More work in check_signature() error archiving.

author: default 2023-01-08 10:19:25 +0100
committer: default 2023-01-08 10:19:25 +0100
commit: 54d1013ea9c5eb27c2d6aa6be4fd6d63a1d7ba6e (patch)
tree: 72c4d14531c2a69a472c72a863f229722fee7cb1
parent: Don't use goto in check_signature(). (diff)
download: snac2-54d1013ea9c5eb27c2d6aa6be4fd6d63a1d7ba6e.tar.gz
snac2-54d1013ea9c5eb27c2d6aa6be4fd6d63a1d7ba6e.tar.xz
snac2-54d1013ea9c5eb27c2d6aa6be4fd6d63a1d7ba6e.zip
1 files changed, 11 insertions, 10 deletions
diff --git a/http.c b/http.c
index 2e721f1..97154d3 100644
--- a/http.c
+++ b/http.c
@@ -103,7 +103,7 @@ d_char *http_signed_request(snac *snac, char *method, char *url,
 }
-static int _check_signature(snac *snac, char *req)
+static int _check_signature(snac *snac, char *req, char **err)
 /* check the signature */
 {
    char *sig_hdr = xs_dict_get(req, "signature");
@@ -140,7 +140,7 @@ static int _check_signature(snac *snac, char *req)
    }
    if (keyId == NULL || headers == NULL || signature == NULL) {
-        snac_debug(snac, 0, xs_fmt("check_signature bad signature header"));
+        *err = xs_fmt("bad signature header");
        return 0;
    }
@@ -151,13 +151,13 @@ static int _check_signature(snac *snac, char *req)
    /* the actor must already be here */
    xs *actor = NULL;
    if (!valid_status(actor_get(snac, keyId, &actor))) {
-        snac_debug(snac, 0, xs_fmt("check_signature unknown actor %s", keyId));
+        *err = xs_fmt("unknown actor %s", keyId);
        return 0;
    }
    if ((p = xs_dict_get(actor, "publicKey")) == NULL ||
        ((pubkey = xs_dict_get(p, "publicKeyPem")) == NULL)) {
-        snac_debug(snac, 0, xs_fmt("check_signature cannot get pubkey from %s", keyId));
+        *err = xs_fmt("cannot get pubkey from %s", keyId);
        return 0;
    }
@@ -190,9 +190,7 @@ static int _check_signature(snac *snac, char *req)
            else {
                /* add the header */
                if ((hc = xs_dict_get(req, v)) == NULL) {
-                    snac_debug(snac, 0,
+                    *err = xs_fmt("cannot find header '%s'", v);
-                        xs_fmt("check_signature cannot find header %s", v));
                    return 0;
                }
@@ -204,7 +202,7 @@ static int _check_signature(snac *snac, char *req)
    }
    if (xs_evp_verify(pubkey, sig_str, strlen(sig_str), signature) != 1) {
-        snac_debug(snac, 0, xs_fmt("check_signature rsa verify error %s", keyId));
+        *err = xs_fmt("RSA verify error %s", keyId);
        return 0;
    }
@@ -216,13 +214,16 @@ int check_signature(snac *snac, char *req)
 /* checks the signature and archives the error */
 {
    int ret;
+    xs *err = NULL;
-    if ((ret = _check_signature(snac, req)) == 0) {
+    if ((ret = _check_signature(snac, req, &err)) == 0) {
        xs *ntid = tid(0);
-        xs *fn   = xs_fmt("%s/error/check_signature_%s.json", srv_basedir, ntid);
+        xs *fn   = xs_fmt("%s/error/check_signature_%s", srv_basedir, ntid);
        FILE *f;
        if ((f = fopen(fn, "w")) != NULL) {
+            fprintf(f, "Error: %s\nRequest headers:\n", err);
            xs *j = xs_json_dumps_pp(req, 4);
            fwrite(j, strlen(j), 1, f);
author	default	2023-01-08 10:19:25 +0100
committer	default	2023-01-08 10:19:25 +0100
commit	54d1013ea9c5eb27c2d6aa6be4fd6d63a1d7ba6e (patch)
tree	72c4d14531c2a69a472c72a863f229722fee7cb1
parent	Don't use goto in check_signature(). (diff)
download	snac2-54d1013ea9c5eb27c2d6aa6be4fd6d63a1d7ba6e.tar.gz snac2-54d1013ea9c5eb27c2d6aa6be4fd6d63a1d7ba6e.tar.xz snac2-54d1013ea9c5eb27c2d6aa6be4fd6d63a1d7ba6e.zip