More work in check_signature() (non-working).

2024-09-19 18:00:23 +03:00 · 2022-09-29 15:08:56 +02:00 · 2022-09-29 15:08:56 +02:00 · 73a02fca6f
commit 73a02fca6f
parent 392c014c26
1 changed files with 43 additions and 0 deletions
--- a/http.c
+++ b/http.c
@ -108,6 +108,8 @@ int check_signature(snac *snac, char *req)
    xs *keyId = NULL;
    xs *headers = NULL;
    xs *signature = NULL;
+    xs *sig_bin = NULL;
+    int s_size;
    char *pubkey;
    char *p;

@ -151,5 +153,46 @@ int check_signature(snac *snac, char *req)
        return 0;
    }

+    /* now build the string to be signed */
+    xs *sig_str = xs_str_new(NULL);
+
+    {
+        xs *l = xs_split(headers, " ");
+        char *v;
+
+        p = l;
+        while (xs_list_iter(&p, &v)) {
+            char *hc;
+            xs *ss = NULL;
+
+            if (*sig_str != '\0')
+                sig_str = xs_str_cat(sig_str, "\n");
+
+            if (strcmp(v, "(request-target)") == 0) {
+                ss = xs_fmt("%s: post %s", v, xs_dict_get(req, "path"));
+            }
+            else {
+                /* add the header */
+                if ((hc = xs_dict_get(req, v)) == NULL) {
+                    snac_debug(snac, 1,
+                        xs_fmt("check_signature cannot find header %s", v));
+
+                    return 0;
+                }
+
+                ss = xs_fmt("%s: %s", v, hc);
+            }
+
+            sig_str = xs_str_cat(sig_str, ss);
+        }
+    }
+
+    /* convert the signature to binary */
+    sig_bin = xs_base64_dec(signature, &s_size);
+
+    if (xs_evp_verify(pubkey, sig_str, strlen(sig_str), sig_bin) != 1) {
+        snac_debug(snac, 1, xs_fmt("rsa verify error %s", keyId));
+    }
+
    return 1;
 }