Validate request implementation in Java

lord_dark_basic · ‎May 8, 2019

Hi, I trying to validate request from Hubspot. I had an app in Java with this code to validate auth header token Token.

@Service
public class HubspotAuth {

    @Autowired
    Hubspot hubspotAuthentication;

    @Value( "${chargebee.redirectUri:https://3b69d752.ngrok.io/api/v1/subscription}" )
    private String redirectUri;

    private Gson gson = new Gson();

    public Boolean checkToken(Object request, String token){
        String jsonRequestString = gson.toJson(request);
        String hash = hubspotAuthentication.getClientSecret() + jsonRequestString;
        String sha256hex = Hashing.sha256()
                .hashString(hash, StandardCharsets.UTF_8)
                .toString();
        return sha256hex.equals(token);
    }
}

I tried to with this input :

String hash = hubspotAuthentication.getClientSecret() + "POST" + redirectUri + jsonRequestString;

I had an app in HubSpot and a webhook. App id 190755.

If you need, I can send a request body, but it's a boil of text.

Thanks for the help.

lord_dark_basic · ‎May 10, 2019

SOLVED !!!

private ObjectWriter ow = new ObjectMapper().writer();

public Boolean checkToken(Object request, String token) throws JsonProcessingException {
    log.info("With redirect uri " + redirectUri + "  and secret "  + hubspotAuthentication.getClientSecret());
    log.info("Expect token --->  "+ token);
    String
        jsonRequestString = ow.writeValueAsString(request);
    String hash = hubspotAuthentication.getClientSecret() + "POST" + redirectUri + jsonRequestString;
    String sha256hex = Hashing.sha256()
            .hashString(hash, StandardCharsets.UTF_8)
            .toString();
    log.info("Generate token --->  "+ sha256hex);
    return sha256hex.equals(token);
}

Thx for all .

🙂

View solution in original post

IsaacTakushi · ‎May 10, 2019

Nice work, @lord_dark_basic! I'm sure others will benefit from your solution as well

And yes, I misspoke earlier regarding the "body you sent." Thanks for understanding anyway.

Isaac Takushi

Associate Certification Manager

View solution in original post

IsaacTakushi · ‎May 9, 2019

Welcome, @lord_dark_basic.

Would you direct message me the following so that I may test on my end?

The request body you sent.
The X-HubSpot-Signature value you received.
The string you generated using hash = hubspotAuthentication.getClientSecret() + "POST" + redirectUri + jsonRequestString;. (Feel free to redact all but the first five characters in your client secret.)
The hash value you generated from the string above.

Isaac Takushi

Associate Certification Manager

lord_dark_basic · ‎May 10, 2019

I tried to send request body, but is too long and superate 60,000 characters in length. I can't add a file in this forum. If you want I can send an email.
🙂

lord_dark_basic · ‎May 10, 2019

SOLVED !!!

private ObjectWriter ow = new ObjectMapper().writer();

public Boolean checkToken(Object request, String token) throws JsonProcessingException {
    log.info("With redirect uri " + redirectUri + "  and secret "  + hubspotAuthentication.getClientSecret());
    log.info("Expect token --->  "+ token);
    String
        jsonRequestString = ow.writeValueAsString(request);
    String hash = hubspotAuthentication.getClientSecret() + "POST" + redirectUri + jsonRequestString;
    String sha256hex = Hashing.sha256()
            .hashString(hash, StandardCharsets.UTF_8)
            .toString();
    log.info("Generate token --->  "+ sha256hex);
    return sha256hex.equals(token);
}

Thx for all .

🙂

IsaacTakushi · ‎May 10, 2019

Nice work, @lord_dark_basic! I'm sure others will benefit from your solution as well

And yes, I misspoke earlier regarding the "body you sent." Thanks for understanding anyway.

Isaac Takushi

Associate Certification Manager

danielad · ‎May 30, 2019

I am having the same issue here and cannot figure out what I am doing wrong 😞

I am using c# .net and I have tried all 3 validation methods but none of them generate a matching hash.

string hashString = HubspotRequestHelper.GetSignatureWithSecretAndBody(context, strJSON);
string hashString2 = HubspotRequestHelper.GetSignatureWithSecretAndMethodAndUri(context);
string hashString3 = HubspotRequestHelper.GetSignatureWithSecretAndMethodAndUriAndBody(context, strJSON);

My AppID is 194321 and I am attaching a file with some attempt of webhook validation.. printing the hubspot signature, and all my 3 hash attempts ... The body is too long how can I forward it to you? Please help me understand how to correct this validation issue. Thanks!

----------------------------------------------

http_method=POST|uri=https://hubspotrequests.azurewebsites.net/default.aspx|
Hubspot SIGNATURE: 67c2c247f4ea809f2d3fffcdbb7e67179980f45e441eb04d55eee8490091f701
uri:https://hubspotrequests.azurewebsites.net/default.aspx|

My 3 hash attempts
d6676db9e68e700e7cd64fe4732623df70527fd5ed97f706c7b197a2c56afc96|
b56a37ad42748356229750033de92672cc8eba8d9775b751a6c8b44bd866569b|
df2f525f74e2b94f45d800fad905bd1b2c30408b7370eec2fa318a4403e688b7|

lord_dark_basic · ‎May 10, 2019

The request body you sent? I receive a body request.

APIs & Integrations