diff options
| author |  default | 2023-01-08 09:55:13 +0100 |
|---|---|---|
| committer | default | 2023-01-08 09:55:13 +0100 |
| commit | 384cb7418ac39bb2cbf06662a0acc03fb717c8aa (patch) | |
| tree | 73c53ad05b4ed20113725a2dfff2cf1a9788e8e4 | |
| parent | Added support for HTTP signature pseudo-headers (created) and (expires). (diff) | |
| download | snac2-384cb7418ac39bb2cbf06662a0acc03fb717c8aa.tar.gz snac2-384cb7418ac39bb2cbf06662a0acc03fb717c8aa.tar.xz snac2-384cb7418ac39bb2cbf06662a0acc03fb717c8aa.zip | |
Minor refactor to check_signature().
| -rw-r--r-- | http.c | 23 |
1 files changed, 13 insertions, 10 deletions
| @@ -139,8 +139,8 @@ int check_signature(snac *snac, char *req) | |||
| 139 | } | 139 | } |
| 140 | 140 | ||
| 141 | if (keyId == NULL || headers == NULL || signature == NULL) { | 141 | if (keyId == NULL || headers == NULL || signature == NULL) { |
| 142 | snac_debug(snac, 1, xs_fmt("bad signature header")); | 142 | snac_debug(snac, 0, xs_fmt("check_signature bad signature header")); |
| 143 | return 0; | 143 | goto error; |
| 144 | } | 144 | } |
| 145 | 145 | ||
| 146 | /* strip the # from the keyId */ | 146 | /* strip the # from the keyId */ |
| @@ -150,14 +150,14 @@ int check_signature(snac *snac, char *req) | |||
| 150 | /* the actor must already be here */ | 150 | /* the actor must already be here */ |
| 151 | xs *actor = NULL; | 151 | xs *actor = NULL; |
| 152 | if (!valid_status(actor_get(snac, keyId, &actor))) { | 152 | if (!valid_status(actor_get(snac, keyId, &actor))) { |
| 153 | snac_debug(snac, 1, xs_fmt("check_signature unknown actor %s", keyId)); | 153 | snac_debug(snac, 0, xs_fmt("check_signature unknown actor %s", keyId)); |
| 154 | return 0; | 154 | goto error; |
| 155 | } | 155 | } |
| 156 | 156 | ||
| 157 | if ((p = xs_dict_get(actor, "publicKey")) == NULL || | 157 | if ((p = xs_dict_get(actor, "publicKey")) == NULL || |
| 158 | ((pubkey = xs_dict_get(p, "publicKeyPem")) == NULL)) { | 158 | ((pubkey = xs_dict_get(p, "publicKeyPem")) == NULL)) { |
| 159 | snac_debug(snac, 1, xs_fmt("cannot get pubkey from actor %s", keyId)); | 159 | snac_debug(snac, 0, xs_fmt("check_signature cannot get pubkey from %s", keyId)); |
| 160 | return 0; | 160 | goto error; |
| 161 | } | 161 | } |
| 162 | 162 | ||
| 163 | /* now build the string to be signed */ | 163 | /* now build the string to be signed */ |
| @@ -189,10 +189,10 @@ int check_signature(snac *snac, char *req) | |||
| 189 | else { | 189 | else { |
| 190 | /* add the header */ | 190 | /* add the header */ |
| 191 | if ((hc = xs_dict_get(req, v)) == NULL) { | 191 | if ((hc = xs_dict_get(req, v)) == NULL) { |
| 192 | snac_debug(snac, 1, | 192 | snac_debug(snac, 0, |
| 193 | xs_fmt("check_signature cannot find header %s", v)); | 193 | xs_fmt("check_signature cannot find header %s", v)); |
| 194 | 194 | ||
| 195 | return 0; | 195 | goto error; |
| 196 | } | 196 | } |
| 197 | 197 | ||
| 198 | ss = xs_fmt("%s: %s", v, hc); | 198 | ss = xs_fmt("%s: %s", v, hc); |
| @@ -203,9 +203,12 @@ int check_signature(snac *snac, char *req) | |||
| 203 | } | 203 | } |
| 204 | 204 | ||
| 205 | if (xs_evp_verify(pubkey, sig_str, strlen(sig_str), signature) != 1) { | 205 | if (xs_evp_verify(pubkey, sig_str, strlen(sig_str), signature) != 1) { |
| 206 | snac_debug(snac, 0, xs_fmt("rsa verify error %s", keyId)); | 206 | snac_debug(snac, 0, xs_fmt("check_signature rsa verify error %s", keyId)); |
| 207 | return 0; | 207 | goto error; |
| 208 | } | 208 | } |
| 209 | 209 | ||
| 210 | return 1; | 210 | return 1; |
| 211 | |||
| 212 | error: | ||
| 213 | return 0; | ||
| 211 | } | 214 | } |