Incoviba/oficial
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

HMAC not static

Browse Source
This commit is contained in:
Juan Pablo Vial
2025-06-03 23:04:57 -04:00
parent 1c3052219c
commit c5188a1feb
3 changed files with 12 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
app/src/Service/HMAC.php
View File

@ -5,13 +5,19 @@ use Incoviba\Common\Ideal;
class HMAC extends Ideal\Service
{
public static function validate(string $timestamp, string $requestSignature, string $requestId, string $secret): bool
public function validate(string $timestamp, string $requestSignature, string $requestId, string $secret): bool
{
$message = "{$timestamp}.{$requestId}";
$encodedSecret = mb_convert_encoding($secret, 'UTF-8');
$encodedMessage = mb_convert_encoding($message, 'UTF-8');
$hmacObject = hash_hmac('sha256', $encodedMessage, $encodedSecret);
$computedSignature = base64_encode($hmacObject);
$this->logger->info('Validating HMAC', [
'requestSignature' => $requestSignature,
'computedSignature' => $hmacObject,
'compare1' => hash_equals($hmacObject, $requestSignature),
'compare2' => hash_equals($computedSignature, $requestSignature),
]);
return hash_equals($computedSignature, $requestSignature);
}
}