Skip to content

Instantly share code, notes, and snippets.

@stephanbruijnis
Last active November 9, 2022 17:34
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save stephanbruijnis/af408cf41cf600e4b3036a72cc250813 to your computer and use it in GitHub Desktop.
Save stephanbruijnis/af408cf41cf600e4b3036a72cc250813 to your computer and use it in GitHub Desktop.
Verify received webhook signature. It will generate the signature; using your secret and compare that signature with the signature you receive in the webhook payload.
// This file was generated by Mendix Studio Pro.
//
// WARNING: Only the following code will be retained when actions are regenerated:
// - the import list
// - the code between BEGIN USER CODE and END USER CODE
// - the code between BEGIN EXTRA CODE and END EXTRA CODE
// Other code you write will be lost the next time you deploy the project.
// Special characters, e.g., é, ö, à, etc. are supported in comments.
package typeform_connector.actions;
import com.mendix.core.Core;
import com.mendix.systemwideinterfaces.core.IContext;
import com.mendix.webui.CustomJavaAction;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.binary.Base64;
public class VerifyWebhookSignature extends CustomJavaAction<java.lang.Boolean>
{
private java.lang.String payload;
private java.lang.String endpointsecret;
private java.lang.String sigheader;
public VerifyWebhookSignature(IContext context, java.lang.String payload, java.lang.String endpointsecret, java.lang.String sigheader)
{
super(context);
this.payload = payload;
this.endpointsecret = endpointsecret;
this.sigheader = sigheader;
}
@java.lang.Override
public java.lang.Boolean executeAction() throws Exception
{
// BEGIN USER CODE
Mac sha256_HMAC = Mac.getInstance("HmacSHA256");
SecretKeySpec secret_key = new SecretKeySpec(endpointsecret.getBytes("UTF-8"), "HmacSHA256");
sha256_HMAC.init(secret_key);
String receivedSignature = "sha256=" + Base64.encodeBase64String(sha256_HMAC.doFinal(payload.getBytes("UTF-8")));
Core.getLogger("MyFirstModule").debug("Calculated signature: " + receivedSignature);
Core.getLogger("MyFirstModule").debug("Received signature: " + sigheader);
return receivedSignature.equals(sigheader);
// END USER CODE
}
/**
* Returns a string representation of this action
*/
@java.lang.Override
public java.lang.String toString()
{
return "VerifyWebhookSignature";
}
// BEGIN EXTRA CODE
// END EXTRA CODE
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment