/** * @param WebhookRequest $webhookRequest * * @throws InvalidSignatureException */ public function authenticateSignature(WebhookRequest $webhookRequest) { $headers = $webhookRequest->getHeaders(); if (!array_key_exists('authorization', $headers)) { throw new InvalidSignatureException('"Authorization" header not found in Xsolla webhook request'); } $matches = array(); preg_match('~^Signature ([0-9a-f]{40})$~', $headers['authorization'], $matches); if (array_key_exists(1, $matches)) { $clientSignature = $matches[1]; } else { throw new InvalidSignatureException('Signature not found in "Authorization" header from Xsolla webhook request: ' . $headers['authorization']); } $serverSignature = sha1($webhookRequest->getBody() . $this->projectSecretKey); if ($clientSignature !== $serverSignature) { throw new InvalidSignatureException("Invalid Signature. Signature provided in \"Authorization\" header ({$clientSignature}) does not match with expected"); } }