Improve error reporting during signature verification

This commit is contained in:
silverpill 2021-11-22 23:23:50 +00:00
parent 20026bd819
commit f716a61d0e

View file

@ -25,8 +25,11 @@ pub enum VerificationError {
#[error("invalid key ID")] #[error("invalid key ID")]
UrlError(#[from] url::ParseError), UrlError(#[from] url::ParseError),
#[error("actor error")] #[error("database error")]
ActorError, DatabaseError(#[from] DatabaseError),
#[error("{0}")]
ActorError(String),
#[error("invalid key")] #[error("invalid key")]
InvalidKey(#[from] rsa::pkcs8::Error), InvalidKey(#[from] rsa::pkcs8::Error),
@ -116,8 +119,7 @@ pub async fn verify_http_signature(
request.headers(), request.headers(),
)?; )?;
let db_client = &**get_database_client(db_pool).await let db_client = &**get_database_client(db_pool).await?;
.map_err(|_| VerificationError::ActorError)?;
let actor_profile = match get_profile_by_actor_id(db_client, &signature_data.actor_id).await { let actor_profile = match get_profile_by_actor_id(db_client, &signature_data.actor_id).await {
Ok(profile) => profile, Ok(profile) => profile,
Err(err) => match err { Err(err) => match err {
@ -127,22 +129,18 @@ pub async fn verify_http_signature(
&signature_data.actor_id, &signature_data.actor_id,
&config.media_dir(), &config.media_dir(),
).await.map_err(|err| { ).await.map_err(|err| {
log::error!("{}", err); VerificationError::ActorError(err.to_string())
VerificationError::ActorError
})?; })?;
let profile = create_profile( let profile = create_profile(db_client, &profile_data).await?;
db_client,
&profile_data,
).await.map_err(|_| VerificationError::ActorError)?;
profile profile
}, },
_ => { other_error => {
return Err(VerificationError::ActorError); return Err(other_error.into());
}, },
}, },
}; };
let actor = actor_profile.remote_actor().ok().flatten() let actor = actor_profile.remote_actor().ok().flatten()
.ok_or(VerificationError::ActorError)?; .ok_or(VerificationError::ActorError("invalid profile".to_string()))?;
let public_key = deserialize_public_key(&actor.public_key.public_key_pem)?; let public_key = deserialize_public_key(&actor.public_key.public_key_pem)?;
let is_valid_signature = verify_signature( let is_valid_signature = verify_signature(