From 20f7a268cce05cd63842adbc7a5d05d4d4cc5bc7 Mon Sep 17 00:00:00 2001
From: Teddy Wing
Date: Sat, 10 Nov 2018 20:39:48 +0100
Subject: paddle::verify_signature(): Extract signature from params

Make it easier on users by not requiring them to pass a signature into
the method. This means they don't have to extract the `p_signature`
param and base64 decode it themselves.

Essentially, we want to move the code from `request` that removes the
`p_signature` key and base64 decodes it into the
`paddle::verify_signature()` function.

We need to make the string-like type params in `verify_signature()`
conform additionally to `PartialEq<str>` and `PartialOrd`. Doing so
allows us to find the key "p_signature".

To remove the `p_signature` param from the iterator, we partition it
into two iterators: one for the `p_signature` entry, and another for the
rest. We then extract the value of `p_signature` and base64 decode it
for verification.

Add a new error type in case no `p_signature` entry is found in the
iterator.
---
 license-generator/paddle/src/lib.rs | 24 +++++++++++++++++++++---
 1 file changed, 21 insertions(+), 3 deletions(-)

(limited to 'license-generator/paddle/src')

diff --git a/license-generator/paddle/src/lib.rs b/license-generator/paddle/src/lib.rs
index be10a76..6d685cd 100644
--- a/license-generator/paddle/src/lib.rs
+++ b/license-generator/paddle/src/lib.rs
@@ -1,14 +1,24 @@
+extern crate base64;
+
 #[macro_use]
 extern crate error_chain;
 extern crate openssl;
 
 pub mod errors {
+    use base64;
     use openssl;
 
     error_chain! {
         foreign_links {
+            Base64(base64::DecodeError);
             Openssl(openssl::error::ErrorStack);
         }
+
+        errors {
+            SignatureNotFound {
+                display("no signature could be found in params")
+            }
+        }
     }
 }
 
@@ -26,21 +36,29 @@ use errors::*;
 // https://paddle.com/docs/reference-verifying-webhooks/
 pub fn verify_signature<'a, S, I>(
     pem: &[u8],
-    signature: &[u8],
     params: I,
 ) -> Result<bool>
 where
-    S: AsRef<str> + Deref<Target = str> + Display,
+    S: AsRef<str> + Deref<Target = str> + PartialEq<str> + PartialOrd + Display,
     I: IntoIterator<Item = (S, S)> + PartialOrd,
 {
     let rsa = Rsa::public_key_from_pem(pem)?;
     let pkey = PKey::from_rsa(rsa)?;
     let mut verifier = Verifier::new(MessageDigest::sha1(), &pkey)?;
 
+    let (signature_params, params): (Vec<_>, Vec<_>) = params
+        .into_iter()
+        .partition(|(k, _v)| k == "p_signature");
+    let signature = &signature_params
+        .first()
+        .ok_or(ErrorKind::SignatureNotFound)?
+        .1;
+    let signature = base64::decode(signature.as_bytes())?;
+
     let digest = php_serialize(params);
     verifier.update(digest.as_bytes())?;
 
-    Ok(verifier.verify(signature)?)
+    Ok(verifier.verify(&signature)?)
 }
 
 fn php_serialize<'a, S, I>(pairs: I) -> String
-- 
cgit v1.2.3