alipay_server_sdk.py 文件源码

def verify_signature(self, data_dict):
        def _verify_signature(message, signature, sign_type):
            # Only 'RSA' Type Supported
            if sign_type.upper() == 'RSA':
                h = SHA.new(message.encode('utf-8'))
                verifier = PKCS1_v1_5.new(RSA.importKey(base64.decodestring(self.alipay_verification_public_key)))
                return verifier.verify(h, base64.decodestring(signature.encode('utf-8')))
            else:
                raise Exception(Template('Sign type $sign_type not supported').substitute(sign_type=sign_type))

        _sign = data_dict.get('sign', '')
        _sign_type = data_dict.get('sign_type', '')

        # Filter out the sign, sign_type field, and join other key value in format k1=v1&k2=v2 (keys in order)
        _string_to_verify = "&".join(['{}={}'.format(key, str(value)) for (key, value) in sorted(data_dict.items()) if key not in {'sign', 'sign_type'}])
        return _verify_signature(message=_string_to_verify, signature=_sign, sign_type=_sign_type)