Merge pull request #26 from alipay/optimize_webhook_signature

add webhook signature verify tool

Author: ScottWryyyyy

README.md

@@ -12,7 +12,7 @@ https://mvnrepository.com/artifact/com.alipay.global.sdk/global-open-sdk-java
 <dependency>
     <groupId>com.alipay.global.sdk</groupId>
     <artifactId>global-open-sdk-java</artifactId>
-    <version>2.0.21</version>
+    <version>2.0.22</version>
 </dependency>
 ```
 

pom.xml

@@ -4,7 +4,7 @@
     <groupId>com.alipay.global.sdk</groupId>
     <artifactId>global-open-sdk-java</artifactId>
     <packaging>jar</packaging>
-    <version>2.0.21</version>
+    <version>2.0.22</version>
     <name>global-open-sdk-java</name>
     <url>https://github.com/alipay/global-open-sdk-java</url>
     <description>

src/main/java/com/alipay/global/api/DefaultAlipayClient.java

@@ -1,14 +1,14 @@
 package com.alipay.global.api;
 
+import java.util.Map;
+
 import com.alipay.global.api.exception.AlipayApiException;
 import com.alipay.global.api.net.DefaultHttpRPC;
 import com.alipay.global.api.net.HttpRpcResult;
 
-import java.util.Map;
-
-public class DefaultAlipayClient extends BaseAlipayClient{
+public class DefaultAlipayClient extends BaseAlipayClient {
 
-    public DefaultAlipayClient(String gatewayUrl, String merchantPrivateKey, String alipayPublicKey ){
+    public DefaultAlipayClient(String gatewayUrl, String merchantPrivateKey, String alipayPublicKey) {
         super(gatewayUrl, merchantPrivateKey, alipayPublicKey);
     }
 
@@ -17,11 +17,11 @@ public Map<String, String> buildCustomHeader() {
         return null;
     }
 
-    public HttpRpcResult sendRequest(String requestUrl, String httpMethod, Map<String, String> header, String reqBody)throws AlipayApiException {
+    public HttpRpcResult sendRequest(String requestUrl, String httpMethod, Map<String, String> header, String reqBody) throws AlipayApiException {
         HttpRpcResult httpRpcResult;
         try {
             httpRpcResult = DefaultHttpRPC.doPost(requestUrl, header, reqBody);
-        } catch (Exception e){
+        } catch (Exception e) {
             throw new AlipayApiException(e);
         }
         return httpRpcResult;

src/main/java/com/alipay/global/api/model/constants/ProductSceneConstants.java

@@ -1,7 +1,7 @@
 package com.alipay.global.api.model.constants;
 
 /**
- * @Author yanhong
+ * @author yanhong
  * @version $Id: productSceneConstants.java, v 0.1 2024年03月14日 5:02 PM yanhong Exp $
  **/
 public class ProductSceneConstants {

src/main/java/com/alipay/global/api/tools/WebhookTool.java

@@ -0,0 +1,43 @@
+package com.alipay.global.api.tools;
+
+import com.alipay.global.api.exception.AlipayApiException;
+
+public class WebhookTool {
+
+    /**
+     * Check webhook signature
+     *
+     * @param requestUri      your webhook endpoint, domain part excluded, sample: /payNotify
+     * @param httpMethod      http method
+     * @param clientId        your clientId, sample: SANDBOX_5X00000000000000
+     * @param requestTime     requestTime from http header, sample: 2019-01-01T01:01:01Z
+     * @param signature       signature from http header, sample: algorithm=RSA256,keyVersion=1,signature=xxx
+     * @param notifyBody      notify body
+     * @param alipayPublicKey alipay public key
+     * @return
+     * @throws AlipayApiException
+     */
+    public static boolean checkSignature(String requestUri, String httpMethod, String clientId, String requestTime,
+                                         String signature, String notifyBody, String alipayPublicKey) throws AlipayApiException {
+        String realSignature = "";
+
+        // get valid part from raw signature
+        if (signature == null || signature.isEmpty()) {
+            throw new RuntimeException("empty notify signature");
+        } else {
+            String[] parts = signature.split("signature=");
+            if (parts.length > 1) {
+                realSignature = parts[1];
+            }
+        }
+
+        try {
+            // verify signature
+            return SignatureTool.verify(httpMethod, requestUri, clientId, requestTime, notifyBody, realSignature, alipayPublicKey);
+        } catch (Exception e) {
+            throw new AlipayApiException(e);
+        }
+
+    }
+
+}