verificar la firma
* que la llave pública de la firma sea la que se envía en la transaction * que el cuerpo del mensaje tenga una línea vacía al final
This commit is contained in:
parent
38bbeceab4
commit
455a00ecc0
2 changed files with 10 additions and 5 deletions
|
@ -16,7 +16,8 @@ class ReadingsController < ActionController::API
|
||||||
reading.id = params[:transaction_uuid]
|
reading.id = params[:transaction_uuid]
|
||||||
reading.signature = request.headers[:'X-Signature']
|
reading.signature = request.headers[:'X-Signature']
|
||||||
reading.raw_transaction = request.raw_post
|
reading.raw_transaction = request.raw_post
|
||||||
reading.verified = reading.verify_ssh_signature
|
reading.raw_transaction << "\n"
|
||||||
|
reading.verified = reading.verify(public_key)
|
||||||
|
|
||||||
params[:arduinos]&.reject do |a|
|
params[:arduinos]&.reject do |a|
|
||||||
a[:id].blank? || a[:sensores].empty?
|
a[:id].blank? || a[:sensores].empty?
|
||||||
|
@ -57,11 +58,14 @@ class ReadingsController < ActionController::API
|
||||||
r.name = params[:controller_id]
|
r.name = params[:controller_id]
|
||||||
r.serial_number = params[:serial_number]
|
r.serial_number = params[:serial_number]
|
||||||
r.save
|
r.save
|
||||||
r.public_keys.find_or_create_by(content: params[:public_key])
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def public_key
|
||||||
|
@public_key ||= SSHData::PublicKey.parse_openssh(raspberry.public_keys.find_or_create_by(content: params[:public_key]).content)
|
||||||
|
end
|
||||||
|
|
||||||
# Procesa la transacción
|
# Procesa la transacción
|
||||||
def reading_params
|
def reading_params
|
||||||
@reading_params ||= params.permit(:timestamp,
|
@reading_params ||= params.permit(:timestamp,
|
||||||
|
|
|
@ -4,8 +4,9 @@ class Reading < ApplicationRecord
|
||||||
belongs_to :raspberry
|
belongs_to :raspberry
|
||||||
has_many :arduinos
|
has_many :arduinos
|
||||||
|
|
||||||
def verify_ssh_signature
|
# @param :public_key [SSHData::PublicKey]
|
||||||
ssh_signature.verify raw_transaction
|
def verify(public_key)
|
||||||
|
public_key == ssh_signature.public_key && ssh_signature.verify(raw_transaction)
|
||||||
rescue SSHData::Error
|
rescue SSHData::Error
|
||||||
false
|
false
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in a new issue