private static function _validateSignature($signature, $payload) { $signaturePairs = preg_split("/&/", $signature); $matchingSignature = self::_matchingSignature($signaturePairs); $payloadSignature = Braintree_Digest::hexDigest($payload); if (!Braintree_Digest::secureCompare($matchingSignature, $payloadSignature)) { throw new Braintree_Exception_InvalidSignature("webhook notification signature invalid"); } }
private static function _payloadMatches($signature, $payload) { $payloadSignature = Braintree_Digest::hexDigestSha1(Braintree_Configuration::privateKey(), $payload); return Braintree_Digest::secureCompare($signature, $payloadSignature); }
function testSecureCompareReturnsFalseForNonmatchingSameLengthStrings() { $this->assertFalse(Braintree_Digest::secureCompare("a_string", "a_strong")); }