From 9b6d9ce2549e267a8c865f8503ada6d45d6996df Mon Sep 17 00:00:00 2001 From: yangDL <455619311@qq.com> Date: Wed, 30 Mar 2016 12:12:34 +0800 Subject: [PATCH] =?UTF-8?q?=E6=96=B0=E5=A2=9E=E5=9B=9E=E8=B0=83=E9=AA=8C?= =?UTF-8?q?=E8=AF=81=E7=AD=BE=E5=90=8D=E7=9A=84=E5=87=BD=E6=95=B0=E5=92=8C?= =?UTF-8?q?=E6=8F=90=E4=BE=9Bflask=E4=BD=BF=E7=94=A8=E7=9A=84=E5=87=BD?= =?UTF-8?q?=E6=95=B0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- pingpp/util.py | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/pingpp/util.py b/pingpp/util.py index 08ee5f5..32b4938 100644 --- a/pingpp/util.py +++ b/pingpp/util.py @@ -2,6 +2,8 @@ import sys import os + + logger = logging.getLogger('pingpp') __all__ = ['StringIO', 'parse_qsl', 'json', 'utf8'] @@ -53,3 +55,37 @@ def utf8(value): def is_appengine_dev(): return ('APPENGINE_RUNTIME' in os.environ and 'Dev' in os.environ.get('SERVER_SOFTWARE', '')) + + +def webhooks_verify(path_pubkey, private_sign, req_data): + """ path_pubkey : 公钥文件路径,内容为ping++提供的公钥(账户和设置 - Ping++ 公钥) + private_sign: ping++对应的私钥签名后的字符串 + req_data : 请求的json格式字符串,不要get_json(),因为会改变字段的顺序,直接获取原始字符串即可 + 备注:遇到一个坑,直接从官网上copy公钥时,vim保存文件时会多一个字符,导致验算不通过,推荐notepad++保存 + 最后一行不要有换行符 + """ + import base64 + + from Crypto.PublicKey import RSA + from Crypto.Signature import PKCS1_v1_5 + from Crypto.Hash import SHA256 + + def decode_base64(data): + missing_padding = 4 - len(data) % 4 + if missing_padding: + data += b'='*missing_padding + return base64.decodestring(data) + + sig = decode_base64(private_sign) + req_data = req_data.encode('utf-8') + digest = SHA256.new(req_data) + pubkey = RSA.importKey(open(path_pubkey).read()) + pkcs = PKCS1_v1_5.new(pubkey) + + return pkcs.verify(digest, sig) + + +def webhooks_verify_for_flask(path_pubkey, request): + private_sign = request.headers['x-pingplusplus-signature'] + req_data = request.data + return webhooks_verify(path_pubkey, private_sign, req_data)