|
| 1 | +package engineer.nightowl.sonos.api.util; |
| 2 | + |
| 3 | +import engineer.nightowl.sonos.api.SonosApiClient; |
| 4 | +import engineer.nightowl.sonos.api.exception.SonosApiClientException; |
| 5 | +import org.apache.http.Header; |
| 6 | +import org.apache.http.HttpMessage; |
| 7 | +import org.slf4j.Logger; |
| 8 | +import org.slf4j.LoggerFactory; |
| 9 | + |
| 10 | +import java.security.MessageDigest; |
| 11 | +import java.security.NoSuchAlgorithmException; |
| 12 | +import java.util.Arrays; |
| 13 | +import java.util.Base64; |
| 14 | +import java.util.Map; |
| 15 | +import java.util.stream.Collectors; |
| 16 | + |
| 17 | +import static java.nio.charset.StandardCharsets.UTF_8; |
| 18 | + |
| 19 | +public class SonosCallbackHelper |
| 20 | +{ |
| 21 | + private static final Logger logger = LoggerFactory.getLogger(SonosCallbackHelper.class); |
| 22 | + |
| 23 | + /** |
| 24 | + * Verify that the message was signed by Sonos. |
| 25 | + * |
| 26 | + * @param headers from the message |
| 27 | + * @return true if the message is cryptographically provable to be from Sonos |
| 28 | + * @throws SonosApiClientException if in an unsupported environment |
| 29 | + */ |
| 30 | + public static Boolean verifySignature(final Map<String, String> headers, final String apiKey, final String apiSecret) throws SonosApiClientException |
| 31 | + { |
| 32 | + MessageDigest messageDigest = null; |
| 33 | + try |
| 34 | + { |
| 35 | + messageDigest = MessageDigest.getInstance("SHA-256"); |
| 36 | + } catch (NoSuchAlgorithmException e) |
| 37 | + { |
| 38 | + throw new SonosApiClientException("Unsupported execution environment", e); |
| 39 | + } |
| 40 | + |
| 41 | + messageDigest.update(headers.get("X-Sonos-Event-Seq-Id").getBytes(UTF_8)); |
| 42 | + messageDigest.update(headers.get("X-Sonos-Namespace").getBytes(UTF_8)); |
| 43 | + messageDigest.update(headers.get("X-Sonos-Type").getBytes(UTF_8)); |
| 44 | + messageDigest.update(headers.get("X-Sonos-Target-Type").getBytes(UTF_8)); |
| 45 | + messageDigest.update(headers.get("X-Sonos-Target-Value").getBytes(UTF_8)); |
| 46 | + messageDigest.update(apiKey.getBytes(UTF_8)); |
| 47 | + messageDigest.update(apiSecret.getBytes(UTF_8)); |
| 48 | + |
| 49 | + final String signature = Base64.getUrlEncoder().withoutPadding().encodeToString(messageDigest.digest()); |
| 50 | + |
| 51 | + logger.debug("Verifying signature: " + signature); |
| 52 | + |
| 53 | + return signature.equals(headers.get("X-Sonos-Event-Signature")); |
| 54 | + } |
| 55 | + |
| 56 | + public static Boolean verifySignature(final Map<String, String> headers, final SonosApiClient apiClient) throws SonosApiClientException |
| 57 | + { |
| 58 | + return SonosCallbackHelper.verifySignature(headers, apiClient.getConfiguration().getApiKey(), apiClient.getConfiguration().getApiSecret()); |
| 59 | + } |
| 60 | + |
| 61 | + public static Boolean verifySignature(final HttpMessage message, final SonosApiClient apiClient) throws SonosApiClientException |
| 62 | + { |
| 63 | + return SonosCallbackHelper.verifySignature(message, apiClient.getConfiguration().getApiKey(), apiClient.getConfiguration().getApiSecret()); |
| 64 | + } |
| 65 | + |
| 66 | + public static Boolean verifySignature(final HttpMessage message, final String apiKey, final String apiSecret) throws SonosApiClientException |
| 67 | + { |
| 68 | + // Map of headers - Name, Value |
| 69 | + Map<String, String> headers = convertHeadersToMap(message.getAllHeaders()); |
| 70 | + return SonosCallbackHelper.verifySignature(headers, apiKey, apiSecret); |
| 71 | + } |
| 72 | + |
| 73 | + public static Map<String, String> convertHeadersToMap(final Header[] headers) |
| 74 | + { |
| 75 | + return Arrays |
| 76 | + .stream(headers) |
| 77 | + .collect(Collectors.toMap(Header::getName, Header::getValue)); |
| 78 | + } |
| 79 | +} |
0 commit comments