com.cloudinary.api.signing

Class NotificationRequestSignatureVerifier

java.lang.Object

com.cloudinary.api.signing.NotificationRequestSignatureVerifier

public class NotificationRequestSignatureVerifier
extends java.lang.Object

The NotificationRequestSignatureVerifier class is responsible for verifying authenticity and integrity of Cloudinary Upload notifications.

Constructor Summary

Constructors

Constructor and Description
NotificationRequestSignatureVerifier(java.lang.String secretKey) Initializes new instance of NotificationRequestSignatureVerifier with secret key value.
NotificationRequestSignatureVerifier(java.lang.String secretKey, SignatureAlgorithm signatureAlgorithm) Initializes new instance of NotificationRequestSignatureVerifier with secret key value.

Method Summary

Modifier and Type	Method and Description
boolean	verifySignature(java.lang.String body, java.lang.String timestamp, java.lang.String signature) Verifies signature of Cloudinary Upload notification.
boolean	verifySignature(java.lang.String body, java.lang.String timestamp, java.lang.String signature, long secondsValidFor) Verifies signature of Cloudinary Upload notification.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

NotificationRequestSignatureVerifier

public NotificationRequestSignatureVerifier(java.lang.String secretKey)

Initializes new instance of NotificationRequestSignatureVerifier with secret key value.

Parameters:

secretKey - shared secret key string which is used to sign and verify authenticity of notifications

NotificationRequestSignatureVerifier

public NotificationRequestSignatureVerifier(java.lang.String secretKey,
                                            SignatureAlgorithm signatureAlgorithm)

Initializes new instance of NotificationRequestSignatureVerifier with secret key value.

Parameters:

secretKey - shared secret key string which is used to sign and verify authenticity of notifications

signatureAlgorithm - type of hashing algorithm to use for calculation of HMACs

Method Detail

verifySignature

public boolean verifySignature(java.lang.String body,
                               java.lang.String timestamp,
                               java.lang.String signature)

Verifies signature of Cloudinary Upload notification.

Parameters:

body - notification message body, represented as string

timestamp - value of X-Cld-Timestamp custom HTTP header of notification message, representing notification issue timestamp

signature - actual signature value, usually passed via X-Cld-Signature custom HTTP header of notification message

Returns:

true if notification passed verification procedure

verifySignature

public boolean verifySignature(java.lang.String body,
                               java.lang.String timestamp,
                               java.lang.String signature,
                               long secondsValidFor)

Verifies signature of Cloudinary Upload notification.

Differs from verifySignature(String, String, String) in additional validation which consists of making sure the notification being verified is still not expired based on timestamp parameter value.

Parameters:

body - notification message body, represented as string

timestamp - value of X-Cld-Timestamp custom HTTP header of notification message, representing notification issue timestamp in seconds

signature - actual signature value, usually passed via X-Cld-Signature custom HTTP header of notification message

secondsValidFor - the amount of time, in seconds, the notification message is considered valid by client

Returns:

true if notification passed verification procedure