webhook validation

src/main/java/com/siftscience/utils/WebhookValidator.java

@@ -0,0 +1,17 @@
+package com.siftscience.utils;
+
+import com.siftscience.exception.SiftException;
+import org.apache.commons.codec.digest.HmacAlgorithms;
+import org.apache.commons.codec.digest.HmacUtils;
+
+public class WebhookValidator {
+    private static final String  SHA1 = "sha1=";
+
+    public static boolean isValidWebhook(String requestBody, String secretKey, String siftScienceSignature) {
+        String verificationSignature = SHA1 + new HmacUtils(HmacAlgorithms.HMAC_SHA_1, secretKey).hmacHex(requestBody);
+        if(siftScienceSignature.equals(verificationSignature) )
+            return true;
+        else
+            throw new SiftException("Unauthenticated webhook");
+    }
+}

src/test/java/com/siftscience/WebhookValidatorTest.java

@@ -0,0 +1,28 @@
+package com.siftscience;
+
+import com.siftscience.utils.WebhookValidator;
+import org.apache.commons.codec.digest.HmacAlgorithms;
+import org.apache.commons.codec.digest.HmacUtils;
+import org.junit.Test;
+
+public class WebhookValidatorTest {
+
+    @Test
+    public void testWebhookValidation() {
+
+        final String secretKey = "1d708fe409f22591";
+        final String requestBody = "{\n" +
+                "  \"entity\": {\n" +
+                "    \"type\": \"user\",\n" +
+                "    \"id\": \"USER123\"\n" +
+                "  },\n" +
+                "  \"decision\": {\n" +
+                "    \"id\": \"block_user_payment_abuse\"\n" +
+                "  },\n" +
+                "  \"time\": 1461963439151\n" +
+                "}";
+       final String signature = "sha1=" + new HmacUtils(HmacAlgorithms.HMAC_SHA_1, secretKey).hmacHex(requestBody);
+
+        WebhookValidator.isValidWebhook(requestBody, secretKey, signature);
+    }
+}