Source code for ingenico.connect.sdk.webhooks.web_hooks_helper

from api_version_mismatch_exception import ApiVersionMismatchException
from signature_validator import SignatureValidator
from ingenico.connect.sdk.client import Client
from ingenico.connect.sdk.domain.webhooks.web_hooks_event import WebhooksEvent


[docs]class WebhooksHelper:
    """
    Ingenico ePayments platform webhooks helper.
    """

    def __init__(self, marshaller, secret_key_store):
        if marshaller is None:
            raise ValueError("marshaller is requried")
        self.__marshaller = marshaller
        self.__signature_validator = SignatureValidator(secret_key_store)

[docs]    def unmarshal(self, body, request_headers):
        """
        Unmarshals the given body, while also validating it using the given request headers.

        :raise: SignatureValidationException: If the body could not be validated successfully.
        :raise: ApiVersionMismatchException: If the resulting event has an API
         version that this version of the SDK does not support.
        :return: The body unmarshalled as a WebhooksEvent.
        """
        self._validate(body, request_headers)
        event = self.__marshaller.unmarshal(body, WebhooksEvent)
        self.__validate_api_version(event)
        return event

    def _validate(self, body, request_headers):
        """
        Validates the given body using the given request headers.

        :raise: SignatureValidationException: If the body could not be validated successfully.
        """
        self.__signature_validator.validate(body, request_headers)

[docs]    @staticmethod
    def are_equal_signatures(signature, expected_signature):
        """
        Deprecated; use hmac.compare_digest instead
        """
        # don't use a simple equals call, as that may leak timing information (it fails fast)
        length = len(signature)
        expected_length = len(expected_signature)

        # always check at least 256 characters, to also not leak timing
        # information about the length of the expected signature
        limit = max(max(length, expected_length), 256)

        result = True

        # the loop below uses result &= false instead of result = false and
        # result &= true instead of nothing because those might leak timing
        # information
        for i in range(0, limit):
            if i < length and i < expected_length:
                # both within string boundaries
                result = result and (signature[i] == expected_signature[i])
            elif i >= length and i >= expected_length:
                # past both string boundaries
                result = result and True
            else:
                # i >= length || i >= expected_length but not both
                result = result and False

        return result

    @staticmethod
    def __validate_api_version(event):
        if not Client.API_VERSION() == event.api_version:
            raise ApiVersionMismatchException(event.api_version, Client.API_VERSION())

    # Used for unit tests
    @property
    def marshaller(self):
        return self.__marshaller

    @property
    def secret_key_store(self):
        return self.__signature_validator.secret_key_store
Source code for ingenico.connect.sdk.webhooks.web_hooks_helper

connect-sdk-python2

Navigation

Related Topics
