mirror of https://github.com/perkeep/perkeep.git
more verification work
This commit is contained in:
Brad Fitzpatrick
parent
88fa514b77
commit
86d56b7b89
|
|
@ -97,6 +97,8 @@ SIGNING
|
|||
,"camliSig":"<S>"}\n
|
||||
|
||||
... where <S> is the single-line ASCII base64 detached signature.
|
||||
Note that there are exactly 13 bytes before <S> and exactly
|
||||
3 bytes after <S>. Those must match exactly.
|
||||
|
||||
-- the resulting string is 'C', the camli-signed JSON document.
|
||||
|
||||
|
|
@ -124,7 +126,7 @@ VERIFYING
|
|||
,"camliSig":"
|
||||
|
||||
Let's call the bytes before that 'BP' ("bytes payload") and the bytes
|
||||
after 'BS' ("bytes signature")
|
||||
starting at that substring 'BS' ("bytes signature")
|
||||
|
||||
-- define 'BPJ' ("bytes payload JSON") as 'BP' + the single byte '}'.
|
||||
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@ package main
|
|||
*/
|
||||
|
||||
import (
|
||||
// "bytes"
|
||||
"bytes"
|
||||
// "crypto/openpgp/armor"
|
||||
// "crypto/openpgp/packet"
|
||||
/// "crypto/rsa"
|
||||
|
|
@ -28,6 +28,8 @@ import (
|
|||
"http"
|
||||
)
|
||||
|
||||
const sigSeparator = `,"camliSig":"`
|
||||
|
||||
var flagPubKeyDir *string = flag.String("pubkey-dir", "test/pubkey-blobs",
|
||||
"Temporary development hack; directory to dig-xxxx.camli public keys.")
|
||||
|
||||
|
|
@ -52,9 +54,34 @@ func handleVerify(conn http.ResponseWriter, req *http.Request) {
|
|||
http_util.BadRequestError(conn, "Missing sjson parameter.")
|
||||
return
|
||||
}
|
||||
|
||||
// See doc/json-signing/* for background and details
|
||||
// on these variable names.
|
||||
|
||||
BA := []byte(sjson)
|
||||
sigIndex := bytes.LastIndex(BA, []byte(sigSeparator))
|
||||
if sigIndex == -1 {
|
||||
verifyFail("no 13-byte camliSig separator found in sjson")
|
||||
return
|
||||
}
|
||||
|
||||
// "Bytes Payload"
|
||||
BP := BA[0:sigIndex]
|
||||
|
||||
// "Bytes Payload JSON". Note we re-use the memory (the ",")
|
||||
// from BA in BPJ, so we can't re-use that "," byte for
|
||||
// the opening "{" in "BS".
|
||||
BPJ := BA[0:sigIndex+1]
|
||||
BPJ[sigIndex] = '}'
|
||||
|
||||
BS := []byte("{" + sjson[sigIndex+1:])
|
||||
|
||||
log.Printf("BP = [%s]", string(BP))
|
||||
log.Printf("BPJ = [%s]", string(BPJ))
|
||||
log.Printf("BS = [%s]", string(BS))
|
||||
|
||||
sjsonKeys := make(map[string]interface{})
|
||||
if err := json.Unmarshal([]byte(sjson), &sjsonKeys); err != nil {
|
||||
if err := json.Unmarshal(BPJ, &sjsonKeys); err != nil {
|
||||
verifyFail("parse error; JSON is invalid")
|
||||
return
|
||||
}
|
||||
|
|
@ -82,6 +109,11 @@ func handleVerify(conn http.ResponseWriter, req *http.Request) {
|
|||
}
|
||||
log.Printf("Signer: %v", signerBlob)
|
||||
|
||||
sigKey := make(map[string]interface{})
|
||||
if err := json.Unmarshal(BPJ, &sigKey); err != nil {
|
||||
verifyFail("parse error; signature JSON invalid")
|
||||
}
|
||||
|
||||
log.Printf("Got json: %v", sjsonKeys)
|
||||
conn.WriteHeader(http.StatusNotImplemented)
|
||||
conn.Write([]byte("TODO: implement"))
|
||||
|
|
|
|||
Loading…
Reference in New Issue