SignatureUtils.java

package cc.nfscan.server.utils;

import org.springframework.stereotype.Component;

import java.util.ArrayList;
import java.util.List;
import java.util.Random;

/**
 * Class in charge of generating signature and validate counterSignature to fend off requests that aren't coming from
 * our app. We've decided to do that since the app doesn't provide any log in feature. Another good reason why we've
 * chosen to implement in that way is that we wanted to keep this application as stateless as possible so that we could
 * scale without have to enabled stickess sessions on the load balancer or have to deal with connection draining when
 * scaling up and down.
 *
 * @author Marcelo Carlos Agostinho Junior <a href="http://github.com/magostinhojr">@magostinhojr</a>
 */
@Component
public class SignatureUtils {


    /**
     * Generates a signature that only this server and your app knows how to break it.
     *
     * @return a string
     */
    public String generateSignature() {

        //TODO You should implement a signature that only your server and your mobile application is able to identify
        return "PASS";

    }

    /**
     * Validates whether or not the counter signature generated by you mobile application
     *
     * @param signature        the signature this server has generated
     * @param counterSignature the counter signature the mobile app has generated
     * @return true if valid and false otherwise
     */
    public boolean validateCounterSignature(String signature, String counterSignature) {
        //TODO Given a server generated signature, your mobile application must create a counter signature that only
        // your server know how to validate
        return true;
    }
}