Improve error in signature verification

This commit is contained in:
asonix 2022-11-22 15:11:56 -06:00
parent b53ec4d980
commit 5cd0b21ae3
2 changed files with 12 additions and 6 deletions

View file

@ -100,6 +100,9 @@ pub(crate) enum ErrorKind {
#[error("Couldn't sign digest")] #[error("Couldn't sign digest")]
Signature(#[from] signature::Error), Signature(#[from] signature::Error),
#[error("Couldn't read signature")]
ReadSignature(signature::Error),
#[error("Couldn't parse the signature header")] #[error("Couldn't parse the signature header")]
HeaderValidation(#[from] actix_web::http::header::InvalidHeaderValue), HeaderValidation(#[from] actix_web::http::header::InvalidHeaderValue),

View file

@ -113,15 +113,18 @@ async fn do_verify(
) -> Result<(), Error> { ) -> Result<(), Error> {
let public_key = RsaPublicKey::from_public_key_pem(public_key.trim())?; let public_key = RsaPublicKey::from_public_key_pem(public_key.trim())?;
let span = tracing::Span::current();
web::block(move || { web::block(move || {
let decoded = base64::decode(signature)?; span.in_scope(|| {
let signature = Signature::from_bytes(&decoded)?; let decoded = base64::decode(signature)?;
let hashed = Sha256::new_with_prefix(signing_string.as_bytes()); let signature = Signature::from_bytes(&decoded).map_err(ErrorKind::ReadSignature)?;
let hashed = Sha256::new_with_prefix(signing_string.as_bytes());
let verifying_key = VerifyingKey::new_with_prefix(public_key); let verifying_key = VerifyingKey::new_with_prefix(public_key);
verifying_key.verify_digest(hashed, &signature)?; verifying_key.verify_digest(hashed, &signature)?;
Ok(()) as Result<(), Error> Ok(()) as Result<(), Error>
})
}) })
.await??; .await??;