Skip to content

Commit

Permalink
Release 7.0.3
Browse files Browse the repository at this point in the history
  • Loading branch information
wallee-deployment-user committed Jan 22, 2024
1 parent afd98c2 commit 646d213
Show file tree
Hide file tree
Showing 7 changed files with 69 additions and 19 deletions.
2 changes: 1 addition & 1 deletion LICENSE
Original file line number Diff line number Diff line change
Expand Up @@ -186,7 +186,7 @@
same "printed page" as the copyright notice for easier
identification within third-party archives.

Copyright 2023 wallee AG
Copyright 2024 wallee AG

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
Expand Down
50 changes: 46 additions & 4 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -33,13 +33,13 @@ Install-Package BouncyCastle.Cryptography
## Installation
```
# Package Manager
Install-Package PostFinanceCheckout -Version 7.0.2
Install-Package PostFinanceCheckout -Version 7.0.3
# .NET CLI
dotnet add package PostFinanceCheckout --version 7.0.2
dotnet add package PostFinanceCheckout --version 7.0.3
# Paket CLI
paket add PostFinanceCheckout --version 7.0.2
paket add PostFinanceCheckout --version 7.0.3
# PackageReference
<PackageReference Include="PostFinanceCheckout" Version="7.0.2" />
<PackageReference Include="PostFinanceCheckout" Version="7.0.3" />
```

Then include the DLL (under the `bin` folder) in the C# project, and use the namespaces:
Expand Down Expand Up @@ -178,6 +178,48 @@ namespace PostFinanceCheckout.Test
}
}
```
### Integrating Webhook Payload Signing Mechanism into webhook callback handler

The HTTP request which is sent for a state change of an entity now includes an additional field `state`, which provides information about the update of the monitored entity's state. This enhancement is a result of the implementation of our webhook encryption mechanism.

Payload field `state` provides direct information about the state update of the entity, making additional API calls to retrieve the entity state redundant.

#### ⚠️ Warning: Generic Pseudocode

> **The provided pseudocode is intentionally generic and serves to illustrate the process of enhancing your API to leverage webhook payload signing. It is not a complete implementation.**
>
> Please ensure that you adapt and extend this code to meet the specific needs of your application, including appropriate security measures and error handling.
For a detailed webhook payload signing mechanism understanding we highly recommend referring to our comprehensive
[Webhook Payload Signing Documentation](https://checkout.postfinance.ch/doc/webhooks#_webhook_payload_signing_mechanism).

```csharp
...
[HttpPost("callback")]
public IActionResult HandleWebhook([FromBody] string requestPayload)
{
var signature = Request.Headers["x-signature"];

if (string.IsNullOrEmpty(signature))
{
// Make additional API call to retrieve the entity state
// ...
}
else
{
if (webhookEncryptionService().isContentValid(signature, requestPayload))
{
// Parse requestPayload to extract 'state' value
// Process entity's state change
// ...
}
}

// Process the received webhook data
// ...
}
...
```


## License

Expand Down
2 changes: 1 addition & 1 deletion src/PostFinanceCheckout/Client/ApiClient.cs
Original file line number Diff line number Diff line change
Expand Up @@ -153,7 +153,7 @@ public Object CallApi(
{

Dictionary<String, String> defaultHeaderParams = new Dictionary<String, String>() {
{"x-meta-sdk-version", "7.0.2"},
{"x-meta-sdk-version", "7.0.3"},
{"x-meta-sdk-language", "csharp"},
{"x-meta-sdk-provider", "PostFinance Checkout"},
{"x-meta-sdk-language-version", Environment.Version.ToString()}
Expand Down
8 changes: 4 additions & 4 deletions src/PostFinanceCheckout/Client/Configuration.cs
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ public class Configuration : IReadableConfiguration
/// Version of the package.
/// </summary>
/// <value>Version of the package.</value>
public const string Version = "7.0.2";
public const string Version = "7.0.3";

/// <summary>
/// Identifier for ISO 8601 DateTime Format
Expand Down Expand Up @@ -94,7 +94,7 @@ public Configuration(string applicationUserID, string authenticationKey, RestCli
_authenticationKey = authenticationKey;
_applicationUserID = applicationUserID;
_restClientOptions = restClientOptions;
UserAgent = "PostFinanceCheckout/7.0.2/csharp";
UserAgent = "PostFinanceCheckout/7.0.3/csharp";
BasePath = "https://checkout.postfinance.ch:443/api";
DefaultHeader = new ConcurrentDictionary<string, string>();
ApiKey = new ConcurrentDictionary<string, string>();
Expand Down Expand Up @@ -355,8 +355,8 @@ public static String ToDebugReport()
String report = "C# SDK (PostFinanceCheckout) Debug Report:\n";
report += " OS: " + System.Environment.OSVersion + "\n";
report += " .NET Framework Version: " + System.Environment.Version + "\n";
report += " Version of the API: 7.0.2\n";
report += " SDK Package Version: 7.0.2\n";
report += " Version of the API: 7.0.3\n";
report += " SDK Package Version: 7.0.3\n";

return report;
}
Expand Down
6 changes: 3 additions & 3 deletions src/PostFinanceCheckout/PostFinanceCheckout.csproj
Original file line number Diff line number Diff line change
Expand Up @@ -20,12 +20,12 @@
<PackageId>PostFinanceCheckout</PackageId>
<PackageLicense>https://www.apache.org/licenses/LICENSE-2.0.txt</PackageLicense>
<PackageProjectUrl>https://github.com/pfpayments/csharp-sdk</PackageProjectUrl>
<PackageVersion>7.0.2</PackageVersion>
<Version>7.0.2</Version>
<PackageVersion>7.0.3</PackageVersion>
<Version>7.0.3</Version>
<PackageTags>PostFinanceCheckout;payment;sdk;Payment Integration</PackageTags>
<OutputType>Library</OutputType>
<Owners>customweb</Owners>
<ReleaseVersion>7.0.2</ReleaseVersion>
<ReleaseVersion>7.0.3</ReleaseVersion>
<RepositoryType>git</RepositoryType>
<RepositoryUrl>https://github.com/pfpayments/csharp-sdk.git</RepositoryUrl>
<RootNamespace>PostFinanceCheckout</RootNamespace>
Expand Down
18 changes: 13 additions & 5 deletions src/PostFinanceCheckout/Service/WebhookEncryptionService.cs
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
using System;
using System.Collections.Concurrent;
using System.Collections.Generic;
using System.Collections.ObjectModel;
using System.Linq;
Expand Down Expand Up @@ -41,7 +42,7 @@ public interface IWebhookEncryptionService : IApiAccessor
/// <summary>
/// Verify content of a webhook.
/// </summary>
/// <exception cref="Wallee.Client.ApiException">Thrown when when private key can not be found</exception>
/// <exception cref="PostFinanceCheckout.Client.ApiException">Thrown when when private key can not be found</exception>
/// <param name="signatureHeader">The content of the X-Signature header.</param>
/// <param name="content">The content body.</param>
/// <returns>true if the content body conforms with the signature header</returns>
Expand All @@ -56,6 +57,9 @@ public interface IWebhookEncryptionService : IApiAccessor
/// </summary>
public partial class WebhookEncryptionService : IWebhookEncryptionService
{
private static readonly ConcurrentDictionary<string, WebhookEncryptionPublicKey> cache =
new ConcurrentDictionary<string, WebhookEncryptionPublicKey>();

private PostFinanceCheckout.Client.ExceptionFactory _exceptionFactory = (name, response) => null;

/// <summary>
Expand Down Expand Up @@ -172,7 +176,7 @@ public ApiResponse< WebhookEncryptionPublicKey > ReadWithHttpInfo (string id)
/// <summary>
/// Verify content of a webhook.
/// </summary>
/// <exception cref="Wallee.Client.ApiException">Thrown when when private key can not be found</exception>
/// <exception cref="PostFinanceCheckout.Client.ApiException">Thrown when when private key can not be found</exception>
/// <param name="signatureHeader">The content of the X-Signature header.</param>
/// <param name="content">The content body.</param>
/// <returns>true if the content body conforms with the signature header</returns>
Expand All @@ -187,10 +191,14 @@ public bool IsContentValid(string signatureHeader, string content)
string publicKeyId = matcher.Groups[2].Value;
string contentSignature = matcher.Groups[3].Value;

WebhookEncryptionPublicKey publicKey = Read(publicKeyId);
if (publicKey == null)
if (!cache.TryGetValue(publicKeyId, out WebhookEncryptionPublicKey publicKey))
{
throw new ApiException(404, "WebhookEncryptionKey not found");
publicKey = Read(publicKeyId);
if (publicKey == null)
{
throw new ApiException(404, "WebhookEncryptionKey not found");
}
cache.TryAdd(publicKey.Id, publicKey);
}

return EncryptionUtil.IsContentValid(content, contentSignature, publicKey, signatureAlgorithm);
Expand Down
2 changes: 1 addition & 1 deletion src/PostFinanceCheckout/Util/EncryptionUtil.cs
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ public static class EncryptionUtil
/// <summary>
/// IsContentValid Validate the content using the signature and public key.
/// </summary>
/// <exception cref="Wallee.Client.ApiException">Thrown when fails to make API call</exception>
/// <exception cref="PostFinanceCheckout.Client.ApiException">Thrown when fails to make API call</exception>
/// <param name="content">Content to verify.</param>
/// <param name="contentSignature">Base64 encoded signature of the content.</param>
/// <param name="publicKey">The public key (WebhookEncryptionPublicKey)</param>
Expand Down

0 comments on commit 646d213

Please sign in to comment.