How to verify the Paddle webhook signature in Swift 3 using the Vapor packages CTLS and Crypto (include OpenSSL)

verifyPaddleSignature.swift

    /// Verify the signature passed with the Paddle request parameters. 
    /// Details here: https://paddle.com/docs/reference-verifying-webhooks
    func verifyPaddleSignature(inParameters parameters: [String:String]) throws -> Bool {
        guard let signatureString = parameters[PaddleParameter.signature.rawValue],
            let signature = Data(base64Encoded: signatureString) else {
            return false
        }
        
        // Need to gather sorted parameters
        var signatureParameters = parameters
        signatureParameters.removeValue(forKey: PaddleParameter.signature.rawValue)
        let sortedParameters = signatureParameters.sorted { $0.0 < $1.0 }
        
        // Serialize using PHP serialize format.
        var serializedParameters = "a:\(sortedParameters.count):{"
        for pair in sortedParameters {
            let keyLength = pair.key.count
            let valueLength = pair.value.utf8.count
            serializedParameters.append("s:\(keyLength):\"\(pair.key)\";s:\(valueLength):\"\(pair.value)\";")
        }
        serializedParameters.append("}")
        guard let serializedParameterData = serializedParameters.data(using: .utf8) else {
            return false
        }
        
        // Verify RSA signature
        let publicKeyString =
            "MIICIjANBgkqhaiG9w0BAQEFAAOCAg8AMIICCgKCAgEAqFPF0PPNa+gDOBYlFYut" +
            "QrFb1k7JOq2L3fwCZqTjzRGTUWC14UZJsf++sAAR5uzwhYXQI4zNpFGvMtgpmmVD" +
            "<Replace all this with your key from Paddle>" +
            "f2tltF2XkY+nn30A2CWsP2sCAwEAAQ=="
        
        let publicKey = try CryptorRSA.createPublicKey(withBase64: publicKeyString)
        let signedData = CryptorRSA.createSigned(with: signature)
        return try CryptorRSA.createPlaintext(with: serializedParameterData).verify(with: publicKey, signature: signedData, algorithm: .sha1)
  
    }