Class: Ubersicht::Ingestion::HmacValidator

Inherits:

Object

• Object
• Ubersicht::Ingestion::HmacValidator

Defined in:

lib/ubersicht/ingestion/hmac_validator.rb

Overview

source: github.com/Adyen/adyen-ruby-api-library/blob/92e3fc98de808375ad701ba459aec3425d49c43c/spec/utils/hmac_validator_spec.rb

Constant Summary

DATA_SEPARATOR =

':'.freeze

HMAC_ALGORITHM =

'sha256'.freeze

ADYEN_HMAC_SIGNATURE_PATH =

'additionalData.hmacSignature'.freeze

ADYEN_VALIDATION_KEYS =

%w[pspReference
originalReference
merchantAccountCode
merchantReference
amount.value
amount.currency
eventCode
success].freeze

UBERSICHT_HMAC_SIGNATURE_PATH =

'payload.hmac_signature'.freeze

UBERSICHT_VALIDATION_KEYS =

%w[payload.event_group_id
payload.event_id
transaction_type
event_code
event_date].freeze

Class Method Summary

• .with_adyen ⇒ Object
• .with_ubersicht ⇒ Object

Instance Method Summary

• #calculate_notification_hmac(notification_request_item, hmac_key) ⇒ Object
• #data_to_sign(notification_request_item) ⇒ Object
• #initialize(hmac_signature_path, validation_keys) ⇒ HmacValidator constructor

  A new instance of HmacValidator.

• #valid_notification_hmac?(notification_request_item, hmac_key) ⇒ Boolean
• #valid_notifications?(notification_request_items, hmac_key) ⇒ Boolean

Constructor Details

#initialize(hmac_signature_path, validation_keys) ⇒ HmacValidator

Returns a new instance of HmacValidator.

# File 'lib/ubersicht/ingestion/hmac_validator.rb', line 33

def initialize(hmac_signature_path, validation_keys)
  @hmac_signature_path = hmac_signature_path
  @validation_keys = validation_keys
end

Class Method Details

.with_adyen ⇒ Object

# File 'lib/ubersicht/ingestion/hmac_validator.rb', line 25

def self.with_adyen
  new(ADYEN_HMAC_SIGNATURE_PATH, ADYEN_VALIDATION_KEYS)
end

.with_ubersicht ⇒ Object

# File 'lib/ubersicht/ingestion/hmac_validator.rb', line 29

def self.with_ubersicht
  new(UBERSICHT_HMAC_SIGNATURE_PATH, UBERSICHT_VALIDATION_KEYS)
end

Instance Method Details

#calculate_notification_hmac(notification_request_item, hmac_key) ⇒ Object

# File 'lib/ubersicht/ingestion/hmac_validator.rb', line 38

def calculate_notification_hmac(notification_request_item, hmac_key)
  data = data_to_sign(notification_request_item)

  Base64.strict_encode64(OpenSSL::HMAC.digest(HMAC_ALGORITHM, [hmac_key].pack('H*'), data))
end

#data_to_sign(notification_request_item) ⇒ Object

# File 'lib/ubersicht/ingestion/hmac_validator.rb', line 44

def data_to_sign(notification_request_item)
  validation_keys
    .map { |key| fetch(notification_request_item, key).to_s }
    .map { |value| value.gsub('\\', '\\\\').gsub(':', '\\:') }
    .join(DATA_SEPARATOR)
end

#valid_notification_hmac?(notification_request_item, hmac_key) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/ubersicht/ingestion/hmac_validator.rb', line 51

def valid_notification_hmac?(notification_request_item, hmac_key)
  expected_sign = calculate_notification_hmac(notification_request_item, hmac_key)
  merchant_sign = fetch(notification_request_item, hmac_signature_path)

  expected_sign == merchant_sign
end

#valid_notifications?(notification_request_items, hmac_key) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/ubersicht/ingestion/hmac_validator.rb', line 58

def valid_notifications?(notification_request_items, hmac_key)
  notification_request_items.all? do |notification_request_item|
    valid_notification_hmac?(notification_request_item, hmac_key)
  end
end