import java.security.*;
import java.security.spec.*;
import java.util.Base64;
public class WebhookVerifier {
public static boolean verifySignature(String publicKeyBase64, String signatureBase64, String payload) throws Exception {
byte[] publicBytes = Base64.getDecoder().decode(publicKeyBase64);
KeyFactory keyFactory = KeyFactory.getInstance("EC");
X509EncodedKeySpec keySpec = new X509EncodedKeySpec(publicBytes);
PublicKey pubKey = keyFactory.generatePublic(keySpec);
Signature ecdsaVerify = Signature.getInstance("SHA256withECDSA");
ecdsaVerify.initVerify(pubKey);
ecdsaVerify.update(payload.getBytes("UTF-8"));
byte[] signatureBytes = Base64.getDecoder().decode(signatureBase64);
return ecdsaVerify.verify(signatureBytes);
}
public static void main(String[] args) throws Exception {
String publicKey = "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEBlXbsIwGSYhdXBOtdrZr3L346JXi3dOg8vP9NCcTOV0ucLVl/GPi2ZVMsdBISQKTGIhzXY/gddRl846C27TfPw==";
String signature = "MEUCIQDncKxd1HEthoRD/+kX2Kw0ZKRbaewtX9IfvW5vE/MPMwIgZ/BLckOaRkHqP3mtIX4DQRRKLXvmt9mmWG3mKMNUZPI=";
String payload = "{\"eventId\":\"whe_g00AGgDy9KeiTPj6\",...}";
boolean isValid = verifySignature(publicKey, signature, payload);
System.out.println("Signature valid: " + isValid);
}
}