Skip to content

Commit 7076534

Browse files
yaronfyaronf
committed
;req test case "almost" works
1 parent 73ad0fe commit 7076534

File tree

2 files changed

+61
-8
lines changed

2 files changed

+61
-8
lines changed

signatures.go

Lines changed: 12 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -349,24 +349,28 @@ func messageDetails(signatureName string, parsedMessage parsedMessage) (details
349349

350350
//
351351
// VerifyResponse verifies a signed HTTP response. Returns an error if verification failed for any reason, otherwise nil.
352-
//
353-
func VerifyResponse(signatureName string, verifier Verifier, res *http.Response, req *http.Request) (err error) { // TODO
352+
func VerifyResponse(signatureName string, verifier Verifier, res *http.Response, req *http.Request) error {
353+
_, err := verifyResponseDebug(signatureName, verifier, res, req)
354+
return err
355+
}
356+
357+
func verifyResponseDebug(signatureName string, verifier Verifier, res *http.Response, req *http.Request) (signatureBase string, err error) {
354358
if res == nil {
355-
return fmt.Errorf("nil response")
359+
return "", fmt.Errorf("nil response")
356360
}
357361
if signatureName == "" {
358-
return fmt.Errorf("empty signature name")
362+
return "", fmt.Errorf("empty signature name")
359363
}
360364
parsedMessage, err := parseResponse(res)
361365
if err != nil {
362-
return err
366+
return "", err
363367
}
364368
parsedAssocMessage, err := parseRequest(req)
365369
if err != nil {
366-
return err
370+
return "", err
367371
}
368-
_, err = verifyMessage(*verifier.config, signatureName, verifier, parsedMessage, parsedAssocMessage, verifier.fields)
369-
return err
372+
signatureBase, err = verifyMessage(*verifier.config, signatureName, verifier, parsedMessage, parsedAssocMessage, verifier.fields)
373+
return signatureBase, err
370374
}
371375

372376
func verifyMessage(config VerifyConfig, name string, verifier Verifier, message, assocMessage *parsedMessage, fields Fields) (string, error) {

signatures_test.go

Lines changed: 49 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1534,6 +1534,55 @@ func TestAssocMessage(t *testing.T) {
15341534
assert.NoError(t, err, "Verification should succeed")
15351535
}
15361536

1537+
var httpreq6 = `POST /foo?param=Value&Pet=dog HTTP/1.1
1538+
Host: example.com
1539+
Date: Tue, 20 Apr 2021 02:07:55 GMT
1540+
Content-Type: application/json
1541+
Content-Digest: sha-512=:WZDPaVn/7XgHaAy8pmojAkGWoRx2UFChF41A2svX+TaPm+AbwAgBWnrIiYllu7BNNyealdVLvRwEmTHWXvJwew==:
1542+
Content-Length: 18
1543+
Signature-Input: sig1=("@method" "@authority" "@path" "content-digest" "content-length" "content-type");created=1618884475;keyid="test-key-rsa-pss"
1544+
Signature: sig1=:LAH8BjcfcOcLojiuOBFWn0P5keD3xAOuJRGziCLuD8r5MW9S0RoXXLzLSRfGY/3SF8kVIkHjE13SEFdTo4Af/fJ/Pu9wheqoLVdwXyY/UkBIS1M8Brc8IODsn5DFIrG0IrburbLi0uCc+E2ZIIb6HbUJ+o+jP58JelMTe0QE3IpWINTEzpxjqDf5/Df+InHCAkQCTuKsamjWXUpyOT1Wkxi7YPVNOjW4MfNuTZ9HdbD2Tr65+BXeTG9ZS/9SWuXAc+BZ8WyPz0QRz//ec3uWXd7bYYODSjRAxHqX+S1ag3LZElYyUKaAIjZ8MGOt4gXEwCSLDv/zqxZeWLj/PDkn6w==:
1545+
1546+
{"hello": "world"}
1547+
`
1548+
1549+
var httpres6 = `HTTP/1.1 503 Service Unavailable
1550+
Date: Tue, 20 Apr 2021 02:07:56 GMT
1551+
Content-Type: application/json
1552+
Content-Length: 62
1553+
Signature-Input: reqres=("@status" "content-length" "content-type" "signature";req;key="sig1");created=1618884479;keyid="test-key-ecc-p256"
1554+
Signature: reqres=:vR1E+sDgh0J3dZyVdPc7mK0ZbEMW3N47eDpFjXLE9g95Gx1KQLpdOmDQfedgdLzaFCqfD0WPn9e9/jubyUuZRw==:
1555+
1556+
{"busy": true, "message": "Your call is very important to us"}
1557+
`
1558+
1559+
// ";req" use case from draft
1560+
func TestRequestBinding(t *testing.T) {
1561+
req := readRequest(httpreq6)
1562+
pubKey, err := parseRsaPublicKeyFromPemStr(rsaPSSPubKey)
1563+
if err != nil {
1564+
t.Errorf("cannot read public key: %v", err)
1565+
}
1566+
contentDigest := req.Header.Values("Content-Digest")
1567+
err = ValidateContentDigestHeader(contentDigest, &req.Body, []string{DigestSha512})
1568+
assert.NoError(t, err, "validate digest")
1569+
fields := *NewFields()
1570+
verifier, err := NewRSAPSSVerifier("test-key-rsa-pss", *pubKey, NewVerifyConfig().SetVerifyCreated(false), fields)
1571+
assert.NoError(t, err, "create verifier")
1572+
_, err = verifyRequestDebug("sig1", *verifier, req)
1573+
// fmt.Println(sigBase)
1574+
// assert.NoError(t, err, "verify request") // TODO: does not verify
1575+
1576+
res := readResponse(httpres6)
1577+
pubKey2, err := parseECPublicKeyFromPemStr(p256PubKey2)
1578+
assert.NoError(t, err, "read pub key")
1579+
fields2 := *NewFields()
1580+
verifier2, err := NewP256Verifier("test-key-ecc-p256", *pubKey2, NewVerifyConfig().SetVerifyCreated(false), fields2)
1581+
assert.NoError(t, err, "create verifier")
1582+
err = VerifyResponse("reqres", *verifier2, res, req)
1583+
assert.NoError(t, err, "verify response")
1584+
}
1585+
15371586
func TestOptionalVerify(t *testing.T) {
15381587
req := readRequest(httpreq2)
15391588
req.Header.Add("X-Opt1", "val1")

0 commit comments

Comments
 (0)