chore: Fix usage of validateHMAC (#679)

Co-authored-by: jillingk <[email protected]>

src/Adyen/Util/HmacSignature.php

@@ -17,16 +17,16 @@ class HmacSignature
      */
     public function validateHMAC(string $hmacKey, string $hmacSign, string $webhook): bool
     {
-        if (!ctype_xdigit($hmacSign)) {
+        if (!ctype_xdigit($hmacKey)) {
             throw new AdyenException("Invalid HMAC key: $hmacKey");
         }
         $expectedSign = base64_encode(hash_hmac(
             'sha256',
             $webhook,
-            pack("H*", $hmacSign),
+            pack("H*", $hmacKey),
             true
         ));
-        return hash_equals($expectedSign, $hmacKey);
+        return hash_equals($expectedSign, $hmacSign);
     }
     /**
      * @param string $hmacKey Can be found in Customer Area

tests/Unit/Util/HmacSignatureTest.php

@@ -165,8 +165,8 @@ public function testBankingWebhookHmacValidation()
             . "\"test\",\"type\":\"balancePlatform.balanceAccountSweep.updated\"}";
         $hmac = new HmacSignature();
         $result = $hmac->validateHMAC(
-            "9Qz9S/0xpar1klkniKdshxpAhRKbiSAewPpWoxKefQA=",
             "D7DD5BA6146493707BF0BE7496F6404EC7A63616B7158EC927B9F54BB436765F",
+            "9Qz9S/0xpar1klkniKdshxpAhRKbiSAewPpWoxKefQA=",
             $params
         );
         self::assertTrue($result);