paddle::verify_signature(): Fix signature verification

I think I was doing it in the wrong direction. Previously, I had added the signature from the POST param to the verifier, and verified against the serialized params. Seems like I was instead supposed to add the serialized params to the verifier, and verify against the input signature. It works correctly now against a request from Paddle.
author: Teddy Wing 2018-11-10 18:40:05 +0100
committer: Teddy Wing 2018-11-10 18:40:05 +0100
commit: d2587251a9b1b1d4d8f887fe079a3e0bbc017de8 (patch)
tree: 1fb4aca56ded8dc01bcbf9261e82beeb317e8d57
parent: 5032558a2b6583da65e0e5478670b277bb95a417 (diff)
download: dome-key-web-d2587251a9b1b1d4d8f887fe079a3e0bbc017de8.tar.bz2
1 files changed, 3 insertions, 3 deletions
diff --git a/license-generator/paddle/src/lib.rs b/license-generator/paddle/src/lib.rs
index d725efe..be10a76 100644
--- a/license-generator/paddle/src/lib.rs
+++ b/license-generator/paddle/src/lib.rs
@@ -36,11 +36,11 @@ where
     let rsa = Rsa::public_key_from_pem(pem)?;
     let pkey = PKey::from_rsa(rsa)?;
     let mut verifier = Verifier::new(MessageDigest::sha1(), &pkey)?;
-    verifier.update(signature)?;
 
-    let signature = php_serialize(params);
+    let digest = php_serialize(params);
+    verifier.update(digest.as_bytes())?;
 
-    Ok(verifier.verify(signature.as_ref())?)
+    Ok(verifier.verify(signature)?)
 }
 
 fn php_serialize<'a, S, I>(pairs: I) -> String
author	Teddy Wing	2018-11-10 18:40:05 +0100
committer	Teddy Wing	2018-11-10 18:40:05 +0100
commit	d2587251a9b1b1d4d8f887fe079a3e0bbc017de8 (patch)
tree	1fb4aca56ded8dc01bcbf9261e82beeb317e8d57
parent	5032558a2b6583da65e0e5478670b277bb95a417 (diff)
download	dome-key-web-d2587251a9b1b1d4d8f887fe079a3e0bbc017de8.tar.bz2