def test_decode_base64(): s = '\n' s += util.decode_base64('YWJj') s += '\n' s += util.decode_base64('YWJj', 'utf-8') s += '\n' s += util.decode_base64('YWJj', 'shift-jis') s += '\n' s += util.decode_base64('YWJj44GC44GE44GG', 'utf-8') s += '\n' s += util.decode_base64('YWJjgqCCooKk', 'shift-jis') return s
def _verify_signature(payment): if payment.service_platform == membership_pb2.SERVICE_PLATFORM_PLAYSTORE: # verify playstore purchase signature h = SHA.new(payment.playstore.original_json) signature = decode_base64(payment.playstore.signature) return _signature_verifier.verify(h, signature) elif payment.service_platform == membership_pb2.SERVICE_PLATFORM_APPSTORE: # TODO: verify appstore purchase reciept pass elif payment.service_platform == membership_pb2.SERVICE_PLATFORM_GAMFLIER: # TODO: verify gameflier purchase information pass return False
def _verify_request_body(request, type): if not request.data: _error(request, 'Invalid request', 404) # decode base64 try: decode_data = decode_base64(request.data) except Exception as err: _error(request, 'Invalid decode string;{data:%s}' % (request.data), 404, err) req = membership_pb2.Request() try: req.ParseFromString(decode_data) except Exception as err: _error(request, 'Invalid massage format;{data:%s}' % (request.data), 404, err) if type != req.type: _error(request, 'Invalid request type;{type:%d}' % (type), 404) return req
_service_platform_urls = { membership_pb2.SERVICE_PLATFORM_PLAYSTORE: app.PLAYSTORE_URL, membership_pb2.SERVICE_PLATFORM_APPSTORE: app.APPSTORE_URL, membership_pb2.SERVICE_PLATFORM_GAMEFLIER: app.GAMEFLIER_URL, } _random_string = string.ascii_letters + string.digits # initialize PlayStore PUBLIC_KEY from Crypto.Signature import PKCS1_v1_5 from Crypto.Hash import SHA from Crypto.PublicKey import RSA PLAYSTORE_PUBLIC_KEY = 'MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs01V/72JCxylb8REj6jlRBvsjmx/VfTs1nIX4lQY6sinzJYrz07x0Ven9GD6xTQboXGH2Dk2hmu4XsiZDu8CxKWcR5Kx/8BqtE6IrLWSAD4J2iB1P4ELZRGoLWIraZ/oidxLGKk0RgohPw/EjNFtVveXlgHrvY3NECMZ75n/t8wNivp+nEKqWAtPd0gCTxtp3hDOe8n70aiw9MtCV2t0BaAyFXYiVtkBCAyjDh7k0RKo7TgCR+IA21rfs5i2Fv6S8H0I1o+1rfNyRG9jnqhtHI4Wi+CfcXf7uO+oVECl2Pq21rrcBSzIOZqfwdZTrnK/pXD1Hb891KLRIUk9DdkRcQIDAQAB' PLAYSTORE_VERIFY_KEY = RSA.importKey(decode_base64(PLAYSTORE_PUBLIC_KEY)) _signature_verifier = PKCS1_v1_5.new(PLAYSTORE_VERIFY_KEY) def _verify_access_token(request, access_token): member = None # access_token if not access_token: _error(request, 'Can not verify access_token;{access_token:%s}' % (access_token), 404) # verify access_token try: member = _serializer.loads(access_token) except BadSignature as err: _error(request, 'Can not verify access_token;{access_token:%s}' % (access_token), 404, err)