From 63fe6b3eda3726f95a9375c70d1879f290ba56c9 Mon Sep 17 00:00:00 2001
From: Teddy Wing
Date: Thu, 8 Nov 2018 02:27:51 +0100
Subject: paddle: Add rough implementation of `verify_signature()`

Not sure if this works yet as I haven't tested it, but it follows most
of the examples in various languages on:

https://paddle.com/docs/reference-verifying-webhooks/

Just need to add in the comparison to the input signature.
---
 license-generator/Cargo.lock        |  3 +++
 license-generator/paddle/Cargo.toml |  1 +
 license-generator/paddle/src/lib.rs | 18 ++++++++++++++++--
 3 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/license-generator/Cargo.lock b/license-generator/Cargo.lock
index d615538..b11391e 100644
--- a/license-generator/Cargo.lock
+++ b/license-generator/Cargo.lock
@@ -149,6 +149,9 @@ dependencies = [
 [[package]]
 name = "paddle"
 version = "0.0.1"
+dependencies = [
+ "openssl 0.10.15 (registry+https://github.com/rust-lang/crates.io-index)",
+]
 
 [[package]]
 name = "pkg-config"
diff --git a/license-generator/paddle/Cargo.toml b/license-generator/paddle/Cargo.toml
index 0a4f677..06d8b6b 100644
--- a/license-generator/paddle/Cargo.toml
+++ b/license-generator/paddle/Cargo.toml
@@ -3,3 +3,4 @@ name = "paddle"
 version = "0.0.1"
 
 [dependencies]
+openssl = "0.10.15"
diff --git a/license-generator/paddle/src/lib.rs b/license-generator/paddle/src/lib.rs
index d153895..787f174 100644
--- a/license-generator/paddle/src/lib.rs
+++ b/license-generator/paddle/src/lib.rs
@@ -1,7 +1,21 @@
+extern crate openssl;
+
+use openssl::hash::MessageDigest;
+use openssl::pkey::PKey;
+use openssl::rsa::Rsa;
+use openssl::sign::Verifier;
+
+
 // https://paddle.com/docs/reference-verifying-webhooks/
-fn verify_signature<'a, I>(params: I) -> bool
+fn verify_signature<'a, I>(pem: &[u8], params: I) -> bool
 where I: IntoIterator<Item = (&'a str, &'a str)> {
-    false
+    let rsa = Rsa::public_key_from_pem(pem).unwrap();
+    let pkey = PKey::from_rsa(rsa).unwrap();
+    let verifier = Verifier::new(MessageDigest::sha1(), &pkey).unwrap();
+
+    let signature = php_serialize(params);
+
+    verifier.verify(signature.as_ref()).unwrap()
 }
 
 fn php_serialize<'a, I>(pairs: I) -> String
-- 
cgit v1.2.3