summaryrefslogtreecommitdiff
path: root/http.c
diff options
context:
space:
mode:
authorGravatar default2023-01-08 09:55:13 +0100
committerGravatar default2023-01-08 09:55:13 +0100
commit384cb7418ac39bb2cbf06662a0acc03fb717c8aa (patch)
tree73c53ad05b4ed20113725a2dfff2cf1a9788e8e4 /http.c
parentAdded support for HTTP signature pseudo-headers (created) and (expires). (diff)
downloadpenes-snac2-384cb7418ac39bb2cbf06662a0acc03fb717c8aa.tar.gz
penes-snac2-384cb7418ac39bb2cbf06662a0acc03fb717c8aa.tar.xz
penes-snac2-384cb7418ac39bb2cbf06662a0acc03fb717c8aa.zip
Minor refactor to check_signature().
Diffstat (limited to '')
-rw-r--r--http.c23
1 files changed, 13 insertions, 10 deletions
diff --git a/http.c b/http.c
index 4571c16..26ded53 100644
--- a/http.c
+++ b/http.c
@@ -139,8 +139,8 @@ int check_signature(snac *snac, char *req)
139 } 139 }
140 140
141 if (keyId == NULL || headers == NULL || signature == NULL) { 141 if (keyId == NULL || headers == NULL || signature == NULL) {
142 snac_debug(snac, 1, xs_fmt("bad signature header")); 142 snac_debug(snac, 0, xs_fmt("check_signature bad signature header"));
143 return 0; 143 goto error;
144 } 144 }
145 145
146 /* strip the # from the keyId */ 146 /* strip the # from the keyId */
@@ -150,14 +150,14 @@ int check_signature(snac *snac, char *req)
150 /* the actor must already be here */ 150 /* the actor must already be here */
151 xs *actor = NULL; 151 xs *actor = NULL;
152 if (!valid_status(actor_get(snac, keyId, &actor))) { 152 if (!valid_status(actor_get(snac, keyId, &actor))) {
153 snac_debug(snac, 1, xs_fmt("check_signature unknown actor %s", keyId)); 153 snac_debug(snac, 0, xs_fmt("check_signature unknown actor %s", keyId));
154 return 0; 154 goto error;
155 } 155 }
156 156
157 if ((p = xs_dict_get(actor, "publicKey")) == NULL || 157 if ((p = xs_dict_get(actor, "publicKey")) == NULL ||
158 ((pubkey = xs_dict_get(p, "publicKeyPem")) == NULL)) { 158 ((pubkey = xs_dict_get(p, "publicKeyPem")) == NULL)) {
159 snac_debug(snac, 1, xs_fmt("cannot get pubkey from actor %s", keyId)); 159 snac_debug(snac, 0, xs_fmt("check_signature cannot get pubkey from %s", keyId));
160 return 0; 160 goto error;
161 } 161 }
162 162
163 /* now build the string to be signed */ 163 /* now build the string to be signed */
@@ -189,10 +189,10 @@ int check_signature(snac *snac, char *req)
189 else { 189 else {
190 /* add the header */ 190 /* add the header */
191 if ((hc = xs_dict_get(req, v)) == NULL) { 191 if ((hc = xs_dict_get(req, v)) == NULL) {
192 snac_debug(snac, 1, 192 snac_debug(snac, 0,
193 xs_fmt("check_signature cannot find header %s", v)); 193 xs_fmt("check_signature cannot find header %s", v));
194 194
195 return 0; 195 goto error;
196 } 196 }
197 197
198 ss = xs_fmt("%s: %s", v, hc); 198 ss = xs_fmt("%s: %s", v, hc);
@@ -203,9 +203,12 @@ int check_signature(snac *snac, char *req)
203 } 203 }
204 204
205 if (xs_evp_verify(pubkey, sig_str, strlen(sig_str), signature) != 1) { 205 if (xs_evp_verify(pubkey, sig_str, strlen(sig_str), signature) != 1) {
206 snac_debug(snac, 0, xs_fmt("rsa verify error %s", keyId)); 206 snac_debug(snac, 0, xs_fmt("check_signature rsa verify error %s", keyId));
207 return 0; 207 goto error;
208 } 208 }
209 209
210 return 1; 210 return 1;
211
212error:
213 return 0;
211} 214}
HIC SVNT DRACONES