verificar la firma
* que la llave pública de la firma sea la que se envía en la transaction * que el cuerpo del mensaje tenga una línea vacía al final
This commit is contained in:
parent
38bbeceab4
commit
455a00ecc0
2 changed files with 10 additions and 5 deletions
|
@ -15,8 +15,9 @@ class ReadingsController < ActionController::API
|
|||
reading = raspberry.readings.build reading_params
|
||||
reading.id = params[:transaction_uuid]
|
||||
reading.signature = request.headers[:'X-Signature']
|
||||
reading.raw_transaction = request.raw_post
|
||||
reading.verified = reading.verify_ssh_signature
|
||||
reading.raw_transaction = request.raw_post
|
||||
reading.raw_transaction << "\n"
|
||||
reading.verified = reading.verify(public_key)
|
||||
|
||||
params[:arduinos]&.reject do |a|
|
||||
a[:id].blank? || a[:sensores].empty?
|
||||
|
@ -57,11 +58,14 @@ class ReadingsController < ActionController::API
|
|||
r.name = params[:controller_id]
|
||||
r.serial_number = params[:serial_number]
|
||||
r.save
|
||||
r.public_keys.find_or_create_by(content: params[:public_key])
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
def public_key
|
||||
@public_key ||= SSHData::PublicKey.parse_openssh(raspberry.public_keys.find_or_create_by(content: params[:public_key]).content)
|
||||
end
|
||||
|
||||
# Procesa la transacción
|
||||
def reading_params
|
||||
@reading_params ||= params.permit(:timestamp,
|
||||
|
|
|
@ -4,8 +4,9 @@ class Reading < ApplicationRecord
|
|||
belongs_to :raspberry
|
||||
has_many :arduinos
|
||||
|
||||
def verify_ssh_signature
|
||||
ssh_signature.verify raw_transaction
|
||||
# @param :public_key [SSHData::PublicKey]
|
||||
def verify(public_key)
|
||||
public_key == ssh_signature.public_key && ssh_signature.verify(raw_transaction)
|
||||
rescue SSHData::Error
|
||||
false
|
||||
end
|
||||
|
|
Loading…
Reference in a new issue