in src/main/java/org/openvasp/client/service/impl/SignServiceBaseImpl.java [42:66]
public VaspMessage extractSignedMessage(@NonNull final String whisperPayload) {
val payload = StringUtils.left(whisperPayload, whisperPayload.length() - signatureLength());
val json = hexStrDecode(payload);
log.debug("RECEIVE: {}", json);
val signature = StringUtils.right(whisperPayload, signatureLength());
val message = VaspMessage.fromJson(json);
message.validate();
val senderContractAddress = vaspIdentityService.resolveSenderVaspId(message)
.orElseThrow(() -> new VaspValidationException(message, "Sender's VASP ID cannot be resolved"));
val senderContract = contractService.getVaspContractInfo(senderContractAddress);
val publicSigningKey = senderContract.getSigningKey();
if (!verifySign(payload, signature, publicSigningKey)) {
throw new VaspValidationException(
message,
"Invalid signature for incoming message");
}
return message;
}