Example #1
0
  /**
   * Validate signature using Hosted Page configuration
   *
   * @param signature - signature need to validate
   * @param expiredAfter - expired time in millisecond after the signature is created
   * @throws Exception
   */
  public static void validBasicSignature(String signature, long expiredAfter) throws Exception {
    // Need to get value from configration page and value from request to construct the
    // encryptedString.

    // SignatureDecrypter.verifyAdvancedSignature(signature, encryptedString, publicKeyString);

    String decryptedSignature = SignatureDecrypter.decryptAsString(signature, publicKeyString);
    // Validate signature.
    if (StringUtils.isBlank(decryptedSignature)) {
      throw new Exception("Signature is empty.");
    }

    StringTokenizer st = new StringTokenizer(decryptedSignature, "#");
    String url_signature = st.nextToken();
    String tenanId_signature = st.nextToken();
    String token_signature = st.nextToken();
    String timestamp_signature = st.nextToken();
    String pageId_signature = st.nextToken();

    if (StringUtils.isBlank(url_signature)
        || StringUtils.isBlank(tenanId_signature)
        || StringUtils.isBlank(token_signature)
        || StringUtils.isBlank(timestamp_signature)
        || StringUtils.isBlank(pageId_signature)) {
      throw new Exception("Signature is not complete.");
    }

    boolean isPageIdValid = false;
    for (HPMPage page : pages.values()) {
      if (page.getPageId().equals(pageId_signature)) {
        isPageIdValid = true;
        break;
      }
    }
    if (!isPageIdValid) {
      throw new Exception("Page Id in signature is invalid.");
    }

    if ((new Date()).getTime() > (Long.parseLong(timestamp_signature) + expiredAfter)) {
      throw new Exception("Signature is expired.");
    }
  }
Example #2
0
  /**
   * Throw exception when the signature is invalid.
   *
   * @param request
   * @param expiredAfter
   * @throws Exception
   */
  public static void validateAdvancedSignature(HttpServletRequest request, long expiredAfter)
      throws Exception {

    // We can leverage FieldDecrypter to decrypt paygeId and refId.
    String pageId = FieldDecrypter.decrypt(request.getParameter("pageId"), publicKeyString);
    String paymentMethodId = FieldDecrypter.decrypt(request.getParameter("refId"), publicKeyString);

    System.out.println("Charset:" + request.getCharacterEncoding());
    System.out.println("QueryString:" + request.getQueryString());
    boolean isSignatureValid =
        SignatureDecrypter.verifyAdvancedSignature(request, callbackURL, publicKeyString);

    //          Following comment out codes is for reference to how to construct the encrypted
    // string.
    //			StringBuilder encryptedString = new StringBuilder();
    //			encryptedString.append( "/hpm2samplecodejsp/callback.jsp");
    //			encryptedString.append( DELIM + request.getParameter("tenantId") );
    //			encryptedString.append( DELIM + request.getParameter("token"));
    //			encryptedString.append( DELIM + request.getParameter("timestamp"));
    //			encryptedString.append( DELIM + FieldDecrypter.decrypt(request.getParameter("pageId"),
    // publicKeyString ));
    //
    //			encryptedString.append( DELIM + (request.getParameter("errorCode") ==
    // null?"":request.getParameter("errorCode") ));
    //
    //			encryptedString.append( DELIM + (request.getParameter("field_passthrough1") == null?
    // "":request.getParameter("field_passthrough1")));
    //			encryptedString.append( DELIM + (request.getParameter("field_passthrough2") == null?
    // "":request.getParameter("field_passthrough2")));
    //			encryptedString.append( DELIM + (request.getParameter("field_passthrough3") == null?
    // "":request.getParameter("field_passthrough3")));
    //			encryptedString.append( DELIM + (request.getParameter("field_passthrough4") == null?
    // "":request.getParameter("field_passthrough4")));
    //			encryptedString.append( DELIM + (request.getParameter("field_passthrough5") == null?
    // "":request.getParameter("field_passthrough5")));
    //
    //			encryptedString.append( DELIM + FieldDecrypter.decrypt(request.getParameter("refId"),
    // publicKeyString) );
    //
    //			boolean isSignatureValid = false;
    //
    //			String signature = null;
    //			System.out.println("Charset:" + request.getCharacterEncoding() );
    //			String[] parameters = request.getQueryString().split("&");
    //			for(String parameter: parameters){
    //				String[] keyValue = parameter.split("=");
    //				if( keyValue.length>1 && "signature".equals(keyValue[0]) ){
    //					signature = keyValue[1];
    //					break;
    //				}
    //			}
    //			isSignatureValid = SignatureDecrypter.verifyAdvancedSignature(URLDecoder.decode( signature,
    // "UTF-8"), encryptedString.toString(), publicKeyString);
    if (!isSignatureValid) {
      throw new Exception("Signature is invalid.");
    }

    if ((new Date()).getTime()
        > (Long.parseLong(request.getParameter("timestamp"))) + expiredAfter) {
      throw new Exception("Signature is expired.");
    }
  }