From 455a00ecc0925ba912609d60abdcca3cefcf2787 Mon Sep 17 00:00:00 2001 From: f Date: Mon, 21 Mar 2022 14:36:17 -0300 Subject: [PATCH] verificar la firma MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * que la llave pública de la firma sea la que se envía en la transaction * que el cuerpo del mensaje tenga una línea vacía al final --- app/controllers/readings_controller.rb | 10 +++++++--- app/models/reading.rb | 5 +++-- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/app/controllers/readings_controller.rb b/app/controllers/readings_controller.rb index 394935f..dcfe0a0 100644 --- a/app/controllers/readings_controller.rb +++ b/app/controllers/readings_controller.rb @@ -15,8 +15,9 @@ class ReadingsController < ActionController::API reading = raspberry.readings.build reading_params reading.id = params[:transaction_uuid] reading.signature = request.headers[:'X-Signature'] - reading.raw_transaction = request.raw_post - reading.verified = reading.verify_ssh_signature + reading.raw_transaction = request.raw_post + reading.raw_transaction << "\n" + reading.verified = reading.verify(public_key) params[:arduinos]&.reject do |a| a[:id].blank? || a[:sensores].empty? @@ -57,11 +58,14 @@ class ReadingsController < ActionController::API r.name = params[:controller_id] r.serial_number = params[:serial_number] r.save - r.public_keys.find_or_create_by(content: params[:public_key]) end end end + def public_key + @public_key ||= SSHData::PublicKey.parse_openssh(raspberry.public_keys.find_or_create_by(content: params[:public_key]).content) + end + # Procesa la transacción def reading_params @reading_params ||= params.permit(:timestamp, diff --git a/app/models/reading.rb b/app/models/reading.rb index 0a6e31d..cf292eb 100644 --- a/app/models/reading.rb +++ b/app/models/reading.rb @@ -4,8 +4,9 @@ class Reading < ApplicationRecord belongs_to :raspberry has_many :arduinos - def verify_ssh_signature - ssh_signature.verify raw_transaction + # @param :public_key [SSHData::PublicKey] + def verify(public_key) + public_key == ssh_signature.public_key && ssh_signature.verify(raw_transaction) rescue SSHData::Error false end