No Results
Search Tips:
- Please consider misspellings
- Try different search keywords
To validate the signature, you can use this sample Java code. Make sure to perform JSON escaping on the payload received at the target.
This code includes the payload, signature received, and secret key. You can have similar code in your respective programming language.
public static final String SIGNING_KEY_ALGO = "HMACSHA256";
public static boolean isSignatureValid(String payload, String receivedSignature, String signingKey) throws NoSuchAlgorithmException, InvalidKeyException, UnsupportedEncodingException {
Mac mac = Mac.getInstance(SIGNING_KEY_ALGO);
SecretKeySpec secretKeySpec =
new SecretKeySpec(
signingKey.getBytes(StandardCharsets.UTF_8), SIGNING_KEY_ALGO);
mac.init(secretKeySpec);
String signature =
org.apache.commons.codec.binary.Base64.encodeBase64String(mac.doFinal(payload.getBytes(StandardCharsets.UTF_8)));
if(signature.equals(receivedSignature))
{
return true;
}
return false;
}
import hmac
import hashlib
import base64
def is_signature_valid(payload, received_signature, signing_key):
mac = hmac.new(signing_key.encode('latin-1'), digestmod=hashlib.sha256)
mac.update(payload.encode('latin-1'))
signature = base64.b64encode(mac.digest()).decode('utf-8')
return signature == received_signature