List of usage examples for org.springframework.social.facebook.web SignedRequestException SignedRequestException
public SignedRequestException(String message)
From source file:org.springframework.social.facebook.web.SignedRequestDecoder.java
/** * Decodes a signed request, returning the payload of the signed request as a specified type. * @param signedRequest the value of the signed_request parameter sent by Facebook. * @param type the type to bind the signed_request to. * @param <T> the Java type to bind the signed_request to. * @return the payload of the signed request as an object * @throws SignedRequestException if there is an error decoding the signed request *///from w ww . j ava 2 s. com public <T> T decodeSignedRequest(String signedRequest, Class<T> type) throws SignedRequestException { String[] split = signedRequest.split("\\."); String encodedSignature = split[0]; String payload = split[1]; String decoded = base64DecodeToString(payload); byte[] signature = base64DecodeToBytes(encodedSignature); try { T data = objectMapper.readValue(decoded, type); String algorithm = objectMapper.readTree(decoded).get("algorithm").textValue(); if (algorithm == null || !algorithm.equals("HMAC-SHA256")) { throw new SignedRequestException("Unknown encryption algorithm: " + algorithm); } byte[] expectedSignature = encrypt(payload, secret); if (!Arrays.equals(expectedSignature, signature)) { throw new SignedRequestException("Invalid signature."); } return data; } catch (IOException e) { throw new SignedRequestException("Error parsing payload.", e); } }