-
Notifications
You must be signed in to change notification settings - Fork 625
/
EventWebhookTest.php
117 lines (102 loc) · 3.42 KB
/
EventWebhookTest.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
<?php
namespace SendGrid\Tests\Unit;
use PHPUnit\Framework\TestCase;
use SendGrid\EventWebhook\EventWebhook;
/**
* This class tests the EventWebhook functionality.
*
* @package SendGrid\Tests\Unit
*/
class EventWebhookTest extends TestCase
{
private static $PUBLIC_KEY;
private static $SIGNATURE;
private static $BAD_SIGNATURE;
private static $TIMESTAMP;
private static $PAYLOAD;
public static function setUpBeforeClass(): void
{
self::$PUBLIC_KEY = 'MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE83T4O/n84iotIv
IW4mdBgQ/7dAfSmpqIM8kF9mN1flpVKS3GRqe62gw+2fNNRaINXvVpiglSI8eNEc6wEA3F+g==';
self::$SIGNATURE = 'MEUCIGHQVtGj+Y3LkG9fLcxf3qfI10QysgDWmMOVmxG0u6ZUAiE
AyBiXDWzM+uOe5W0JuG+luQAbPIqHh89M15TluLtEZtM=';
self::$BAD_SIGNATURE = 'BADSIGNATURE+Y3LkG9fLcxf3qfI10QysgDWmMOVmxG0u6ZUAiE
AyBiXDWzM+uOe5W0JuG+luQAbPIqHh89M15TluLtEZtM=';
self::$TIMESTAMP = '1600112502';
self::$PAYLOAD = \json_encode(
[
[
'email' => '[email protected]',
'event' => 'dropped',
'reason' => 'Bounced Address',
'sg_event_id' => 'ZHJvcC0xMDk5NDkxOS1MUnpYbF9OSFN0T0doUTRrb2ZTbV9BLTA',
'sg_message_id' => 'LRzXl_NHStOGhQ4kofSm_A.filterdrecv-p3mdw1-756b745b58-kmzbl-18-5F5FC76C-9.0',
'smtp-id' => '<[email protected]>',
'timestamp' => 1600112492,
]
]
) . "\r\n"; // Be sure to include the trailing carriage return and newline!
}
public function testVerifySignature()
{
$isValidSignature = $this->verify(
self::$PUBLIC_KEY,
self::$PAYLOAD,
self::$SIGNATURE,
self::$TIMESTAMP
);
self::assertTrue($isValidSignature);
}
public function testBadKey()
{
$isValidSignature = $this->verify(
'MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEqTxd43gyp8IOEto2LdIfjRQrIbsd4S
XZkLW6jDutdhXSJCWHw8REntlo7aNDthvj+y7GjUuFDb/R1NGe1OPzpA==',
self::$PAYLOAD,
self::$SIGNATURE,
self::$TIMESTAMP
);
self::assertFalse($isValidSignature);
}
public function testBadPayload()
{
$isValidSignature = $this->verify(
self::$PUBLIC_KEY,
'payload',
self::$SIGNATURE,
self::$TIMESTAMP
);
self::assertFalse($isValidSignature);
}
public function testBadSignature()
{
$isValidSignature = $this->verify(
self::$PUBLIC_KEY,
self::$PAYLOAD,
self::$BAD_SIGNATURE,
self::$TIMESTAMP
);
self::assertFalse($isValidSignature);
}
public function testBadTimestamp()
{
$isValidSignature = $this->verify(
self::$PUBLIC_KEY,
self::$PAYLOAD,
self::$SIGNATURE,
'timestamp'
);
self::assertFalse($isValidSignature);
}
private function verify($publicKey, $payload, $signature, $timestamp)
{
$eventWebhook = new EventWebhook();
$ecPublicKey = $eventWebhook->convertPublicKeyToECDSA($publicKey);
return $eventWebhook->verifySignature(
$ecPublicKey,
$payload,
$signature,
$timestamp
);
}
}