using System;
using System.Security.Cryptography;
using System.Text;
using System.Threading.Tasks;
public static async Task<HttpResponseMessage> CompareHMAC(HttpRequestMessage req)
{
try
{
string requestData = await req.Content.ReadAsStringAsync().Trim();
if (string.IsNullOrEmpty(requestData))
{
return req.CreateResponse(HttpStatusCode.BadRequest, "Please pass a name on the query string or in the request body");
}
if (!req.Headers.TryGetValues("X-Moduslink-HMAC-SHA256", out IEnumerable<string> headerValues))
{
return req.CreateResponse(HttpStatusCode.BadRequest, "Please provide the X-Moduslink-HMAC-SHA256 header");
}
string HMAHeader = headerValues.FirstOrDefault().Trim();
string secretKey = "a2196c7d-78ad-4e8b-98db-d79a16e13f75";
using (HMACSHA256 hmac = new HMACSHA256(Encoding.UTF8.GetBytes(secretKey)))
{
byte[] hash = hmac.ComputeHash(Encoding.UTF8.GetBytes(requestData));
string calculatedHMAC = Convert.ToBase64String(hash);
if (HMAHeader == calculatedHMAC)
{
return req.CreateResponse(HttpStatusCode.OK, "WebhookInfo processed successfully");
}
else
{
return req.CreateResponse(HttpStatusCode.OK, "WebhookInfo not processed due to the mismatch in XModuslinkHMACSHA256 value");
}
}
}
catch (Exception ex)
{
return req.CreateResponse(ex);
}
}
package org.example.functions;
import java.util.*;
import com.microsoft.azure.functions.annotation.*;
import com.microsoft.azure.functions.*;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import javax.naming.Context;
public class CompareHMACValue
{
@@FunctionName("CompareHMACValue")
public HttpResponseMessage run(
@@HttpTrigger(name = "req", methods = {HttpMethod.GET, HttpMethod.POST}, authLevel = AuthorizationLevel.ANONYMOUS) HttpRequestMessage> request,
final ExecutionContext context)
{
// Parse query parameter
String query = request.getQueryParameters().get("name");
String requestData = request.getBody().orElse(query);
context.getLogger().info( "Message: " + requestData);
//Get the SecretKey value
//String secretKey = System.getenv("secretkey");
//String secretKey = request.getHeaders().get("secretkey");
String secretKey = request.getHeaders().containsKey("secretkey") ? request.getHeaders().get("secretkey") : System.getenv("secretkey");
if (secretKey == null || secretKey == "") {
secretKey = "a2196c7d-78ad-4e8b-98db-d79a16e13f75";
}
context.getLogger().info( "secretKey: " + secretKey);
//Get the ModusLink HMAC values from request Header
String hmacHeader = request.getHeaders().get("x-moduslink-hmac-sha256");
context.getLogger().info( "HMAC Header: " + hmacHeader);
try
{
boolean verified = VarifyHMACValue(hmacHeader, secretKey, requestData,context);
if (verified )
{
return request.createResponseBuilder(HttpStatus.OK).body("The calculated HMAC value is matching with the 'X-Moduslink-HMAC-SHA256' value in the header section, Calculated HMAC Value: " ).build();
}
else
{
return request.createResponseBuilder(HttpStatus.BAD_REQUEST).body("The calculated HMAC value is not matching with the 'X-Moduslink-HMAC-SHA256' value in the header section, Calculated HMAC value: ").build();
}
}
catch(Exception Ex)
{
return request.createResponseBuilder(HttpStatus.BAD_REQUEST).body("WebhookInfo not processed due to Exception " + Ex).build();
}
}
public static Boolean VarifyHMACValue(String hmacHeader, String secretKey , String data, ExecutionContext context)
{
try
{
SecretKeySpec secretKeySpec = new SecretKeySpec(secretKey.getBytes("UTF-8"), "HmacSHA256");
Mac mac = Mac.getInstance("HmacSHA256");
mac.init(secretKeySpec);
byte[] hmac = mac.doFinal(data.getBytes("UTF-8"));
String calculatedHMAC = Base64.getEncoder().encodeToString(hmac);
context.getLogger().info( "calculated HMAC: " + calculatedHMAC);
return hmacHeader.equals(calculatedHMAC) ;
}
catch (Exception Ex)
{
return false;
}
}
}