From 86d56b7b891288837d5b10bca6236dd95278fc58 Mon Sep 17 00:00:00 2001
From: Brad Fitzpatrick <brad@danga.com>
Date: Fri, 3 Dec 2010 18:56:33 -0800
Subject: [PATCH] more verification work

---
 doc/json-signing/json-signing.txt |  4 +++-
 server/go/sigserver/verify.go     | 36 +++++++++++++++++++++++++++++--
 2 files changed, 37 insertions(+), 3 deletions(-)

diff --git a/doc/json-signing/json-signing.txt b/doc/json-signing/json-signing.txt
index cad2bb106..b46452706 100644
--- a/doc/json-signing/json-signing.txt
+++ b/doc/json-signing/json-signing.txt
@@ -97,6 +97,8 @@ SIGNING
    ,"camliSig":"<S>"}\n
 
    ... where <S> is the single-line ASCII base64 detached signature.
+   Note that there are exactly 13 bytes before <S> and exactly
+   3 bytes after <S>.  Those must match exactly.
 
 -- the resulting string is 'C', the camli-signed JSON document.
 
@@ -124,7 +126,7 @@ VERIFYING
                   ,"camliSig":"
 
    Let's call the bytes before that 'BP' ("bytes payload") and the bytes
-   after 'BS' ("bytes signature")
+   starting at that substring 'BS' ("bytes signature")
 
 -- define 'BPJ' ("bytes payload JSON") as 'BP' + the single byte '}'.
 
diff --git a/server/go/sigserver/verify.go b/server/go/sigserver/verify.go
index c32aa0cac..453d6d462 100644
--- a/server/go/sigserver/verify.go
+++ b/server/go/sigserver/verify.go
@@ -14,7 +14,7 @@ package main
 */
 
 import (
-//	"bytes"
+	"bytes"
 //	"crypto/openpgp/armor"
 //	"crypto/openpgp/packet"
 ///	"crypto/rsa"
@@ -28,6 +28,8 @@ import (
 	"http"
 	)
 
+const sigSeparator = `,"camliSig":"`
+
 var flagPubKeyDir *string = flag.String("pubkey-dir", "test/pubkey-blobs",
 	"Temporary development hack; directory to dig-xxxx.camli public keys.")
 
@@ -52,9 +54,34 @@ func handleVerify(conn http.ResponseWriter, req *http.Request) {
 		http_util.BadRequestError(conn, "Missing sjson parameter.")
 		return
 	}
+
+	// See doc/json-signing/* for background and details
+	// on these variable names.
+
+	BA := []byte(sjson)
+	sigIndex := bytes.LastIndex(BA, []byte(sigSeparator))
+	if sigIndex == -1 {
+		verifyFail("no 13-byte camliSig separator found in sjson")
+		return
+	}
+
+	// "Bytes Payload"
+	BP := BA[0:sigIndex]
+
+	// "Bytes Payload JSON".  Note we re-use the memory (the ",")
+	// from BA in BPJ, so we can't re-use that "," byte for
+	// the opening "{" in "BS".
+	BPJ := BA[0:sigIndex+1]
+	BPJ[sigIndex] = '}'
+
+	BS := []byte("{" + sjson[sigIndex+1:])
+
+	log.Printf("BP = [%s]", string(BP))
+	log.Printf("BPJ = [%s]", string(BPJ))
+	log.Printf("BS = [%s]", string(BS))
 	
 	sjsonKeys := make(map[string]interface{})
-	if err := json.Unmarshal([]byte(sjson), &sjsonKeys); err != nil {
+	if err := json.Unmarshal(BPJ, &sjsonKeys); err != nil {
 		verifyFail("parse error; JSON is invalid")
 		return
 	}
@@ -82,6 +109,11 @@ func handleVerify(conn http.ResponseWriter, req *http.Request) {
 	}
 	log.Printf("Signer: %v", signerBlob)
 	
+	sigKey := make(map[string]interface{})
+	if err := json.Unmarshal(BPJ, &sigKey); err != nil {
+	   verifyFail("parse error; signature JSON invalid")
+	}
+	
 	log.Printf("Got json: %v", sjsonKeys)
 	conn.WriteHeader(http.StatusNotImplemented)
 	conn.Write([]byte("TODO: implement"))