Minor refactor to check_signature().

This commit is contained in:
default 2023-01-08 09:55:13 +01:00
parent 315a43a826
commit 384cb7418a

23
http.c
View file

@ -139,8 +139,8 @@ int check_signature(snac *snac, char *req)
} }
if (keyId == NULL || headers == NULL || signature == NULL) { if (keyId == NULL || headers == NULL || signature == NULL) {
snac_debug(snac, 1, xs_fmt("bad signature header")); snac_debug(snac, 0, xs_fmt("check_signature bad signature header"));
return 0; goto error;
} }
/* strip the # from the keyId */ /* strip the # from the keyId */
@ -150,14 +150,14 @@ int check_signature(snac *snac, char *req)
/* the actor must already be here */ /* the actor must already be here */
xs *actor = NULL; xs *actor = NULL;
if (!valid_status(actor_get(snac, keyId, &actor))) { if (!valid_status(actor_get(snac, keyId, &actor))) {
snac_debug(snac, 1, xs_fmt("check_signature unknown actor %s", keyId)); snac_debug(snac, 0, xs_fmt("check_signature unknown actor %s", keyId));
return 0; goto error;
} }
if ((p = xs_dict_get(actor, "publicKey")) == NULL || if ((p = xs_dict_get(actor, "publicKey")) == NULL ||
((pubkey = xs_dict_get(p, "publicKeyPem")) == NULL)) { ((pubkey = xs_dict_get(p, "publicKeyPem")) == NULL)) {
snac_debug(snac, 1, xs_fmt("cannot get pubkey from actor %s", keyId)); snac_debug(snac, 0, xs_fmt("check_signature cannot get pubkey from %s", keyId));
return 0; goto error;
} }
/* now build the string to be signed */ /* now build the string to be signed */
@ -189,10 +189,10 @@ int check_signature(snac *snac, char *req)
else { else {
/* add the header */ /* add the header */
if ((hc = xs_dict_get(req, v)) == NULL) { if ((hc = xs_dict_get(req, v)) == NULL) {
snac_debug(snac, 1, snac_debug(snac, 0,
xs_fmt("check_signature cannot find header %s", v)); xs_fmt("check_signature cannot find header %s", v));
return 0; goto error;
} }
ss = xs_fmt("%s: %s", v, hc); ss = xs_fmt("%s: %s", v, hc);
@ -203,9 +203,12 @@ int check_signature(snac *snac, char *req)
} }
if (xs_evp_verify(pubkey, sig_str, strlen(sig_str), signature) != 1) { if (xs_evp_verify(pubkey, sig_str, strlen(sig_str), signature) != 1) {
snac_debug(snac, 0, xs_fmt("rsa verify error %s", keyId)); snac_debug(snac, 0, xs_fmt("check_signature rsa verify error %s", keyId));
return 0; goto error;
} }
return 1; return 1;
error:
return 0;
} }