monkee.ch/snac2
1
0
Fork 0
mirror of https://codeberg.org/grunfink/snac2.git synced 2024-11-22 13:25:04 +00:00
Code Issues Projects Releases Packages Wiki Activity

More work in check_signature() error archiving.

Browse source
This commit is contained in:
default 2023-01-08 10:19:25 +01:00
parent 7bcac99c88
commit 54d1013ea9
1 changed files with 11 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
http.c
View file

@ -103,7 +103,7 @@ d_char *http_signed_request(snac *snac, char *method, char *url,
} }
static int _check_signature(snac *snac, char *req) static int _check_signature(snac *snac, char *req, char **err)
/* check the signature */ /* check the signature */
{ {
char *sig_hdr = xs_dict_get(req, "signature"); char *sig_hdr = xs_dict_get(req, "signature");
@ -140,7 +140,7 @@ static int _check_signature(snac *snac, char *req)
} }
if (keyId == NULL || headers == NULL || signature == NULL) { if (keyId == NULL || headers == NULL || signature == NULL) {
snac_debug(snac, 0, xs_fmt("check_signature bad signature header")); *err = xs_fmt("bad signature header");
return 0; return 0;
} }
@ -151,13 +151,13 @@ static int _check_signature(snac *snac, char *req)
/* the actor must already be here */ /* the actor must already be here */
xs *actor = NULL; xs *actor = NULL;
if (!valid_status(actor_get(snac, keyId, &actor))) { if (!valid_status(actor_get(snac, keyId, &actor))) {
snac_debug(snac, 0, xs_fmt("check_signature unknown actor %s", keyId)); *err = xs_fmt("unknown actor %s", keyId);
return 0; return 0;
} }
if ((p = xs_dict_get(actor, "publicKey")) == NULL || if ((p = xs_dict_get(actor, "publicKey")) == NULL ||
((pubkey = xs_dict_get(p, "publicKeyPem")) == NULL)) { ((pubkey = xs_dict_get(p, "publicKeyPem")) == NULL)) {
snac_debug(snac, 0, xs_fmt("check_signature cannot get pubkey from %s", keyId)); *err = xs_fmt("cannot get pubkey from %s", keyId);
return 0; return 0;
} }
@ -190,9 +190,7 @@ static int _check_signature(snac *snac, char *req)
else { else {
/* add the header */ /* add the header */
if ((hc = xs_dict_get(req, v)) == NULL) { if ((hc = xs_dict_get(req, v)) == NULL) {
snac_debug(snac, 0, *err = xs_fmt("cannot find header '%s'", v);
xs_fmt("check_signature cannot find header %s", v));
return 0; return 0;
} }
@ -204,7 +202,7 @@ static int _check_signature(snac *snac, char *req)
} }
if (xs_evp_verify(pubkey, sig_str, strlen(sig_str), signature) != 1) { if (xs_evp_verify(pubkey, sig_str, strlen(sig_str), signature) != 1) {
snac_debug(snac, 0, xs_fmt("check_signature rsa verify error %s", keyId)); *err = xs_fmt("RSA verify error %s", keyId);
return 0; return 0;
} }
@ -216,13 +214,16 @@ int check_signature(snac *snac, char *req)
/* checks the signature and archives the error */ /* checks the signature and archives the error */
{ {
int ret; int ret;
xs *err = NULL;
if ((ret = _check_signature(snac, req)) == 0) { if ((ret = _check_signature(snac, req, &err)) == 0) {
xs *ntid = tid(0); xs *ntid = tid(0);
xs *fn = xs_fmt("%s/error/check_signature_%s.json", srv_basedir, ntid); xs *fn = xs_fmt("%s/error/check_signature_%s", srv_basedir, ntid);
FILE *f; FILE *f;
if ((f = fopen(fn, "w")) != NULL) { if ((f = fopen(fn, "w")) != NULL) {
fprintf(f, "Error: %s\nRequest headers:\n", err);
xs *j = xs_json_dumps_pp(req, 4); xs *j = xs_json_dumps_pp(req, 4);
fwrite(j, strlen(j), 1, f); fwrite(j, strlen(j), 1, f);