From 433c7844b785df5f9ce6415eb7d0fb17cf4f3456 Mon Sep 17 00:00:00 2001 From: Djoyke Reijans <115019123+DjoykeAbyah@users.noreply.github.com> Date: Thu, 1 Aug 2024 09:27:33 +0200 Subject: [PATCH] deprecated old HmacSignature method, adjusted unittest (#685) * deprecated old HmacSignature method, adjusted unittest * Update src/Adyen/Util/HmacSignature.php Co-authored-by: jillingk <93914435+jillingk@users.noreply.github.com> * updated HmacSignature * Update HmacSignatureTest.php Included tests for deprecated and corrected HMAC validation methods * updated unit test and deprecated hmacvalidation method --------- Co-authored-by: jillingk <93914435+jillingk@users.noreply.github.com> --- src/Adyen/Util/HmacSignature.php | 22 ++++++++++++++++++++++ tests/Unit/Util/HmacSignatureTest.php | 22 +++++++++++++++++++++- 2 files changed, 43 insertions(+), 1 deletion(-) diff --git a/src/Adyen/Util/HmacSignature.php b/src/Adyen/Util/HmacSignature.php index 572741ce..70e7b595 100644 --- a/src/Adyen/Util/HmacSignature.php +++ b/src/Adyen/Util/HmacSignature.php @@ -9,6 +9,7 @@ class HmacSignature const EVENT_CODE = "eventCode"; /** + * @deprecated use Use validateHMACSignature with correct parameter order instead * @param string $hmacKey Can be found in Customer Area * @param string $hmacSign Can be found in the Webhook headers * @param string $webhook The response from Adyen @@ -16,6 +17,27 @@ class HmacSignature * @throws AdyenException */ public function validateHMAC(string $hmacKey, string $hmacSign, string $webhook): bool + { + if (!ctype_xdigit($hmacSign)) { + throw new AdyenException("Invalid HMAC key: $hmacKey"); + } + $expectedSign = base64_encode(hash_hmac( + 'sha256', + $webhook, + pack("H*", $hmacSign), + true + )); + return hash_equals($expectedSign, $hmacKey); + } + + /** + * @param string $hmacKey Can be found in Customer Area + * @param string $hmacSign Can be found in the Webhook headers + * @param string $webhook The response from Adyen + * @return bool + * @throws AdyenException + */ + public function validateHMACSignature(string $hmacKey, string $hmacSign, string $webhook): bool { if (!ctype_xdigit($hmacKey)) { throw new AdyenException("Invalid HMAC key: $hmacKey"); diff --git a/tests/Unit/Util/HmacSignatureTest.php b/tests/Unit/Util/HmacSignatureTest.php index 0ae58901..c6f8a32e 100644 --- a/tests/Unit/Util/HmacSignatureTest.php +++ b/tests/Unit/Util/HmacSignatureTest.php @@ -151,8 +151,8 @@ public function testIsHmacSupportedEventCode() $this->fail('Unexpected exception'); } } - /** + * @deprecated * @throws AdyenException */ public function testBankingWebhookHmacValidation() @@ -165,6 +165,26 @@ public function testBankingWebhookHmacValidation() . "\"test\",\"type\":\"balancePlatform.balanceAccountSweep.updated\"}"; $hmac = new HmacSignature(); $result = $hmac->validateHMAC( + "9Qz9S/0xpar1klkniKdshxpAhRKbiSAewPpWoxKefQA=", + "D7DD5BA6146493707BF0BE7496F6404EC7A63616B7158EC927B9F54BB436765F", + $params + ); + self::assertTrue($result); + } + + /** + * @throws AdyenException + */ + public function testBankingWebhookHmacSignature() + { + $params = "{\"data\":{\"balancePlatform\":\"Integration_tools_test\"," + . "\"accountId\":\"BA32272223222H5HVKTBK4MLB\",\"sweep\":{\"id\":\"SWPC42272223222H5HVKV6H8C64DP5\"," + . "\"schedule\":{\"type\":\"balance\"},\"status\":\"active\",\"targetAmount\":{\"currency\":\"EUR\"" + . ",\"value\":0},\"triggerAmount\":{\"currency\":\"EUR\",\"value\":0},\"type\":\"pull\",\"counterparty\":" + . "{\"balanceAccountId\":\"BA3227C223222H5HVKT3H9WLC\"},\"currency\":\"EUR\"}},\"environment\":" + . "\"test\",\"type\":\"balancePlatform.balanceAccountSweep.updated\"}"; + $hmac = new HmacSignature(); + $result = $hmac->validateHMACSignature( "D7DD5BA6146493707BF0BE7496F6404EC7A63616B7158EC927B9F54BB436765F", "9Qz9S/0xpar1klkniKdshxpAhRKbiSAewPpWoxKefQA=", $params