有人可以帮助我如何在Java中验证Shopify Webhook,目前我正在使用以下代码,但我无法验证
@RequestMapping(value = "/order", method = RequestMethod.POST)
public ResponseEntity<Object> getWebhookOrder(@RequestBody String payload, @RequestHeader Map map) {
try {
String secretKey = "xxxxxxxxxxx";
String HMAC_ALGORITHM = "HmacSHA256";
Mac mac = Mac.getInstance(HMAC_ALGORITHM);
SecretKeySpec secretKeySpec = new SecretKeySpec(secretKey.getBytes(), HMAC_ALGORITHM);
mac.init(secretKeySpec);
String signature = new String(Hex.encodeHex(mac.doFinal(payload.toString().getBytes())));
System.out.println("header hmac "+map.get("x-shopify-hmac-sha256").toString());
System.out.println("generated hmac "+signature);
System.out.println(map.get("x-shopify-hmac-sha256").toString().equals(signature));
return new ResponseEntity<Object>("{}", HttpStatus.OK);
}catch(Exception exception) {
exceptionService.saveExceptions(map.get("x-shopify-shop-domain").toString(), exception);
return new ResponseEntity<Object>("{}", HttpStatus.BAD_REQUEST);
}
}
您可以创建两种计算HMAC的方法并进行检查