1 files changed, 15 insertions, 9 deletions
diff --git a/http.c b/http.c
index 1b9fc71..2e721f1 100644
--- a/http.c
+++ b/http.c
@@ -103,7 +103,7 @@ d_char *http_signed_request(snac *snac, char *method, char *url,
 }
-int check_signature(snac *snac, char *req)
+static int _check_signature(snac *snac, char *req)
 /* check the signature */
 {
    char *sig_hdr = xs_dict_get(req, "signature");
@@ -141,7 +141,7 @@ int check_signature(snac *snac, char *req)
    if (keyId == NULL || headers == NULL || signature == NULL) {
        snac_debug(snac, 0, xs_fmt("check_signature bad signature header"));
-        goto error;
+        return 0;
    }
    /* strip the # from the keyId */
@@ -152,13 +152,13 @@ int check_signature(snac *snac, char *req)
    xs *actor = NULL;
    if (!valid_status(actor_get(snac, keyId, &actor))) {
        snac_debug(snac, 0, xs_fmt("check_signature unknown actor %s", keyId));
-        goto error;
+        return 0;
    }
    if ((p = xs_dict_get(actor, "publicKey")) == NULL ||
        ((pubkey = xs_dict_get(p, "publicKeyPem")) == NULL)) {
        snac_debug(snac, 0, xs_fmt("check_signature cannot get pubkey from %s", keyId));
-        goto error;
+        return 0;
    }
    /* now build the string to be signed */
@@ -193,7 +193,7 @@ int check_signature(snac *snac, char *req)
                    snac_debug(snac, 0,
                        xs_fmt("check_signature cannot find header %s", v));
-                    goto error;
+                    return 0;
                }
                ss = xs_fmt("%s: %s", v, hc);
@@ -205,13 +205,19 @@ int check_signature(snac *snac, char *req)
    if (xs_evp_verify(pubkey, sig_str, strlen(sig_str), signature) != 1) {
        snac_debug(snac, 0, xs_fmt("check_signature rsa verify error %s", keyId));
-        goto error;
+        return 0;
    }
    return 1;
+}
-error:
-    {
+int check_signature(snac *snac, char *req)
+/* checks the signature and archives the error */
+{
+    int ret;
+    if ((ret = _check_signature(snac, req)) == 0) {
        xs *ntid = tid(0);
        xs *fn   = xs_fmt("%s/error/check_signature_%s.json", srv_basedir, ntid);
        FILE *f;
@@ -224,5 +230,5 @@ error:
        }
    }
-    return 0;
+    return ret;
 }

diff --git a/http.c b/http.c index 1b9fc71..2e721f1 100644 --- a/http.c +++ b/http.c
@@ -103,7 +103,7 @@ d_char http_signed_request(snac snac, char method, char url,
103	}	103	}
104		104
105		105
106	int check_signature(snac snac, char req)	106	static int _check_signature(snac snac, char req)
107	/* check the signature */	107	/* check the signature */
108	{	108	{
109	char *sig_hdr = xs_dict_get(req, "signature");	109	char *sig_hdr = xs_dict_get(req, "signature");
@@ -141,7 +141,7 @@ int check_signature(snac snac, char req)
141		141
142	if (keyId == NULL \|\| headers == NULL \|\| signature == NULL) {	142	if (keyId == NULL \|\| headers == NULL \|\| signature == NULL) {
143	snac_debug(snac, 0, xs_fmt("check_signature bad signature header"));	143	snac_debug(snac, 0, xs_fmt("check_signature bad signature header"));
144	goto error;	144	return 0;
145	}	145	}
146		146
147	/* strip the # from the keyId */	147	/* strip the # from the keyId */
@@ -152,13 +152,13 @@ int check_signature(snac snac, char req)
152	xs *actor = NULL;	152	xs *actor = NULL;
153	if (!valid_status(actor_get(snac, keyId, &actor))) {	153	if (!valid_status(actor_get(snac, keyId, &actor))) {
154	snac_debug(snac, 0, xs_fmt("check_signature unknown actor %s", keyId));	154	snac_debug(snac, 0, xs_fmt("check_signature unknown actor %s", keyId));
155	goto error;	155	return 0;
156	}	156	}
157		157
158	if ((p = xs_dict_get(actor, "publicKey")) == NULL \|\|	158	if ((p = xs_dict_get(actor, "publicKey")) == NULL \|\|
159	((pubkey = xs_dict_get(p, "publicKeyPem")) == NULL)) {	159	((pubkey = xs_dict_get(p, "publicKeyPem")) == NULL)) {
160	snac_debug(snac, 0, xs_fmt("check_signature cannot get pubkey from %s", keyId));	160	snac_debug(snac, 0, xs_fmt("check_signature cannot get pubkey from %s", keyId));
161	goto error;	161	return 0;
162	}	162	}
163		163
164	/* now build the string to be signed */	164	/* now build the string to be signed */
@@ -193,7 +193,7 @@ int check_signature(snac snac, char req)
193	snac_debug(snac, 0,	193	snac_debug(snac, 0,
194	xs_fmt("check_signature cannot find header %s", v));	194	xs_fmt("check_signature cannot find header %s", v));
195		195
196	goto error;	196	return 0;
197	}	197	}
198		198
199	ss = xs_fmt("%s: %s", v, hc);	199	ss = xs_fmt("%s: %s", v, hc);
@@ -205,13 +205,19 @@ int check_signature(snac snac, char req)
205		205
206	if (xs_evp_verify(pubkey, sig_str, strlen(sig_str), signature) != 1) {	206	if (xs_evp_verify(pubkey, sig_str, strlen(sig_str), signature) != 1) {
207	snac_debug(snac, 0, xs_fmt("check_signature rsa verify error %s", keyId));	207	snac_debug(snac, 0, xs_fmt("check_signature rsa verify error %s", keyId));
208	goto error;	208	return 0;
209	}	209	}
210		210
211	return 1;	211	return 1;
		212	}
212		213
213	error:	214
214	{	215	int check_signature(snac snac, char req)
		216	/* checks the signature and archives the error */
		217	{
		218	int ret;
		219
		220	if ((ret = _check_signature(snac, req)) == 0) {
215	xs *ntid = tid(0);	221	xs *ntid = tid(0);
216	xs *fn = xs_fmt("%s/error/check_signature_%s.json", srv_basedir, ntid);	222	xs *fn = xs_fmt("%s/error/check_signature_%s.json", srv_basedir, ntid);
217	FILE *f;	223	FILE *f;
@@ -224,5 +230,5 @@ error:
224	}	230	}
225	}	231	}
226		232
227	return 0;	233	return ret;
228	}	234	}