Understanding the IPNAndReturnURLValidation Sample

Amazon provides samples in four programming languages which show you how to perform a server-side verification of the signatures in both the return URL and in IPN notifications. In this section, we will briefly go over the essential details of the standard button, Java version only. The other samples differ only in the programming language used for rendering them. For specific comprehensive information on a particular sample, see its IPNAndReturnURLValidation/README.html file.

When you download a sample file, such as ASPStandard-JAVA-2.0, it contains three separate samples. This section describes the sample contained in the IPNAndReturnURLValidation folder, which is used for server-side signature verification.

This section describes the IPNAndReturnURLValidation sample, which is used for server-side signature verification.

Each IPNAndReturnURLValidation sample contains three primary components in the ASPStandard-JAVA-2.0/IPNAndReturnURLValidation/src folder. These are:

File	Description
`ReturnUrlVerificationSampleCode.java`	This class contains the program entry point for verifying the signature contained in a return URL, and thereby validating the return URL content. It sets up initial parameter values for standard button return URL responses, and then calls the static method `SignatureUtilsForOutbound .validateRequest` with those values.
`IPNVerificationSampleCode.java`	This class contains the program entry point for verifying the signature contained in an IPN notification. It sets up initial parameter values for standard button IPN notifications, and then calls the static method `SignatureUtilsForOutbound .validateRequest` with those values.
`SignatureUtilsForOutbound.java`	Invoked from `ReturnUrlVerificationSampleCode.java` and `IPNVerificationSampleCode.java`, this class uses the signature version 2 process to validate the signature. It contains methods to reassemble the string to sign, URL encode the string, and sign it using the Amazon certificate listed as the signer. Finally, it validates the signature and prints the result to standard out.

In addition to these primary components, a sample may include other required resources. For example, the Java samples all include the lib/commons-codec-1.3.jar file, which must be in your classpath in order to compile the sample.

To use the sample, do the following

Using the Standard Button IPNAndReturnURLValidation Sample

1	Set up your programming environment so that the program will compile without warnings or errors. For the Java sample, this includes ensuring that the `ASPStandard-JAVA-2.0/IPNAndReturnURLValidation/src` folder and the `lib/commons-codec-1.3.jar` files are available to the compiler, either by including them as command line parameters, or, if you build using an IDE, by including them as project resources.
2	The `ReturnUrlVerificationSampleCode` and `IPNVerificationSampleCode` classes use a `HashMap` to store parameters which correspond to the fields returned during a return URL response or an IPN notification. Modify these values to suit the response you want to validate. These are the only values you need to change using this sample.
3	Compile the sample. For example, if you are including the `[package-root] lib/commons-codec/jars/commons-codec-1.3.jar` using the linux command line, you would type `$javac -cp .:[package-root] /lib/commons-codec-1.3.jar ReturnUrlVerificationSampleCode.java SignatureUtilsForOutbound.java` On Windows, you would type `$javac -cp .;[package-root]lib/commons-codec-1.3.jar ReturnUrlVerificationSampleCode.java SignatureUtilsForOutbound.java`
4	Run the sample. Continuing the previous example, on linux, you would type `$javac -cp .:[package-root] lib/commons-codec-1.3.jar ReturnUrlVerificationSampleCode` On Windows, you would type `$javac -cp .;[package-root] lib/commons-codec-1.3.jar ReturnUrlVerificationSampleCode` The result "Is signature correct: true" is printed to standard out if the verification determines the signature to be valid.