function verifySignature(publicKey, authData) { const verifier = crypto.createVerify('sha256'); verifier.update(authData.playerId, 'utf8'); verifier.update(authData.bundleId, 'utf8'); verifier.update(convertTimestampToBigEndian(authData.timestamp)); verifier.update(authData.salt, 'base64'); if (!verifier.verify(publicKey, authData.signature, 'base64')) { throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Apple Game Center - invalid signature'); } }
// retrieve public KEY and use it to validate token this.rotation.getJWK(token.header.kid).then(key => { verify.update(token.signed); if (!verify.verify(key, token.signature)) { reject(new Error('invalid token (public key signature)')); } else { resolve(token); } }, () => { reject(new Error('failed to load public key to verify token')); });
checkSSHAuthorization(publicAlgo, publicData, signAlgo, blob, signature){ var self = this; return new Promise(function(resolve, reject) { if (!self.clientPublicKey) { return resolve(); } var verifier = crypto.createVerify(signAlgo); verifier.update(blob); if (verifier.verify(self.clientPublicKey.publicOrig, signature, 'binary')){ var encodedUserPass = new Buffer(self._options.username + ':' + self._options.password).toString('base64'); return resolve(`Basic ${encodedUserPass}`); } else { return resolve(); } }); }
server.route({ method: 'POST', path:'/travis', handler: function (request, reply) { let travisSignature = Buffer.from(request.headers.signature, 'base64'); let payload = request.payload.payload; let status = false; got('https://api.travis-ci.org/config', { timeout: 10000 }) .then(response => { let travisPublicKey = JSON.parse(response.body).config.notifications.webhook.public_key; let verifier = crypto.createVerify('sha1'); verifier.update(payload); status = verifier.verify(travisPublicKey, travisSignature); }) .catch(error => { console.log('Something went wrong:\n' + error) }) .then(() => { if (status) { // Handle request here now that it has been verified... } reply(200); }); } });
app.post('/travis', function (req, res) { let travisSignature = Buffer.from(req.headers.signature, 'base64'); let payload = req.body.payload; let status = false; got('https://api.travis-ci.org/config', { timeout: 10000 }) .then(response => { let travisPublicKey = JSON.parse(response.body).config.notifications.webhook.public_key; let verifier = crypto.createVerify('sha1'); verifier.update(payload); status = verifier.verify(travisPublicKey, travisSignature); }) .catch(error => { console.log('Something went wrong:\n' + error) }) .then(() => { if (status) { // Handle request here now that it has been verified... } res.sendStatus(200); }); });
function verifySignature(publicKey, authData) { const verifier = crypto.createVerify('sha256'); verifier.update(authData.playerId, 'utf8'); verifier.update(authData.bundleId, 'utf8'); verifier.update(convertTimestampToBigEndian(authData.timestamp)); verifier.update(authData.salt, 'base64'); if (!verifier.verify(publicKey, authData.signature, 'base64')) { throw new Parse.Error( Parse.Error.OBJECT_NOT_FOUND, 'Apple Game Center - invalid signature' ); } }