Created
June 21, 2011 02:20
-
-
Save elricstorm/1037106 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| def verify_zong_signature(params) | |
| require 'openssl' | |
| require 'base64' | |
| require 'cgi' | |
| # Pull the original signature | |
| signature = params[:signature] | |
| # ensure that all of the parameters remain encoded | |
| # Rails decodes them | |
| params.each do |key, value| | |
| params[key] = CGI.escape(value) | |
| end | |
| # Capture all of our parameters | |
| parameters = params | |
| # rails adds a controller and action param so we delete that | |
| # and we delete the signature to null it out | |
| parameters.delete('action') | |
| parameters.delete('controller') | |
| parameters.delete('signature') | |
| parameters['signature'] = '' | |
| # Rebuild URL | |
| rebuilturl = "?" | |
| firstelement = true | |
| parameters.sort.each do |p| | |
| if firstelement == true | |
| rebuilturl << "#{p[0].to_s}=#{p[1].to_s}" | |
| firstelement = false | |
| else | |
| rebuilturl << '&' << "#{p[0].to_s}=#{p[1].to_s}" | |
| end | |
| end | |
| # Verify Signature | |
| data = rebuilturl | |
| pem = File.read("#{Rails.root}/certs/zong.pem") | |
| verification = verify_pem(pem, data, signature) | |
| if verification == true | |
| return true | |
| else | |
| return false | |
| end | |
| end | |
| def verify_pem(cert_file, data, signature) | |
| public_key = OpenSSL::PKey::RSA.new(cert_file) | |
| return public_key.verify(OpenSSL::Digest::SHA1.new, Base64.decode64(signature), data) | |
| end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment