Java Examples for com.stripe.exception.SignatureVerificationException

The following java examples will help you to understand the usage of com.stripe.exception.SignatureVerificationException. These source code samples are taken from different open source projects.

Example 1
Project: stripe-java-master  File: Webhook.java View source code
/**
		 * Verifies the signature header sent by Stripe. Throws a
		 * SignatureVerificationException if the verification fails for any reason.
		 *
		 * @param payload the payload sent by Stripe.
		 * @param sigHeader the contents of the signature header sent by Stripe.
		 * @param secret secret used to generate the signature.
		 * @param tolerance maximum difference allowed between the header's
		 *  timestamp and the current time
		 * @throws SignatureVerificationException if the verification fails.
		 */
public static boolean verifyHeader(String payload, String sigHeader, String secret, long tolerance) throws SignatureVerificationException {
    // Get timestamp and signatures from header
    long timestamp = getTimestamp(sigHeader);
    List<String> signatures = getSignatures(sigHeader, EXPECTED_SCHEME);
    if (timestamp <= 0) {
        throw new SignatureVerificationException("Unable to extract timestamp and signatures from header", sigHeader);
    }
    if (signatures.size() == 0) {
        throw new SignatureVerificationException("No signatures found with expected scheme", sigHeader);
    }
    // Compute expected signature
    String signedPayload = String.format("%d.%s", timestamp, payload);
    String expectedSignature;
    try {
        expectedSignature = computeSignature(signedPayload, secret);
    } catch (Exception e) {
        throw new SignatureVerificationException("Unable to compute signature for payload", sigHeader);
    }
    // Check if expected signature is found in list of header's signatures
    Boolean signatureFound = false;
    for (String signature : signatures) {
        if (Util.secureCompare(expectedSignature, signature)) {
            signatureFound = true;
            break;
        }
    }
    if (!signatureFound) {
        throw new SignatureVerificationException("No signatures found matching the expected signature for payload", sigHeader);
    }
    // Check tolerance
    if ((tolerance > 0) && (timestamp < (Util.getTimeNow() - tolerance))) {
        throw new SignatureVerificationException("Timestamp outside the tolerance zone", sigHeader);
    }
    return true;
}