From c46cab5c879c6be9e508861b351c1247cb49f533 Mon Sep 17 00:00:00 2001
From: Alexandros Moraitis <alexandros.moraitis@adyen.com>
Date: Wed, 31 Jan 2024 13:26:19 +0100
Subject: [PATCH] Swap HMAC Validation method parameters (#1185)

* Swap HMAC Validation method parameters

* Update src/main/java/com/adyen/util/HMACValidator.java

Co-authored-by: Alessio Zampatti <alessio.zampatti@adyen.com>

* Update src/main/java/com/adyen/util/HMACValidator.java

Co-authored-by: Alessio Zampatti <alessio.zampatti@adyen.com>

* Fix the method

* Correct the parameters

* Flip the params again

* fix format

* revert changes

* typos in comment

* Revert test case

---------

Co-authored-by: Alessio Zampatti <alessio.zampatti@adyen.com>
Co-authored-by: jillingk <93914435+jillingk@users.noreply.github.com>
Co-authored-by: Wouter Boereboom <62436079+wboereboom@users.noreply.github.com>
---
 src/main/java/com/adyen/util/HMACValidator.java | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/src/main/java/com/adyen/util/HMACValidator.java b/src/main/java/com/adyen/util/HMACValidator.java
index f19fb07a1..c915c273b 100644
--- a/src/main/java/com/adyen/util/HMACValidator.java
+++ b/src/main/java/com/adyen/util/HMACValidator.java
@@ -73,11 +73,12 @@ public String calculateHMAC(NotificationRequestItem notificationRequestItem, Str
         return calculateHMAC(getDataToSign(notificationRequestItem), key);
     }
 
-    // Calculate HMAC for BankingWebhooks and ManagementWebhooks (Generic webhooks)
-    public boolean validateHMAC(String hmacKey, String hmacSignature, String payload) throws SignatureException {
-        String calculatedSign = calculateHMAC(payload, hmacSignature);
-        final byte [] expectedSign = calculatedSign.getBytes(StandardCharsets.UTF_8);
-        final byte[] merchantSign =  hmacKey.getBytes(StandardCharsets.UTF_8);
+    //Calculate HMAC for BankingWebhooks and ManagementWebhooks (Generic webhooks)
+    //First parameter is hmacSignature which is get from webhook and the second hmackey which is configured
+    public boolean validateHMAC(String hmacSignature, String hmacKey, String payload) throws SignatureException {
+        String calculatedSign = calculateHMAC(payload, hmacKey);
+        final byte[] expectedSign = calculatedSign.getBytes(StandardCharsets.UTF_8);
+        final byte[] merchantSign = hmacSignature.getBytes(StandardCharsets.UTF_8);
         return MessageDigest.isEqual(expectedSign, merchantSign);
     }