[英]Sendgrid webhook verification fails always
I cannot get the Sendgrid public key verification to work in my application.我无法在我的应用程序中使用 Sendgrid 公钥验证。 I already have all the prerequisites configured.
我已经配置了所有先决条件。 (API key is added, Signed webhook is enabled etc)
(添加了 API 密钥,启用了签名的 webhook 等)
This is my approach to test the webhook.这是我测试 webhook 的方法。
Here is my code to verify the signature.这是我验证签名的代码。 This is a exact copy of what Sendgrid has provided here .
这是 Sendgrid 在此处提供的内容的精确副本。
public boolean VerifySignature(ECPublicKey publicKey, byte[] payload, String signature, String timestamp)
throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException, SignatureException, IOException {
// prepend the payload with the timestamp
final ByteArrayOutputStream payloadWithTimestamp = new ByteArrayOutputStream();
payloadWithTimestamp.write(timestamp.getBytes());
payloadWithTimestamp.write(payload);
// create the signature object
final Signature signatureObject = Signature.getInstance("SHA256withECDSA", "BC");
signatureObject.initVerify(publicKey);
signatureObject.update(payloadWithTimestamp.toByteArray());
// decode the signature
final byte[] signatureInBytes = Base64.getDecoder().decode(signature);
// verify the signature
return signatureObject.verify(signatureInBytes);
}
Now this method always returns false when it is called from below controller method.现在,当从 controller 方法下方调用此方法时,它总是返回 false。
@PostMapping("/sendgrid-callback")
public boolean acceptSendgridCallback(
@RequestBody String rawData,
@RequestHeader("X-Twilio-Email-Event-Webhook-Timestamp") String timestamp,
@RequestHeader("X-Twilio-Email-Event-Webhook-Signature") String signature
) throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchProviderException, SignatureException, IOException, InvalidKeyException {
System.out.println("Req body = \n" + rawData);
ECPublicKey ecdsaKey = eventWebhook.ConvertPublicKeyToECDSA
("public key taken from sendgrid");
boolean b = eventWebhook.VerifySignature(ecdsaKey, rawData, signature, timestamp);
return b;
}
I am unable to find the cause for that honestly.老实说,我找不到原因。
Can someone help here.有人可以帮忙吗。
You will need to add the \r\n with the request body to pass the verification.您需要在请求正文中添加 \r\n 才能通过验证。 It passes for me when I run the service in Windows OS but it fails in unix system.
当我在 Windows 操作系统中运行该服务时,它通过了我,但它在 unix 系统中失败了。 I tried using System.getProperty("line.separator") also.Does anyone know the solution for unix system.
我也尝试使用 System.getProperty("line.separator")。有谁知道 unix 系统的解决方案。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.