dome-key-web/license-generator/paddle/src, branch master DomeKey website Add license (mostly GNU AGPLv3+) 2018-11-21T19:48:42+00:00 Teddy Wing 2018-11-21T19:48:42+00:00 d924cca39802b2629312a5629625ce41f664b2b3 License the software with the GNU AGPLv3+ with the exception of the 'aquatic-prime' and 'paddle' libraries and 'aquatic-prime' binary, which are licensed under the GNU GPLv3+. 
License the software with the GNU AGPLv3+ with the exception of the
'aquatic-prime' and 'paddle' libraries and 'aquatic-prime' binary, which
are licensed under the GNU GPLv3+.
paddle::verify_signature(): Extract signature from params 2018-11-10T19:39:48+00:00 Teddy Wing 2018-11-10T19:39:48+00:00 20f7a268cce05cd63842adbc7a5d05d4d4cc5bc7 Make it easier on users by not requiring them to pass a signature into the method. This means they don't have to extract the `p_signature` param and base64 decode it themselves. Essentially, we want to move the code from `request` that removes the `p_signature` key and base64 decodes it into the `paddle::verify_signature()` function. We need to make the string-like type params in `verify_signature()` conform additionally to `PartialEq<str>` and `PartialOrd`. Doing so allows us to find the key "p_signature". To remove the `p_signature` param from the iterator, we partition it into two iterators: one for the `p_signature` entry, and another for the rest. We then extract the value of `p_signature` and base64 decode it for verification. Add a new error type in case no `p_signature` entry is found in the iterator. 
Make it easier on users by not requiring them to pass a signature into
the method. This means they don't have to extract the `p_signature`
param and base64 decode it themselves.

Essentially, we want to move the code from `request` that removes the
`p_signature` key and base64 decodes it into the
`paddle::verify_signature()` function.

We need to make the string-like type params in `verify_signature()`
conform additionally to `PartialEq<str>` and `PartialOrd`. Doing so
allows us to find the key "p_signature".

To remove the `p_signature` param from the iterator, we partition it
into two iterators: one for the `p_signature` entry, and another for the
rest. We then extract the value of `p_signature` and base64 decode it
for verification.

Add a new error type in case no `p_signature` entry is found in the
iterator.
paddle::verify_signature(): Fix signature verification 2018-11-10T17:40:05+00:00 Teddy Wing 2018-11-10T17:40:05+00:00 d2587251a9b1b1d4d8f887fe079a3e0bbc017de8 I think I was doing it in the wrong direction. Previously, I had added the signature from the POST param to the verifier, and verified against the serialized params. Seems like I was instead supposed to add the serialized params to the verifier, and verify against the input signature. It works correctly now against a request from Paddle. 
I think I was doing it in the wrong direction. Previously, I had added
the signature from the POST param to the verifier, and verified against
the serialized params.

Seems like I was instead supposed to add the serialized params to the
verifier, and verify against the input signature.

It works correctly now against a request from Paddle.
paddle::verify_signature(): Make `signature` a `&[u8]` 2018-11-10T17:38:08+00:00 Teddy Wing 2018-11-10T17:38:08+00:00 5032558a2b6583da65e0e5478670b277bb95a417 In the POST param, the signature is a base64 string, but when we verify it, it needs to be decoded to bytes. 
In the POST param, the signature is a base64 string, but when we verify
it, it needs to be decoded to bytes.
paddle::verify_signature(): Remove `unwrap`s 2018-11-10T14:26:42+00:00 Teddy Wing 2018-11-10T14:26:42+00:00 be3cbacd6d5b5195b7b63816179eb6b3743a2157 Return a `Result` from the function to pass errors through. 
Return a `Result` from the function to pass errors through.
paddle: Take any kind of `str` reference input, not just `&str` 2018-11-10T14:07:17+00:00 Teddy Wing 2018-11-10T14:07:17+00:00 e594577e14812ff4a7ca26dd2ffb506efc469b68 Use `AsRef<str>` instead of `&str` to offer a more flexible interface. We need this because `url::form_urlencoded::parse()` gives us an iterator of `(Cow<_, str>, Cow<_, str>)`, and we want to pass that into `verify_signature()`. Also change `key.len()` and `value.len()` to `.chars().count()` because I was having a hard time getting the `len()` method from a trait (`str` doesn't implement `ExactSizeIterator`), and I learned this: > This length is in bytes, not chars or graphemes. In other words, it > may not be what a human considers the length of the string. (https://doc.rust-lang.org/std/primitive.str.html#method.len) Also: https://stackoverflow.com/questions/46290655/get-the-string-length-in-characters-in-rust/46290728#46290728 I assume the PHP serializer uses character count instead of byte length. 
Use `AsRef<str>` instead of `&str` to offer a more flexible interface.
We need this because `url::form_urlencoded::parse()` gives us an
iterator of `(Cow<_, str>, Cow<_, str>)`, and we want to pass that into
`verify_signature()`.

Also change `key.len()` and `value.len()` to `.chars().count()` because
I was having a hard time getting the `len()` method from a trait (`str`
doesn't implement `ExactSizeIterator`), and I learned this:

> This length is in bytes, not chars or graphemes. In other words, it
> may not be what a human considers the length of the string.

(https://doc.rust-lang.org/std/primitive.str.html#method.len)

Also:
https://stackoverflow.com/questions/46290655/get-the-string-length-in-characters-in-rust/46290728#46290728

I assume the PHP serializer uses character count instead of byte length.
paddle: Require that input `Iterator`s also be `PartialOrd` 2018-11-08T02:41:01+00:00 Teddy Wing 2018-11-08T02:41:01+00:00 1912ea61386cd0d4f407b2881ee93e037570a36b In order to properly verify the signature, dictionary entries must be serialized in sorted order. Seems simpler to put the onus on the caller to ensure the entries can be sorted rather than having to deal with that myself. 
In order to properly verify the signature, dictionary entries must be
serialized in sorted order. Seems simpler to put the onus on the caller
to ensure the entries can be sorted rather than having to deal with that
myself.
verify_signature(): Add input signature argument 2018-11-08T02:06:20+00:00 Teddy Wing 2018-11-08T02:06:20+00:00 031e8c979c474e7c23c1d111dd07ad2c23f2faaf Hoping this is how to set up the verifier to verify the signature. 
Hoping this is how to set up the verifier to verify the signature.
paddle: Add rough implementation of `verify_signature()` 2018-11-08T01:27:51+00:00 Teddy Wing 2018-11-08T01:27:51+00:00 63fe6b3eda3726f95a9375c70d1879f290ba56c9 Not sure if this works yet as I haven't tested it, but it follows most of the examples in various languages on: https://paddle.com/docs/reference-verifying-webhooks/ Just need to add in the comparison to the input signature. 
Not sure if this works yet as I haven't tested it, but it follows most
of the examples in various languages on:

https://paddle.com/docs/reference-verifying-webhooks/

Just need to add in the comparison to the input signature.
paddle::php_serialize(): Take an `IntoIterator` argument 2018-11-08T00:10:48+00:00 Teddy Wing 2018-11-08T00:10:48+00:00 cb4cffe9aae7b1e345a2cf01811c60c7ef7c2d25 Replace the `ExactSizeIterator` with an `IntoIterator`, as I wasn't able to pass in a `HashMap` with `ExactSizeIterator`. While we lose the convenience of the `len()` method, it's easy enough to just count the length of the iterator while we're serializing the entries within it. 
Replace the `ExactSizeIterator` with an `IntoIterator`, as I wasn't able
to pass in a `HashMap` with `ExactSizeIterator`.

While we lose the convenience of the `len()` method, it's easy enough to
just count the length of the iterator while we're serializing the
entries within it.