantAccountCode merchantReference
  amount.value amount.currency eventCode success
].freeze

Instance Method Summary

• #calculate_webhook_hmac(webhook_request_item, hmac_key) ⇒ Object (also: #calculate_notification_hmac)
• #calculate_webhook_payload_hmac(data, hmac_key) ⇒ Object
• #data_to_sign(webhook_request_item) ⇒ Object
• #valid_webhook_hmac?(webhook_request_item, hmac_key) ⇒ Boolean (also: #valid_notification_hmac?)

  Returns true if the HMAC signature is valid, otherwise false.

• #valid_webhook_payload_hmac?(hmac_signature, hmac_key, payload) ⇒ Boolean

  Returns true if the HMAC signature is valid, otherwise false.

Instance Method Details

#calculate_webhook_hmac(webhook_request_item, hmac_key) ⇒ Object Also known as: calculate_notification_hmac

# File 'lib/adyen/utils/hmac_validator.rb', line 57

def calculate_webhook_hmac(webhook_request_item, hmac_key)
  data = data_to_sign(webhook_request_item)

  Base64.strict_encode64(
    OpenSSL::HMAC.digest(HMAC_ALGORITHM, [hmac_key].pack('H*'), data)
  )
end

#calculate_webhook_payload_hmac(data, hmac_key) ⇒ Object

# File 'lib/adyen/utils/hmac_validator.rb', line 51

def calculate_webhook_payload_hmac(data, hmac_key)
  Base64.strict_encode64(
    OpenSSL::HMAC.digest(HMAC_ALGORITHM, [hmac_key].pack('H*'), data)
  )
end

#data_to_sign(webhook_request_item) ⇒ Object

# File 'lib/adyen/utils/hmac_validator.rb', line 70

def data_to_sign(webhook_request_item)
  WEBHOOK_VALIDATION_KEYS
    .map { webhook_request_item.dig(*_1.split('.')).to_s }
    .compact
    .join(DATA_SEPARATOR)
end

#valid_webhook_hmac?(webhook_request_item, hmac_key) ⇒ Boolean Also known as: valid_notification_hmac?

Returns true if the HMAC signature is valid, otherwise false.

Returns:

• (Boolean) —

  Returns true if the HMAC signature is valid, otherwise false.

# File 'lib/adyen/utils/hmac_validator.rb', line 23

def valid_webhook_hmac?(webhook_request_item, hmac_key)
  expected_sign = calculate_webhook_hmac(webhook_request_item, hmac_key)
  merchant_sign =
    webhook_request_item.dig('additionalData', 'hmacSignature')

  expected_sign == merchant_sign
end

#valid_webhook_payload_hmac?(hmac_signature, hmac_key, payload) ⇒ Boolean

Returns true if the HMAC signature is valid, otherwise false.

Returns:

• (Boolean) —

  Returns true if the HMAC signature is valid, otherwise false.

# File 'lib/adyen/utils/hmac_validator.rb', line 39

def valid_webhook_payload_hmac?(hmac_signature, hmac_key, payload)
  expected_sign = calculate_webhook_payload_hmac(payload, hmac_key)
  puts(expected_sign)
  expected_sign == hmac_signature
end