Webhook Setup
import java.security.*;
import java.security.spec.X509EncodedKeySpec;
import java.util.Base64;
import javax.servlet.http.HttpServletRequest;
public class CallbackController {
//Place your public key according to the environment
private String publicKey = "PUBLIC KEY";
public String callbackNotice(HttpServletRequest request, @RequestBody String param) {
//extract the signature
String signature = request.getHeader("signature");
//Use RSA-SHA256 to verify the signature, This signature uses hexadecimal encoding.
boolean verified = verifyRSASHA256(param, signature, publicKey);
System.out.println(String.format("verified:%s", verified));
return String.format("{\"callbackStatus\":\"%s\"}", (verified ? "SUCCESS" : "FAIL"));
}
public static boolean verifyRSASHA256(String data, String signature, String publicKeyStr) {
try {
// 1. Decode the Base64-encoded public key
byte[] publicKeyBytes = Base64.getDecoder().decode(publicKeyStr);
X509EncodedKeySpec keySpec = new X509EncodedKeySpec(publicKeyBytes);
// 2. Generate RSA public key
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
PublicKey publicKey = keyFactory.generatePublic(keySpec);
// 3. Initialize Signature object
Signature sig = Signature.getInstance("SHA256withRSA");
sig.initVerify(publicKey);
// 4. Update the data to be verified
sig.update(data.getBytes("UTF-8"));
// 5. Decode the hexadecimal encoding signature
byte[] signatureBytes = decodeHex(signature);
// 6. Verify the signature
return sig.verify(signatureBytes);
} catch (Exception e) {
e.printStackTrace();
return false;
}
}
public static byte[] decodeHex(String value) {
int len = value.length();
byte[] data = new byte[len / 2];
for (int i = 0; i < len; i += 2) {
data[i / 2] = (byte) ((Character.digit(value.charAt(i), 16) << 4)
+ Character.digit(value.charAt(i+1), 16));
}
return data;
}
}