More tests, improve verification

Author: yaronf

config.go

@@ -46,16 +46,16 @@ func (c *SignConfig) setFakeCreated(ts int64) *SignConfig {
 	return c
 }
 
-// setExpires adds an "expires" parameter containing an expiration deadline, as Unix time.
+// SetExpires adds an "expires" parameter containing an expiration deadline, as Unix time.
 // Default: 0 (do not add the parameter)
-func (c *SignConfig) setExpires(expires int64) *SignConfig {
+func (c *SignConfig) SetExpires(expires int64) *SignConfig {
 	c.expires = expires
 	return c
 }
 
-// setNonce adds a "nonce" string parameter whose content should be unique per signed message.
+// SetNonce adds a "nonce" string parameter whose content should be unique per signed message.
 // Default: empty string (do not add the parameter)
-func (c *SignConfig) setNonce(nonce string) *SignConfig {
+func (c *SignConfig) SetNonce(nonce string) *SignConfig {
 	c.nonce = nonce
 	return c
 }
@@ -73,16 +73,8 @@ type VerifyConfig struct {
 	verifyCreated bool
 	notNewerThan  time.Duration
 	notOlderThan  time.Duration
-	verifyAlg     bool
 	allowedAlgs   []string
-}
-
-// SetAllowedAlgs defines what are the allowed values of the "alg" parameter.
-// This is useful if the actual algorithm used in verification is taken from the message - not a recommended practice.
-// Default: all supported asymmetric algorithms.
-func (v *VerifyConfig) SetAllowedAlgs(allowedAlgs []string) *VerifyConfig {
-	v.allowedAlgs = allowedAlgs
-	return v
+	rejectExpired bool
 }
 
 // SetNotNewerThan sets the window for messages that appear to be newer than the current time,
@@ -106,21 +98,29 @@ func (v *VerifyConfig) SetVerifyCreated(verifyCreated bool) *VerifyConfig {
 	return v
 }
 
-// SetVerifyAlg indicates that the "alg" parameter exist. Use SetAllowedAlgs to specify allowed values.
-// Default: false.
-func (v *VerifyConfig) SetVerifyAlg(verifyAlg bool) *VerifyConfig {
-	v.verifyAlg = verifyAlg
+// SetRejectExpired indicates that expired messages (according to the "expires" parameter) must fail verification.
+// Default: true.
+func (v *VerifyConfig) SetRejectExpired(rejectExpired bool) *VerifyConfig {
+	v.rejectExpired = rejectExpired
+	return v
+}
+
+// SetAllowedAlgs defines the allowed values of the "alg" parameter.
+// This is useful if the actual algorithm used in verification is taken from the message - not a recommended practice.
+// Default: an empty list, signifying all values are accepted.
+func (v *VerifyConfig) SetAllowedAlgs(allowedAlgs []string) *VerifyConfig {
+	v.allowedAlgs = allowedAlgs
 	return v
 }
 
 // NewVerifyConfig generates a default configuration.
 func NewVerifyConfig() *VerifyConfig {
 	return &VerifyConfig{
 		verifyCreated: true,
-		notNewerThan:  1_000 * time.Millisecond,
-		notOlderThan:  10_000 * time.Millisecond,
-		verifyAlg:     false,
-		allowedAlgs:   []string{"rsa-v1_5-sha256", "rsa-pss-sha512", "ecdsa-p256-sha256"},
+		notNewerThan:  2 * time.Second,
+		notOlderThan:  10 * time.Second,
+		rejectExpired: true,
+		allowedAlgs:   []string{},
 	}
 }
 

handler_test.go

@@ -54,6 +54,9 @@ func Test_WrapHandler(t *testing.T) {
 	}
 
 	verifier, err := NewHMACSHA256Verifier("key", bytes.Repeat([]byte{0}, 64), NewVerifyConfig(), *NewFields())
+	if err != nil {
+		log.Fatal(err)
+	}
 	_, err = VerifyResponse("sig1", *verifier, res)
 	if err != nil {
 		log.Fatal(err)
@@ -115,7 +118,7 @@ func ExampleWrapHandler_clientSigns() {
 }
 
 func ExampleWrapHandler_serverSigns() {
-	// Callback to let the server locate its verification key and configuration
+	// Callback to let the server locate its signing key and configuration
 	fetchSigner := func(res http.Response, r *http.Request) (string, *Signer) {
 		sigName := "sig1"
 		signer, _ := NewHMACSHA256Signer("key", bytes.Repeat([]byte{0}, 64), nil,
@@ -151,3 +154,115 @@ func ExampleWrapHandler_serverSigns() {
 	fmt.Println("verified: ", verified)
 	// output: verified:  true
 }
+
+// test various failures
+func TestWrapHandlerServerSigns(t *testing.T) {
+	serverSignsTestCase := func(t *testing.T, nilSigner, dontSignResponse, earlyExpires, noSigner, badKey, badAlgs bool, wantBody, wantStatus string) {
+		// Callback to let the server locate its signing key and configuration
+		var signConfig *SignConfig
+		if !earlyExpires {
+			signConfig = nil
+		} else {
+			signConfig = NewSignConfig().SetExpires(2000)
+		}
+		fetchSigner := func(res http.Response, r *http.Request) (string, *Signer) {
+			sigName := "sig1"
+			signer, _ := NewHMACSHA256Signer("key", bytes.Repeat([]byte{0}, 64), signConfig,
+				HeaderList([]string{"@status", "bar", "date"}))
+			return sigName, signer
+		}
+		badFetchSigner := func(res http.Response, r *http.Request) (string, *Signer) {
+			return "just a name", nil
+		}
+
+		simpleHandler := func(w http.ResponseWriter, r *http.Request) { // this handler gets wrapped
+			w.WriteHeader(200)
+			w.Header().Set("bar", "baz")
+			fmt.Fprintln(w, "Hello, client")
+		}
+
+		// Configure the wrapper and set it up
+		var config *HandlerConfig
+		if !nilSigner {
+			if !noSigner {
+				config = NewHandlerConfig().SetVerifyRequest(false).SetFetchSigner(fetchSigner)
+			} else {
+				config = NewHandlerConfig().SetVerifyRequest(false).SetFetchSigner(badFetchSigner)
+			}
+
+		} else {
+			config = NewHandlerConfig().SetVerifyRequest(false).SetFetchSigner(nil)
+
+		}
+		if dontSignResponse {
+			config = config.SetSignResponse(false)
+		}
+		ts := httptest.NewServer(WrapHandler(http.HandlerFunc(simpleHandler), config))
+		defer ts.Close()
+
+		// HTTP client code
+		res, err := http.Get(ts.URL)
+		if err != nil {
+			log.Fatal(err)
+		}
+		body, err := io.ReadAll(res.Body)
+		if err != nil {
+			log.Fatal(err)
+		}
+		res.Body.Close()
+
+		if string(body) != wantBody {
+			t.Errorf("Status: got %s want %s", string(body), wantBody)
+		}
+		if res.Status != wantStatus {
+			t.Errorf("Status: got %s want %s", res.Status, wantStatus)
+		}
+
+		var key []byte
+		if !badKey {
+			key = bytes.Repeat([]byte{0}, 64)
+		} else {
+			key = bytes.Repeat([]byte{3}, 64)
+		}
+		verifyConfig := NewVerifyConfig()
+		if badAlgs {
+			verifyConfig = verifyConfig.SetAllowedAlgs([]string{"zuzu"})
+		}
+		verifier, _ := NewHMACSHA256Verifier("key", key, verifyConfig, *NewFields())
+		verified, _ := VerifyResponse("sig1", *verifier, res)
+
+		if verified {
+			t.Errorf("surprise! Verification successful")
+		}
+	}
+	nilSigner := func(t *testing.T) {
+		serverSignsTestCase(t, true, false, false, false, false, false, "Failed to sign response: could not fetch a signer\n",
+			"500 Internal Server Error")
+	}
+	dontSignResponse := func(t *testing.T) {
+		serverSignsTestCase(t, false, true, false, false, false, false, "Hello, client\n",
+			"200 OK")
+	}
+	earlyExpires := func(t *testing.T) {
+		serverSignsTestCase(t, false, false, true, false, false, false, "Hello, client\n",
+			"200 OK")
+	}
+	noSigner := func(t *testing.T) {
+		serverSignsTestCase(t, false, false, false, true, false, false, "Failed to sign response: could not fetch a signer, check key ID\n",
+			"500 Internal Server Error")
+	}
+	badKey := func(t *testing.T) {
+		serverSignsTestCase(t, false, false, false, false, true, false, "Hello, client\n",
+			"200 OK")
+	}
+	badAlgs := func(t *testing.T) {
+		serverSignsTestCase(t, false, false, false, false, false, true, "Hello, client\n",
+			"200 OK")
+	}
+	t.Run("nil signer", nilSigner)
+	t.Run("don't sign response", dontSignResponse)
+	t.Run("early expires field", earlyExpires)
+	t.Run("bad fetch signer", noSigner)
+	t.Run("wrong verification key", badKey)
+	t.Run("failed algorithm check", badAlgs)
+}

signatures.go

@@ -157,55 +157,62 @@ func VerifyRequest(signatureName string, verifier Verifier, req *http.Request) (
 	return verifyMessage(*verifier.c, signatureName, verifier, *parsedMessage, verifier.f)
 }
 
-// RequestKeyID parses a signed request and returns the key ID used in the given signature.
-func RequestKeyID(signatureName string, req *http.Request) (string, error) {
+// RequestDetails parses a signed request and returns the key ID and optionally the algorithm used in the given signature.
+func RequestDetails(signatureName string, req *http.Request) (keyID, alg string, err error) {
 	if req == nil {
-		return "", fmt.Errorf("nil request")
+		return "", "", fmt.Errorf("nil request")
 	}
 	if signatureName == "" {
-		return "", fmt.Errorf("empty signature name")
+		return "", "", fmt.Errorf("empty signature name")
 	}
 	parsedMessage, err := parseRequest(req)
 	if err != nil {
-		return "", err
+		return "", "", err
 	}
 	return messageKeyID(signatureName, *parsedMessage)
 }
 
-// ResponseKeyID parses a signed response and returns the key ID used in the given signature.
-func ResponseKeyID(signatureName string, res *http.Response) (string, error) {
+// ResponseDetails parses a signed response and returns the key ID and optionally the algorithm used in the given signature.
+func ResponseDetails(signatureName string, res *http.Response) (keyID, alg string, err error) {
 	if res == nil {
-		return "", fmt.Errorf("nil response")
+		return "", "", fmt.Errorf("nil response")
 	}
 	if signatureName == "" {
-		return "", fmt.Errorf("empty signature name")
+		return "", "", fmt.Errorf("empty signature name")
 	}
 	parsedMessage, err := parseResponse(res)
 	if err != nil {
-		return "", err
+		return "", "", err
 	}
 	return messageKeyID(signatureName, *parsedMessage)
 }
 
-func messageKeyID(signatureName string, parsedMessage parsedMessage) (string, error) {
+func messageKeyID(signatureName string, parsedMessage parsedMessage) (keyID, alg string, err error) {
 	si, found := parsedMessage.components[*fromHeaderName("signature-input")]
 	if !found {
-		return "", fmt.Errorf("missing \"signature-input\" header")
+		return "", "", fmt.Errorf("missing \"signature-input\" header")
 	}
 	signatureInput := si[0]
 	psi, err := parseSignatureInput(signatureInput, signatureName)
 	if err != nil {
-		return "", err
+		return
 	}
 	keyIDParam, ok := psi.params["keyid"]
 	if !ok {
-		return "", fmt.Errorf("missing \"keyid\" parameter")
+		return "", "", fmt.Errorf("missing \"keyid\" parameter")
 	}
-	keyID, ok := keyIDParam.(string)
+	keyID, ok = keyIDParam.(string)
 	if !ok {
-		return "", fmt.Errorf("malformed \"keyid\" parameter")
+		return "", "", fmt.Errorf("malformed \"keyid\" parameter")
 	}
-	return keyID, nil
+	algParam, ok := psi.params["alg"] // "alg" is optional
+	if ok {
+		alg, ok = algParam.(string)
+		if !ok {
+			return "", "", fmt.Errorf("malformed \"alg\" parameter")
+		}
+	}
+	return keyID, alg, nil
 }
 
 //
@@ -284,7 +291,7 @@ func applyVerificationPolicy(psi *psiSignature, config VerifyConfig) error {
 			return fmt.Errorf("message is too old, check for replay")
 		}
 	}
-	if config.verifyAlg && len(config.allowedAlgs) > 0 {
+	if len(config.allowedAlgs) > 0 {
 		algParam, ok := psi.params["alg"]
 		if !ok {
 			return fmt.Errorf("missing \"alg\" parameter")
@@ -303,6 +310,20 @@ func applyVerificationPolicy(psi *psiSignature, config VerifyConfig) error {
 			return fmt.Errorf("\"alg\" parameter not allowed by policy")
 		}
 	}
+	if config.rejectExpired {
+		now := time.Now()
+		expiresParam, ok := psi.params["expires"]
+		if ok {
+			expires, ok := expiresParam.(int64)
+			if !ok {
+				return fmt.Errorf("malformed \"expires\" parameter")
+			}
+			expiresTime := time.Unix(expires, 0)
+			if now.After(expiresTime) {
+				return fmt.Errorf("expired signature")
+			}
+		}
+	}
 	return nil
 }