z2s8/ssl.cr

## ssl.cr
# based on developer.github.com/webhooks/securing

require "openssl"
require "openssl/hmac"

# constant time string comparison between fixed length strings
# forked from github.com/rack/rack, modified to work with crystal
def secure_compare(a, b)
  return false unless a.bytesize == b.bytesize

  l = a.bytes

  r, i = 0, -1
  b.each_byte { |v| r |= v ^ l[i += 1] }
  r == 0
end

def verify_signature(payload_body)
  signature = "sha1=" + OpenSSL::HMAC.hexdigest(:sha1, "ENV['SECRET_TOKEN']", payload_body)
  return "Signatures didn't match!" unless secure_compare(signature, ".env['HTTP_X_HUB_SIGNATURE']")
  return "GOOD"
end

puts verify_signature("'asd'")
puts secure_compare("asd", "agd")
	# based on developer.github.com/webhooks/securing

	require "openssl"
	require "openssl/hmac"

	# constant time string comparison between fixed length strings
	# forked from github.com/rack/rack, modified to work with crystal
	def secure_compare(a, b)
	return false unless a.bytesize == b.bytesize

	l = a.bytes

	r, i = 0, -1
	b.each_byte { \|v\| r \|= v ^ l[i += 1] }
	r == 0
	end

	def verify_signature(payload_body)
	signature = "sha1=" + OpenSSL::HMAC.hexdigest(:sha1, "ENV['SECRET_TOKEN']", payload_body)
	return "Signatures didn't match!" unless secure_compare(signature, ".env['HTTP_X_HUB_SIGNATURE']")
	return "GOOD"
	end

	puts verify_signature("'asd'")
	puts secure_compare("asd", "agd")