truth3/private_key.pem

## private_key.pem
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEA0cCM/xT5c6Czor3573pXlPEFbEzk4rm/iq15eWntOWMl3Bkb
dZY9Zbm8TOjh0YrHFH4ZrQmREXyxVQxZNQ7zwITmwyrMyb1/ravbSpuj9HIpY4hn
5sregUJZUtWTSvtlXSSKa60bva5qG8MHi+hK7qWayJwfriDung+T9jss6k8ANmin
2BPjpjTlMbbJbRyr+27XYov3nD9U1KYeBnGgyj8aplb/1e75Iuk7oCwVm+kTsPKI
/ZeATf/kfS93tQrw0/gozP4iVubyKBVG05BzerFcb3QUzLSo3LIJ/8VYuGHnz6y+
J6xy02EOhzJMPLUt3GQo7yUDOPls/W2tCBUebwIDAQABAoIBADmS9eDKnBI+CTDh
nqo6VbH/WnK4xJbrT4U8Sryl88Stz2WTyrLDE4VJr0MZJWsEAdNBLcEOgDBhnrdu
lUn4GbY9hK4LoHy7tEEyjBX1lNJzR6MXfRWfl+W5FZWkJDMPwGoJrqkRsiylpGCM
bxTbJT5OXKc2G4gLaBQgyIdtBM4nc7F/TraswmuU940NsVSKBIpeqsgh4jeV6p8T
1QG0SzrNAVsUXHCiXC9eU0aPFvfAaJtnTaZ3F42avWD+1rUlm+vjVHZzu+bzSQSo
23dqNmoNUIk4iyIA0/QzrAF0eZh1+/L4U/+rTEOxvQE4nmiL+jVY9smIUfUdnfNm
7QjJwkkCgYEA9/GXupJ+TCDJmfK5ILYP86fpKVUf+zPx+cPQ638LkLEEzKlVZNAW
Lx90W3S7Nf58FItH7wagXXrdEk+HhaWjUcwljxrWdSNFryuotMsUBqFXjhhWkEWZ
fscZHUOZhZKwursWifOxeHgMHyWF6ldwZ78DT7N/k2cReyZsb/821jUCgYEA2JFH
Yct58JoTr76YlemmXsBX02ILKwVwJbp1eqEcE8hzIGCDTHuCy1Ocr0J5vv/7125q
iHbG5JjmIFpArQ39zJOfphDQ9mj2+ZVvzI+gnenZKhRUFpYMlAwf+SSBZQPbYREN
s446iMBfCxb3ZhsHDtDe1T3D3qiK9XuSrBUjZpMCgYBS1K0BsUrsF9AB1CqwmOH/
XkrwefWzMAlYjWhQJCMy9VBLJw7WHQYsO+/dVcPtJ9U/77/aRHZyhEcyhMsbhNho
zTCG/EpE28G94XH85BMOm/vqBot0qyu6RL1JH3o8O2M7HqFK+NSDEGfMR/bS8N8m
aZOrnqWyEq6uW4nCaJpjOQKBgQDJ5T5fzFrk1C8wMwZ7E7TXNodp+EgjFlHDyn2F
EjdjtgamE3O0VJzNwygaN2XaiziUUUqd5+Vp7aT0Wk9bReTq2GEIZzr3zUkZypfM
Y8XAEeczlHoECGS3jEoucTr0GlFlv4k/cIPfQ0AXzZRcqyu8QzrKH2e/5u6NBmPp
a1dyYwKBgDg8qbmH4hq7L2/AbbR8QWDG9+fuDFi7UAbiAf6buRoU5kHuLcgE/Owi
nGkskWxlE1S2i6PRoFmmG0zcPhJbvejwe6ck5wVMomU7LdC4nAlVR/UhUCeI5lhm
fjYFouw2X2YA7MERMEh2Lat8wfnckg2fNdMcp+F0Auuoy7gc0MR7
-----END RSA PRIVATE KEY-----

## public_key.pem
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0cCM/xT5c6Czor3573pX
lPEFbEzk4rm/iq15eWntOWMl3BkbdZY9Zbm8TOjh0YrHFH4ZrQmREXyxVQxZNQ7z
wITmwyrMyb1/ravbSpuj9HIpY4hn5sregUJZUtWTSvtlXSSKa60bva5qG8MHi+hK
7qWayJwfriDung+T9jss6k8ANmin2BPjpjTlMbbJbRyr+27XYov3nD9U1KYeBnGg
yj8aplb/1e75Iuk7oCwVm+kTsPKI/ZeATf/kfS93tQrw0/gozP4iVubyKBVG05Bz
erFcb3QUzLSo3LIJ/8VYuGHnz6y+J6xy02EOhzJMPLUt3GQo7yUDOPls/W2tCBUe
bwIDAQAB
-----END PUBLIC KEY-----

## signatureValidation.php
<?php
if ($_SERVER['REQUEST_METHOD'] == 'GET') {
    die('GET requests are not allowed');
}


// Processing the headers to get the Signature and algorithm values
$headers = apache_request_headers();
$headerEncodedData = json_encode($headers);
$headerDecodedData = json_decode($headerEncodedData,true);

// Extracting the signature and the algorithm values
$signature = ($headerDecodedData["Hook-Signature"]);
$hashAlg = ($headerDecodedData["Hook-Algorithm"]);

// Grabbing the raw data
$data = file_get_contents('php://input');

// Check to see if the signature is present in the header
if (empty($signature)) {
  $message ='Data was not signed, be careful';
  sendMail($message,$data);
} else {
  // Need to verify the signature hasn't been tampered with
  if (base64_encode(base64_decode($signature, true)) === $signature){
  		$validatedSignature = base64_decode($signature);
  } else {
    $message = "Signature failed decoding";
    sendMail($message,$data);
  		// break;
  }
}

// Parsing the algorithm to figure out which way to verify the signature
$hashAlgMethod = substr($hashAlg,0,2);
$hashAlgStrength = substr($hashAlg,2,3);
$hashAlg = "sha" . $hashAlgStrength;


if ($hashAlgMethod=="RS") {
  // Hash the data using the defined algorithm
  $dataHash = hash($hashAlg,$data,true);

  // Loading the public key for verification
  $public_key_pem = file_get_contents("public_key.pem");

  // Verify the signature
  $r = openssl_verify($dataHash,$validatedSignature,$public_key_pem,$hashAlg);
  if ($r == 1) {
    $message ='Post Verification Passed';
  } else if ($r == 0) {
    $message ='Post Verification Failed';
    $data ='Data has been thrown away, as verification failed';
  }
  sendMail($message,$data,$hashAlg,$signature);

} else if ($hashAlgMethod=="HS") {

  //Use the same key that the signer used
  $private_key_pem = file_get_contents("private_key.pem");

  //Create a keyed hash of the data
  $rawSignature = hash_hmac($hashAlg,$data,$private_key_pem,true);

  //Encode the signature just like the sender
  $verifySignature = base64_encode($rawSignature);

  // Verify the signature
  if ($verifySignature == $signature){
    $message ='Post Verification Passed';
  } else if ($verifySignature != $signature){
    $message ='Post Verification Failed';
    $data ='Data has been thrown away, as verification failed';
  }
  sendMail($message,$data,$hashAlg,$signature);
}

// Send an email explaining what happened during verification and include the raw data

function sendMail($message,$data,$hashAlg,$signature){
  mail("#####@######.com", $message, "The Data Begins here: \r\n" . $data . "\r\nThe Hash Alg is here\r\n" . $hashAlg . "\r
  \nThe Signature is here\r\n" . $signature );
}

?>
	-----BEGIN RSA PRIVATE KEY-----
	MIIEowIBAAKCAQEA0cCM/xT5c6Czor3573pXlPEFbEzk4rm/iq15eWntOWMl3Bkb
	dZY9Zbm8TOjh0YrHFH4ZrQmREXyxVQxZNQ7zwITmwyrMyb1/ravbSpuj9HIpY4hn
	5sregUJZUtWTSvtlXSSKa60bva5qG8MHi+hK7qWayJwfriDung+T9jss6k8ANmin
	2BPjpjTlMbbJbRyr+27XYov3nD9U1KYeBnGgyj8aplb/1e75Iuk7oCwVm+kTsPKI
	/ZeATf/kfS93tQrw0/gozP4iVubyKBVG05BzerFcb3QUzLSo3LIJ/8VYuGHnz6y+
	J6xy02EOhzJMPLUt3GQo7yUDOPls/W2tCBUebwIDAQABAoIBADmS9eDKnBI+CTDh
	nqo6VbH/WnK4xJbrT4U8Sryl88Stz2WTyrLDE4VJr0MZJWsEAdNBLcEOgDBhnrdu
	lUn4GbY9hK4LoHy7tEEyjBX1lNJzR6MXfRWfl+W5FZWkJDMPwGoJrqkRsiylpGCM
	bxTbJT5OXKc2G4gLaBQgyIdtBM4nc7F/TraswmuU940NsVSKBIpeqsgh4jeV6p8T
	1QG0SzrNAVsUXHCiXC9eU0aPFvfAaJtnTaZ3F42avWD+1rUlm+vjVHZzu+bzSQSo
	23dqNmoNUIk4iyIA0/QzrAF0eZh1+/L4U/+rTEOxvQE4nmiL+jVY9smIUfUdnfNm
	7QjJwkkCgYEA9/GXupJ+TCDJmfK5ILYP86fpKVUf+zPx+cPQ638LkLEEzKlVZNAW
	Lx90W3S7Nf58FItH7wagXXrdEk+HhaWjUcwljxrWdSNFryuotMsUBqFXjhhWkEWZ
	fscZHUOZhZKwursWifOxeHgMHyWF6ldwZ78DT7N/k2cReyZsb/821jUCgYEA2JFH
	Yct58JoTr76YlemmXsBX02ILKwVwJbp1eqEcE8hzIGCDTHuCy1Ocr0J5vv/7125q
	iHbG5JjmIFpArQ39zJOfphDQ9mj2+ZVvzI+gnenZKhRUFpYMlAwf+SSBZQPbYREN
	s446iMBfCxb3ZhsHDtDe1T3D3qiK9XuSrBUjZpMCgYBS1K0BsUrsF9AB1CqwmOH/
	XkrwefWzMAlYjWhQJCMy9VBLJw7WHQYsO+/dVcPtJ9U/77/aRHZyhEcyhMsbhNho
	zTCG/EpE28G94XH85BMOm/vqBot0qyu6RL1JH3o8O2M7HqFK+NSDEGfMR/bS8N8m
	aZOrnqWyEq6uW4nCaJpjOQKBgQDJ5T5fzFrk1C8wMwZ7E7TXNodp+EgjFlHDyn2F
	EjdjtgamE3O0VJzNwygaN2XaiziUUUqd5+Vp7aT0Wk9bReTq2GEIZzr3zUkZypfM
	Y8XAEeczlHoECGS3jEoucTr0GlFlv4k/cIPfQ0AXzZRcqyu8QzrKH2e/5u6NBmPp
	a1dyYwKBgDg8qbmH4hq7L2/AbbR8QWDG9+fuDFi7UAbiAf6buRoU5kHuLcgE/Owi
	nGkskWxlE1S2i6PRoFmmG0zcPhJbvejwe6ck5wVMomU7LdC4nAlVR/UhUCeI5lhm
	fjYFouw2X2YA7MERMEh2Lat8wfnckg2fNdMcp+F0Auuoy7gc0MR7
	-----END RSA PRIVATE KEY-----
	-----BEGIN PUBLIC KEY-----
	MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0cCM/xT5c6Czor3573pX
	lPEFbEzk4rm/iq15eWntOWMl3BkbdZY9Zbm8TOjh0YrHFH4ZrQmREXyxVQxZNQ7z
	wITmwyrMyb1/ravbSpuj9HIpY4hn5sregUJZUtWTSvtlXSSKa60bva5qG8MHi+hK
	7qWayJwfriDung+T9jss6k8ANmin2BPjpjTlMbbJbRyr+27XYov3nD9U1KYeBnGg
	yj8aplb/1e75Iuk7oCwVm+kTsPKI/ZeATf/kfS93tQrw0/gozP4iVubyKBVG05Bz
	erFcb3QUzLSo3LIJ/8VYuGHnz6y+J6xy02EOhzJMPLUt3GQo7yUDOPls/W2tCBUe
	bwIDAQAB
	-----END PUBLIC KEY-----
	<?php
	if ($_SERVER['REQUEST_METHOD'] == 'GET') {
	die('GET requests are not allowed');
	}


	// Processing the headers to get the Signature and algorithm values
	$headers = apache_request_headers();
	$headerEncodedData = json_encode($headers);
	$headerDecodedData = json_decode($headerEncodedData,true);

	// Extracting the signature and the algorithm values
	$signature = ($headerDecodedData["Hook-Signature"]);
	$hashAlg = ($headerDecodedData["Hook-Algorithm"]);

	// Grabbing the raw data
	$data = file_get_contents('php://input');

	// Check to see if the signature is present in the header
	if (empty($signature)) {
	$message ='Data was not signed, be careful';
	sendMail($message,$data);
	} else {
	// Need to verify the signature hasn't been tampered with
	if (base64_encode(base64_decode($signature, true)) === $signature){
	$validatedSignature = base64_decode($signature);
	} else {
	$message = "Signature failed decoding";
	sendMail($message,$data);
	// break;
	}
	}

	// Parsing the algorithm to figure out which way to verify the signature
	$hashAlgMethod = substr($hashAlg,0,2);
	$hashAlgStrength = substr($hashAlg,2,3);
	$hashAlg = "sha" . $hashAlgStrength;


	if ($hashAlgMethod=="RS") {
	// Hash the data using the defined algorithm
	$dataHash = hash($hashAlg,$data,true);

	// Loading the public key for verification
	$public_key_pem = file_get_contents("public_key.pem");

	// Verify the signature
	$r = openssl_verify($dataHash,$validatedSignature,$public_key_pem,$hashAlg);
	if ($r == 1) {
	$message ='Post Verification Passed';
	} else if ($r == 0) {
	$message ='Post Verification Failed';
	$data ='Data has been thrown away, as verification failed';
	}
	sendMail($message,$data,$hashAlg,$signature);

	} else if ($hashAlgMethod=="HS") {

	//Use the same key that the signer used
	$private_key_pem = file_get_contents("private_key.pem");

	//Create a keyed hash of the data
	$rawSignature = hash_hmac($hashAlg,$data,$private_key_pem,true);

	//Encode the signature just like the sender
	$verifySignature = base64_encode($rawSignature);

	// Verify the signature
	if ($verifySignature == $signature){
	$message ='Post Verification Passed';
	} else if ($verifySignature != $signature){
	$message ='Post Verification Failed';
	$data ='Data has been thrown away, as verification failed';
	}
	sendMail($message,$data,$hashAlg,$signature);
	}

	// Send an email explaining what happened during verification and include the raw data

	function sendMail($message,$data,$hashAlg,$signature){
	mail("#####@######.com", $message, "The Data Begins here: \r\n" . $data . "\r\nThe Hash Alg is here\r\n" . $hashAlg . "\r
	\nThe Signature is here\r\n" . $signature );
	}

	?>