diff options
| author | Teddy Wing | 2018-11-10 20:39:48 +0100 |
|---|---|---|
| committer | Teddy Wing | 2018-11-10 20:39:48 +0100 |
| commit | 20f7a268cce05cd63842adbc7a5d05d4d4cc5bc7 (patch) | |
| tree | 4b7f5318f7ca07ab6087295510776c02a684a28c /license-generator/paddle/src/lib.rs | |
| parent | d2587251a9b1b1d4d8f887fe079a3e0bbc017de8 (diff) | |
| download | dome-key-web-20f7a268cce05cd63842adbc7a5d05d4d4cc5bc7.tar.bz2 | |
paddle::verify_signature(): Extract signature from params
Make it easier on users by not requiring them to pass a signature into
the method. This means they don't have to extract the `p_signature`
param and base64 decode it themselves.
Essentially, we want to move the code from `request` that removes the
`p_signature` key and base64 decodes it into the
`paddle::verify_signature()` function.
We need to make the string-like type params in `verify_signature()`
conform additionally to `PartialEq<str>` and `PartialOrd`. Doing so
allows us to find the key "p_signature".
To remove the `p_signature` param from the iterator, we partition it
into two iterators: one for the `p_signature` entry, and another for the
rest. We then extract the value of `p_signature` and base64 decode it
for verification.
Add a new error type in case no `p_signature` entry is found in the
iterator.
Diffstat (limited to 'license-generator/paddle/src/lib.rs')
| -rw-r--r-- | license-generator/paddle/src/lib.rs | 24 |
1 files changed, 21 insertions, 3 deletions
diff --git a/license-generator/paddle/src/lib.rs b/license-generator/paddle/src/lib.rs index be10a76..6d685cd 100644 --- a/license-generator/paddle/src/lib.rs +++ b/license-generator/paddle/src/lib.rs @@ -1,14 +1,24 @@ +extern crate base64; + #[macro_use] extern crate error_chain; extern crate openssl; pub mod errors { + use base64; use openssl; error_chain! { foreign_links { + Base64(base64::DecodeError); Openssl(openssl::error::ErrorStack); } + + errors { + SignatureNotFound { + display("no signature could be found in params") + } + } } } @@ -26,21 +36,29 @@ use errors::*; // https://paddle.com/docs/reference-verifying-webhooks/ pub fn verify_signature<'a, S, I>( pem: &[u8], - signature: &[u8], params: I, ) -> Result<bool> where - S: AsRef<str> + Deref<Target = str> + Display, + S: AsRef<str> + Deref<Target = str> + PartialEq<str> + PartialOrd + Display, I: IntoIterator<Item = (S, S)> + PartialOrd, { let rsa = Rsa::public_key_from_pem(pem)?; let pkey = PKey::from_rsa(rsa)?; let mut verifier = Verifier::new(MessageDigest::sha1(), &pkey)?; + let (signature_params, params): (Vec<_>, Vec<_>) = params + .into_iter() + .partition(|(k, _v)| k == "p_signature"); + let signature = &signature_params + .first() + .ok_or(ErrorKind::SignatureNotFound)? + .1; + let signature = base64::decode(signature.as_bytes())?; + let digest = php_serialize(params); verifier.update(digest.as_bytes())?; - Ok(verifier.verify(signature)?) + Ok(verifier.verify(&signature)?) } fn php_serialize<'a, S, I>(pairs: I) -> String |