commit 315a43a826dbb7be813e24ff16d9e003ea7c8117
parent 9525be7495ffb389928f2246494bfcb0cecdae5a
Author: default <nobody@localhost>
Date: Sun, 8 Jan 2023 00:26:48 +0100
Added support for HTTP signature pseudo-headers (created) and (expires).
They are used in Lemmy.
Diffstat:
| M | http.c | | | 19 | ++++++++++++++++++- |
1 file changed, 18 insertions(+), 1 deletion(-)
diff --git a/http.c b/http.c
@@ -109,6 +109,8 @@ int check_signature(snac *snac, char *req)
xs *keyId = NULL;
xs *headers = NULL;
xs *signature = NULL;
+ xs *created = NULL;
+ xs *expires = NULL;
char *pubkey;
char *p;
@@ -127,6 +129,12 @@ int check_signature(snac *snac, char *req)
else
if (xs_startswith(v, "signature"))
signature = xs_crop(xs_dup(v), 11, -1);
+ else
+ if (xs_startswith(v, "created"))
+ created = xs_crop(xs_dup(v), 9, -1);
+ else
+ if (xs_startswith(v, "expires"))
+ expires = xs_crop(xs_dup(v), 9, -1);
}
}
@@ -170,6 +178,14 @@ int check_signature(snac *snac, char *req)
if (strcmp(v, "(request-target)") == 0) {
ss = xs_fmt("%s: post %s", v, xs_dict_get(req, "path"));
}
+ else
+ if (strcmp(v, "(created)") == 0) {
+ ss = xs_fmt("%s: %s", v, created);
+ }
+ else
+ if (strcmp(v, "(expires)") == 0) {
+ ss = xs_fmt("%s: %s", v, expires);
+ }
else {
/* add the header */
if ((hc = xs_dict_get(req, v)) == NULL) {
@@ -187,7 +203,8 @@ int check_signature(snac *snac, char *req)
}
if (xs_evp_verify(pubkey, sig_str, strlen(sig_str), signature) != 1) {
- snac_debug(snac, 1, xs_fmt("rsa verify error %s", keyId));
+ snac_debug(snac, 0, xs_fmt("rsa verify error %s", keyId));
+ return 0;
}
return 1;
