isValidWebhookSignature function
Returns wether the signature is correctly signed and within the tolerated time window.
Implementation
bool isValidWebhookSignature(String signature, String body,
String signingSecret, Duration timeTolerance) {
Signature sig;
try {
sig = Signature(signature);
} catch (e) {
log.severe(e);
return false;
}
// Test for valid signature signing.
if (!sig.isCorrectlySigned(body, signingSecret)) {
log.severe('The signature is not correctly signed.');
return false;
}
// Test for valid signature timestamp.
if (!sig.isValidSignatureTimestamp(timeTolerance)) {
log.severe('The signature is not inside the time tolerance.');
return false;
}
return true;
}