isValidWebhookSignature function

bool isValidWebhookSignature(
  1. String signature,
  2. String body,
  3. String signingSecret,
  4. Duration timeTolerance
)

Returns wether the signature is correctly signed and within the tolerated time window.

Implementation

bool isValidWebhookSignature(String signature, String body,
    String signingSecret, Duration timeTolerance) {
  Signature sig;
  try {
    sig = Signature(signature);
  } catch (e) {
    log.severe(e);
    return false;
  }
  // Test for valid signature signing.
  if (!sig.isCorrectlySigned(body, signingSecret)) {
    log.severe('The signature is not correctly signed.');
    return false;
  }
  // Test for valid signature timestamp.
  if (!sig.isValidSignatureTimestamp(timeTolerance)) {
    log.severe('The signature is not inside the time tolerance.');
    return false;
  }
  return true;
}