1 files changed, 43 insertions, 0 deletions
diff --git a/http.c b/http.c
index 8062806..1d8cc7d 100644
--- a/http.c
+++ b/http.c
@@ -108,6 +108,8 @@ int check_signature(snac *snac, char *req)
    xs *keyId = NULL;
    xs *headers = NULL;
    xs *signature = NULL;
+    xs *sig_bin = NULL;
+    int s_size;
    char *pubkey;
    char *p;
@@ -151,5 +153,46 @@ int check_signature(snac *snac, char *req)
        return 0;
    }
+    /* now build the string to be signed */
+    xs *sig_str = xs_str_new(NULL);
+    {
+        xs *l = xs_split(headers, " ");
+        char *v;
+        p = l;
+        while (xs_list_iter(&p, &v)) {
+            char *hc;
+            xs *ss = NULL;
+            if (*sig_str != '\0')
+                sig_str = xs_str_cat(sig_str, "\n");
+            if (strcmp(v, "(request-target)") == 0) {
+                ss = xs_fmt("%s: post %s", v, xs_dict_get(req, "path"));
+            }
+            else {
+                /* add the header */
+                if ((hc = xs_dict_get(req, v)) == NULL) {
+                    snac_debug(snac, 1,
+                        xs_fmt("check_signature cannot find header %s", v));
+                    return 0;
+                }
+                ss = xs_fmt("%s: %s", v, hc);
+            }
+            sig_str = xs_str_cat(sig_str, ss);
+        }
+    }
+    /* convert the signature to binary */
+    sig_bin = xs_base64_dec(signature, &s_size);
+    if (xs_evp_verify(pubkey, sig_str, strlen(sig_str), sig_bin) != 1) {
+        snac_debug(snac, 1, xs_fmt("rsa verify error %s", keyId));
+    }
    return 1;
 }

diff --git a/http.c b/http.c index 8062806..1d8cc7d 100644 --- a/http.c +++ b/http.c
@@ -108,6 +108,8 @@ int check_signature(snac snac, char req)
108	xs *keyId = NULL;	108	xs *keyId = NULL;
109	xs *headers = NULL;	109	xs *headers = NULL;
110	xs *signature = NULL;	110	xs *signature = NULL;
		111	xs *sig_bin = NULL;
		112	int s_size;
111	char *pubkey;	113	char *pubkey;
112	char *p;	114	char *p;
113		115
@@ -151,5 +153,46 @@ int check_signature(snac snac, char req)
151	return 0;	153	return 0;
152	}	154	}
153		155
		156	/* now build the string to be signed */
		157	xs *sig_str = xs_str_new(NULL);
		158
		159	{
		160	xs *l = xs_split(headers, " ");
		161	char *v;
		162
		163	p = l;
		164	while (xs_list_iter(&p, &v)) {
		165	char *hc;
		166	xs *ss = NULL;
		167
		168	if (*sig_str != '\0')
		169	sig_str = xs_str_cat(sig_str, "\n");
		170
		171	if (strcmp(v, "(request-target)") == 0) {
		172	ss = xs_fmt("%s: post %s", v, xs_dict_get(req, "path"));
		173	}
		174	else {
		175	/* add the header */
		176	if ((hc = xs_dict_get(req, v)) == NULL) {
		177	snac_debug(snac, 1,
		178	xs_fmt("check_signature cannot find header %s", v));
		179
		180	return 0;
		181	}
		182
		183	ss = xs_fmt("%s: %s", v, hc);
		184	}
		185
		186	sig_str = xs_str_cat(sig_str, ss);
		187	}
		188	}
		189
		190	/* convert the signature to binary */
		191	sig_bin = xs_base64_dec(signature, &s_size);
		192
		193	if (xs_evp_verify(pubkey, sig_str, strlen(sig_str), sig_bin) != 1) {
		194	snac_debug(snac, 1, xs_fmt("rsa verify error %s", keyId));
		195	}
		196
154	return 1;	197	return 1;
155	}	198	}