verificar la firma

* que la llave pública de la firma sea la que se envía en la transaction
* que el cuerpo del mensaje tenga una línea vacía al final
This commit is contained in:
f 2022-03-21 14:36:17 -03:00
parent 38bbeceab4
commit 455a00ecc0
2 changed files with 10 additions and 5 deletions

View file

@ -15,8 +15,9 @@ class ReadingsController < ActionController::API
reading = raspberry.readings.build reading_params
reading.id = params[:transaction_uuid]
reading.signature = request.headers[:'X-Signature']
reading.raw_transaction = request.raw_post
reading.verified = reading.verify_ssh_signature
reading.raw_transaction = request.raw_post
reading.raw_transaction << "\n"
reading.verified = reading.verify(public_key)
params[:arduinos]&.reject do |a|
a[:id].blank? || a[:sensores].empty?
@ -57,11 +58,14 @@ class ReadingsController < ActionController::API
r.name = params[:controller_id]
r.serial_number = params[:serial_number]
r.save
r.public_keys.find_or_create_by(content: params[:public_key])
end
end
end
def public_key
@public_key ||= SSHData::PublicKey.parse_openssh(raspberry.public_keys.find_or_create_by(content: params[:public_key]).content)
end
# Procesa la transacción
def reading_params
@reading_params ||= params.permit(:timestamp,

View file

@ -4,8 +4,9 @@ class Reading < ApplicationRecord
belongs_to :raspberry
has_many :arduinos
def verify_ssh_signature
ssh_signature.verify raw_transaction
# @param :public_key [SSHData::PublicKey]
def verify(public_key)
public_key == ssh_signature.public_key && ssh_signature.verify(raw_transaction)
rescue SSHData::Error
false
end