HMAC Troubleshooting tool (#1452)

* Add HMAC calculation tool

* Calculate using Adyen library

* Improve comments

* Cleanup pom, add Java library

* Add HMAC calculation for other webhooks

* Ignore all target folders

* Improve error message upon HMAC calculation failure

* Add README

* Log size of payload

Author: gcatanese

.gitignore

@@ -1,5 +1,5 @@
 .idea
 *.iml
-/target/**
+**/target/**
 .DS_Store
 .vscode

src/main/java/com/adyen/util/HMACValidator.java

@@ -42,8 +42,11 @@ public class HMACValidator {
     // To calculate the HMAC SHA-256
     public String calculateHMAC(String data, String key) throws IllegalArgumentException, SignatureException {
         try {
-            if (data == null || key == null) {
-                throw new IllegalArgumentException();
+            if (data == null) {
+                throw new IllegalArgumentException("payload data is not provided");
+            }
+            if (key == null) {
+                throw new IllegalArgumentException("HMAC key is not provided");
             }
 
             byte[] rawKey = DatatypeConverter.parseHexBinary(key);
@@ -62,9 +65,9 @@ public String calculateHMAC(String data, String key) throws IllegalArgumentExcep
             // Base64-encode the hmac
             return new String(Base64.encodeBase64(rawHmac));
         } catch (IllegalArgumentException e) {
-            throw new IllegalArgumentException("Missing data or key.");
+            throw new IllegalArgumentException("Missing data or key: " + e.getMessage());
         } catch (Exception e) {
-            throw new SignatureException("Failed to generate HMAC : " + e.getMessage());
+            throw new SignatureException("Failed to generate HMAC: " + e.getMessage());
         }
     }
 

src/test/java/com/adyen/util/HMACValidatorTest.java

@@ -154,7 +154,7 @@ public void testCalculateHMACNullPayload() {
         try {
             new HMACValidator().calculateHMAC((String)null, HMAC_KEY);
         } catch (IllegalArgumentException e) {
-            assertEquals("Missing data or key.", e.getMessage());
+            assertEquals("Missing data or key: payload data is not provided", e.getMessage());
         } catch (SignatureException e) {
             fail();
         }
@@ -165,7 +165,7 @@ public void testCalculateHMACNullKey() {
         try {
             new HMACValidator().calculateHMAC("TestPayload", null);
         } catch (IllegalArgumentException e) {
-            assertEquals("Missing data or key.", e.getMessage());
+            assertEquals("Missing data or key: HMAC key is not provided", e.getMessage());
         } catch (SignatureException e) {
             fail();
         }

tools/hmac/CalculateHmacPayments.java

@@ -0,0 +1,76 @@
+import java.io.File;
+
+import com.adyen.model.notification.NotificationRequestItem;
+import com.adyen.util.HMACValidator;
+import com.adyen.model.notification.NotificationRequest;
+import com.fasterxml.jackson.databind.ObjectMapper;
+
+import java.nio.file.Files;
+import java.nio.file.Paths;
+
+/**
+ Script to calculate the HMAC signature of Payments webhooks (where the signature is calculated considering
+ a subset of the fields in the payload - i.e. NotificationRequestItem object)
+
+ Run with: mvn clean compile exec:java -Dexec.mainClass=CalculateHmacPayments -Dexec.args= "{hmacKey} {path_to_JSON_file}"
+
+ cd tools/hmac
+ mvn clean compile exec:java -Dexec.mainClass=CalculateHmacPayments -Dexec.args="11223344D785FBAE710E7F943F307971BB61B21281C98C9129B3D4018A57B2EB payload.json"
+
+ */
+public class CalculateHmacPayments {
+
+    public static void main(String[] args) {
+        if (args.length != 2) {
+            System.err.println("‼️Error running the script");
+            System.err.println("Usage: mvn clean compile exec:java -Dexec.mainClass=CalculateHmacPayments -Dexec.args= \"{hmacKey} {path_to_JSON_file}\"");
+            System.exit(1);
+        }
+
+        String hmacKey = args[0];
+        String jsonFilePath = args[1];
+
+        try {
+
+            HMACValidator hmacValidator = new HMACValidator();
+            String content = loadFromJsonAsString(jsonFilePath);
+
+            System.out.println("********");
+            System.out.println("Payload file: " + jsonFilePath);
+            System.out.println("Payload length: " + content.length());
+
+            NotificationRequest notificationRequest = loadFromJson(jsonFilePath);
+            // fetch first notificationRequestItem
+            NotificationRequestItem notificationRequestItem = notificationRequest.getNotificationItems().get(0);
+
+            System.out.println("********");
+            String hmacSignature = hmacValidator.calculateHMAC(notificationRequestItem, hmacKey);
+
+            System.out.println("HMAC signature: " + hmacSignature);
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+    }
+
+    /**
+     * Load payload from JSON file
+     * @param filepath
+     * @return
+     * @throws Exception
+     */
+    private static NotificationRequest loadFromJson(String filepath) throws Exception {
+        ObjectMapper objectMapper = new ObjectMapper();
+        return objectMapper.readValue(new File(filepath), NotificationRequest.class);
+    }
+
+    /**
+	 * Load payload as String from JSON file
+     * @param filepath
+	 * @return
+	 * @throws Exception
+     */
+    private static String loadFromJsonAsString(String filepath) throws Exception {
+        return new String(Files.readAllBytes(Paths.get(filepath)));
+    }    
+
+}

tools/hmac/CalculateHmacPlatform.java

@@ -0,0 +1,58 @@
+import com.adyen.util.HMACValidator;
+
+import java.nio.file.Files;
+import java.nio.file.Paths;
+
+/**
+ Script to calculate the HMAC signature of Payments webhooks Banking/Management webhooks (where the signature is calculated
+ over the entire webhook payload)
+
+ Run with: mvn clean compile exec:java -Dexec.mainClass=CalculateHmacPlatform -Dexec.args= "{hmacKey} {path_to_JSON_file}"
+
+ cd tools/hmac
+ mvn clean compile exec:java -Dexec.mainClass=CalculateHmacPlatform -Dexec.args="11223344D785FBAE710E7F943F307971BB61B21281C98C9129B3D4018A57B2EB payload2.json"
+
+ */
+public class CalculateHmacPlatform {
+
+    public static void main(String[] args) {
+        if (args.length != 2) {
+            System.err.println("‼️Error running the script");
+            System.err.println("Usage: java CalculateHmacPlatform <hmacKey> <payload.json>");
+            System.exit(1);
+        }
+
+        String hmacKey = args[0];
+        String jsonFilePath = args[1]; 
+
+        System.out.println("Calculating HMAC signature with payload from " + jsonFilePath);
+
+        try {
+
+            HMACValidator hmacValidator = new HMACValidator();
+
+            String data = loadFromJson(jsonFilePath);
+
+            System.out.println("********");
+            System.out.println("Payload file: " + jsonFilePath);
+            System.out.println("Payload length: " + data.length());
+
+            String hmacSignature = hmacValidator.calculateHMAC(data, hmacKey);
+
+            System.out.println("********");
+            System.out.println("HMAC signature: " + hmacSignature);
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+    }
+
+    /**
+	 * Load payload as String from JSON file
+     * @param filepath
+	 * @return
+	 * @throws Exception
+     */
+    private static String loadFromJson(String filepath) throws Exception {
+        return new String(Files.readAllBytes(Paths.get(filepath)));
+    }
+}

tools/hmac/README.md

@@ -0,0 +1,28 @@
+## HMAC Tools
+
+This folder contains the tools/scripts to calculate the HMAC signature of the webhook payload.  
+They can be used to troubleshoot the HMAC signature calculation.
+
+Check tools/hmac/pom.xml to confirm the Adyen Java API library version
+
+Note: make sure you are using the HMAC key used to generate the signature associated with the payload in the JSON file
+
+### Payments webhooks
+
+Copy the content of the webhook in the payload.json (or provide a different file), then run with: 
+`mvn clean compile exec:java -Dexec.mainClass=CalculateHmacPayments -Dexec.args= "{hmacKey} {path_to_JSON_file}"`
+```
+cd tools/hmac
+
+mvn clean compile exec:java -Dexec.mainClass=CalculateHmacPayments -Dexec.args="11223344D785FBAE710E7F943F307971BB61B21281C98C9129B3D4018A57B2EB payload.json"
+```
+
+### Platform webhooks (AfP, Management API, etc..)
+
+Copy the content of the webhook in the payload2.json (or provide a different file), then run with: 
+`mvn clean compile exec:java -Dexec.mainClass=CalculateHmacPlatform -Dexec.args= "{hmacKey} {path_to_JSON_file}"`
+```
+cd tools/hmac
+
+mvn clean compile exec:java -Dexec.mainClass=CalculateHmacPlatform -Dexec.args="11223344D785FBAE710E7F943F307971BB61B21281C98C9129B3D4018A57B2EB payload2.json"
+```

tools/hmac/payload.json

@@ -0,0 +1,54 @@
+{
+  "live": "false",
+  "notificationItems": [
+    {
+      "NotificationRequestItem": {
+        "additionalData": {
+          "cardSummary": "0010",
+          "hmacSignature": "e7qQumH1fdt5NHb6e62jq6hIGUCpfhAAFXhUXqXcJAQ=",
+          "expiryDate": "03\/2030",
+          "recurring.contractTypes": "ONECLICK,RECURRING",
+          "cardBin": "222241",
+          "recurring.recurringDetailReference": "DQWW2BQ9FX2R7475",
+          "recurringProcessingModel": "Subscription",
+          "metadata.orderTransactionId": "63",
+          "alias": "F758505419855455",
+          "paymentMethodVariant": "m1",
+          "acquirerReference": "JQBMF3P3FJM",
+          "issuerBin": "22224107",
+          "cardIssuingCountry": "NL",
+          "authCode": "060494",
+          "cardHolderName": "Checkout Test",
+          "PaymentAccountReference": "Jj3gVfMpPcpKzmHrHmpxqgfsvGaVa",
+          "checkout.cardAddedBrand": "mc",
+          "store": "None",
+          "tokenization.shopperReference": "4d74f0727a318b13f85aee28ae556a08d7d9cf9e6d67b70a62e60e334aa7090d",
+          "recurring.firstPspReference": "P9M9CTGJKKKKP275",
+          "tokenization.storedPaymentMethodId": "DQWW2BQ9FX2R7475",
+          "issuerCountry": "NL",
+          "aliasType": "Default",
+          "paymentMethod": "mc",
+          "recurring.shopperReference": "4d74f0727a318b13f85aee28ae556a08d7d9cf9e6d67b70a62e60e334aa7090d",
+          "cardPaymentMethod": "mc2"
+        },
+        "amount": {
+          "currency": "EUR",
+          "value": 32500
+        },
+        "eventCode": "AUTHORISATION",
+        "eventDate": "2025-02-24T15:20:56+01:00",
+        "merchantAccountCode": "Merchant 1",
+        "merchantReference": "1143-R2",
+        "operations": [
+          "CANCEL",
+          "CAPTURE",
+          "REFUND"
+        ],
+        "paymentMethod": "mc",
+        "pspReference": "AB1234567890",
+        "reason": "060494:0010:03\/2030",
+        "success": "true"
+      }
+    }
+  ]
+}

tools/hmac/payload2.json

@@ -0,0 +1,61 @@
+{
+  "data": {
+    "balancePlatform": "YOUR_BALANCE_PLATFORM",
+    "accountHolder": {
+      "contactDetails": {
+        "email": "[email protected]",
+        "phone": {
+          "number": "0612345678",
+          "type": "mobile"
+        },
+        "address": {
+          "houseNumberOrName": "23",
+          "city": "Amsterdam",
+          "country": "NL",
+          "postalCode": "12345",
+          "street": "Main Street 1"
+        }
+      },
+      "description": "Shelly Eller",
+      "legalEntityId": "LE00000000000000000001",
+      "reference": "YOUR_REFERENCE-2412C",
+      "capabilities": {
+        "issueCard": {
+          "enabled": true,
+          "requested": true,
+          "allowed": false,
+          "verificationStatus": "pending"
+        },
+        "receiveFromTransferInstrument": {
+          "enabled": true,
+          "requested": true,
+          "allowed": false,
+          "verificationStatus": "pending"
+        },
+        "sendToTransferInstrument": {
+          "enabled": true,
+          "requested": true,
+          "allowed": false,
+          "verificationStatus": "pending"
+        },
+        "sendToBalanceAccount": {
+          "enabled": true,
+          "requested": true,
+          "allowed": false,
+          "verificationStatus": "pending"
+        },
+        "receiveFromBalanceAccount": {
+          "enabled": true,
+          "requested": true,
+          "allowed": false,
+          "verificationStatus": "pending"
+        }
+      },
+      "id": "AH00000000000000000001",
+      "status": "active"
+    }
+  },
+  "environment": "test",
+  "timestamp": "2024-12-15T15:42:03+01:00",
+  "type": "balancePlatform.accountHolder.created"
+}

tools/hmac/pom.xml

@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+
+    <groupId>com.adyen</groupId>
+    <artifactId>hmac-troubleshooting</artifactId>
+    <version>1.0.0-SNAPSHOT</version>
+    <packaging>jar</packaging>
+
+    <name>HMAC Troubleshooting - Adyen Java library</name>
+    <description>Scripts to troubleshoot the HMAC validation</description>
+
+    <dependencies>
+        <dependency>
+            <groupId>com.adyen</groupId>
+            <artifactId>adyen-java-api-library</artifactId>
+            <version>35.0.0</version>
+        </dependency>
+    </dependencies>
+
+    <build>
+        <sourceDirectory>.</sourceDirectory>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-compiler-plugin</artifactId>
+                <version>3.8.1</version>
+                <configuration>
+                    <source>11</source>
+                    <target>11</target>
+                </configuration>
+            </plugin>
+            <!-- Run with mvn exec:java-->
+            <plugin>
+                <groupId>org.codehaus.mojo</groupId>
+                <artifactId>exec-maven-plugin</artifactId>
+                <version>3.5.0</version>
+
+                <configuration>
+                    <executable>maven</executable>
+                </configuration>
+            </plugin>
+        </plugins>
+    </build>
+
+</project>