/**
* Validate signature using Hosted Page configuration
*
* @param signature - signature need to validate
* @param expiredAfter - expired time in millisecond after the signature is created
* @throws Exception
*/
public static void validBasicSignature(String signature, long expiredAfter) throws Exception {
// Need to get value from configration page and value from request to construct the
// encryptedString.
// SignatureDecrypter.verifyAdvancedSignature(signature, encryptedString, publicKeyString);
String decryptedSignature = SignatureDecrypter.decryptAsString(signature, publicKeyString);
// Validate signature.
if (StringUtils.isBlank(decryptedSignature)) {
throw new Exception("Signature is empty.");
}
StringTokenizer st = new StringTokenizer(decryptedSignature, "#");
String url_signature = st.nextToken();
String tenanId_signature = st.nextToken();
String token_signature = st.nextToken();
String timestamp_signature = st.nextToken();
String pageId_signature = st.nextToken();
if (StringUtils.isBlank(url_signature)
|| StringUtils.isBlank(tenanId_signature)
|| StringUtils.isBlank(token_signature)
|| StringUtils.isBlank(timestamp_signature)
|| StringUtils.isBlank(pageId_signature)) {
throw new Exception("Signature is not complete.");
}
boolean isPageIdValid = false;
for (HPMPage page : pages.values()) {
if (page.getPageId().equals(pageId_signature)) {
isPageIdValid = true;
break;
}
}
if (!isPageIdValid) {
throw new Exception("Page Id in signature is invalid.");
}
if ((new Date()).getTime() > (Long.parseLong(timestamp_signature) + expiredAfter)) {
throw new Exception("Signature is expired.");
}
}
