AuthnetWebhook package signature key validation

Question

I got SIGNATURE_KEY from my authorize.net merchant interface. I am using AuthnetJson Package. Should i have to convert 128 hexadecimal SIGNATURE_KEY to binary? If answer is yes then i did so but my code never execute inside if ($webhook->isValid()){// code never execute execute}. What i am doing wrong?

$webhook = new AuthnetWebhook('services.authorize.signature', $payload);
    if ($webhook->isValid()) {
        // Get the transaction ID
        $transactionId = $webhook->payload->id;

        // Here you can get more information about the transaction
        $request  = AuthnetApiFactory::getJsonApiHandler('services.authorize.login', 'services.authorize.key');
        $response = $request->getTransactionDetailsRequest(array(
            'transId' => $transactionId
        ));
        $user = User::find(1);
        $user->notify( new PasswordResetSuccess($response));
        /* You can put these response values in the database or whatever your business logic dictates.
        $response->transaction->transactionType
        $response->transaction->transactionStatus
        $response->transaction->authCode
        $response->transaction->AVSResponse
        */
    }

Edit:

<?php

namespace App\Http\Controllers\Api\Anet;

use Illuminate\Http\Request;
use net\authorize\api\contract\v1 as AnetAPI;
use net\authorize\api\controller as AnetController;
use App\Http\Controllers\Controller;
use JohnConde\Authnet\AuthnetWebhook;
use App\Notifications\PasswordResetSuccess;
use App\Models\User;
use Log;
use \stdClass;
use App\Models\Anet;
class WebhookController extends Controller
{
    public function webhook(Request $request){

        $headers = getallheaders();
        $payloadraw = file_get_contents("php://input");
        $payloadEncoded = json_encode($payloadraw);
        $payloadDecoded = json_decode($payloadraw);
        $type = gettype($payloadraw);

        $webhook = new AuthnetWebhook('xxxxx8EF4B4186A3BC745B70637EA1Fxx091E1DD0706BF9A9D721982B882BE54192BD1BBCEAFC0415DF06E6xxxxxxxxx',$payloadEncoded, $headers);
        if ($webhook->isValid()) {
            // Get the transaction ID
            $transactionId = $webhook->payload->id;

            // Here you can get more information about the transaction
            $request  = AuthnetApiFactory::getJsonApiHandler('AUTHNET_LOGIN','AUTHNET_TRANSKEY');
            $response = $request->getTransactionDetailsRequest(array('transId' => $transactionId));

            $anet = new Anet();
            $anet->notification = $payloadraw ;
            $anet->payload = $payloadDecoded ;
            $anet->type = $type ;
            $anet->transaction_type = $response->transaction->transactionType;
            $anet->transactions_status = $response->transaction->transactionStatus;
            $anet->auth_code = $response->transaction->authCode;
            $anet->avs_response = $response->transaction->AVSResponse; 
            $anet->save();  
        }else{
            $anet = new Anet();
            $anet->notification = $payloadEncoded ;
            $anet->payload = $payloadDecoded ;
            $anet->type = $type ;
            $anet->transactions_status = '401';
            $anet->save();  
        }

    }   
}    

Answer 1

You do not need to convert it to binary. It's value as displayed in the Authorize.Net interface is how it should be used in your code:

Example:

$webhook = new AuthnetWebhook('14FE4A2385812E980CCF97D177F17863CE214D1BE6CE8E1E894487AACF3609C1A5FE1752CB4A002C634B84E397DC8A218E1A160BA7CAB7CBE4C05B35E9CBB05E', $payload);

Or, if you use the config.inc.php configuration file from your library:

defined('AUTHNET_SIGNATURE') || define('AUTHNET_SIGNATURE', '14FE4A2385812E980CCF97D177F17863CE214D1BE6CE8E1E894487AACF3609C1A5FE1752CB4A002C634B84E397DC8A218E1A160BA7CAB7CBE4C05B35E9CBB05E');

and in your code:

$webhook = new AuthnetWebhook(AUTHNET_SIGNATURE, $payload);

Answer 2

Without referencing the rest of your logic, the reason your if statement evaluates to untrue is that you are json encoding data that is already json. When you call getallheaders() the content-type is already defined as json. So replace this:

    $headers = getallheaders();
    $payloadraw = file_get_contents("php://input");
    $payloadEncoded = json_encode($payloadraw);
    $payloadDecoded = json_decode($payloadraw);
    $type = gettype($payloadraw);

with this:

    $headers = getallheaders();
    $payload = file_get_contents("php://input");

and this:

  $webhook = new AuthnetWebhook($signature,$payload, $headers);
    if ($webhook->isValid()) {
      //logic goes here      
     } 

Will evaluate to true, and any valid logic contained in the conditional will be executed. I recommend testing the above code to validate that it works (it does) before adding additional logic. You could create a simple log file like this:

$dump = print_r($payload,true);
$fp = file_put_contents( '

test.log', $dump );

And if your directory has a file called test.log after a single webhook is delivered, you know you have a baseline to go from. If there is invalid logic in the rest of your if statement, it may break the entire thing.

And to answer your first question, which has already been answered correctly, do not convert signature key to binary. So $signature in the above code is the signature key exactly as given to you by authorize.