Response Signature v2

import crypto from 'node:crypto'
import dayjs from 'dayjs'
import utc from 'dayjs/plugin/utc.js'

dayjs.extend(utc)

// Header and response received from our servers:
const responseLicenseSignatureHeader = '...';
const responseBody = {
  // ... response object from LicenseSpring's server ...
};

/* 
  NOTE: specifically for the Activate License Offline endpoint, existing
  signatures in the response body need to be removed before calculating
  the v2 signature, like this:
  
  delete responseBody.license_signature;
  delete responseBody.license_signature_v2;
*/

const verifier = crypto.createVerify('RSA-SHA256');
verifier.update(JSON.stringify(response));
const result = verifier.verify(publicKey, responseLicenseSignatureHeader, 'base64');

console.log(result); // will be "true" if signature is valid