private static function _validateSignature($signature, $payload)
{
$signaturePairs = preg_split("/&/", $signature);
$matchingSignature = self::_matchingSignature($signaturePairs);
$payloadSignature = Braintree_Digest::hexDigest($payload);
if (!Braintree_Digest::secureCompare($matchingSignature, $payloadSignature)) {
throw new Braintree_Exception_InvalidSignature("webhook notification signature invalid");
}
}
private static function _payloadMatches($signature, $payload)
{
$payloadSignature = Braintree_Digest::hexDigestSha1(Braintree_Configuration::privateKey(), $payload);
return Braintree_Digest::secureCompare($signature, $payloadSignature);
}
function testSecureCompareReturnsFalseForNonmatchingSameLengthStrings()
{
$this->assertFalse(Braintree_Digest::secureCompare("a_string", "a_strong"));
}
