verificar firmas

Gemfile

@@ -25,6 +25,8 @@ gem 'jbuilder', '~> 2.7'
 # Reduces boot times through caching; required in config/boot.rb
 gem 'bootsnap', '>= 1.4.4', require: false
 
+gem 'ssh_data'
+
 group :development, :test do
   # Call 'byebug' anywhere in the code to stop execution and get a debugger console
   gem 'byebug', platforms: [:mri, :mingw, :x64_mingw]

Gemfile.lock

@@ -214,6 +214,7 @@ GEM
       actionpack (>= 5.2)
       activesupport (>= 5.2)
       sprockets (>= 3.0.0)
+    ssh_data (1.3.0)
     thor (1.1.0)
     tilt (2.0.10)
     turbolinks (5.2.1)
@@ -266,6 +267,7 @@ DEPENDENCIES
   sass-rails (>= 6)
   selenium-webdriver
   spring
+  ssh_data
   turbolinks (~> 5)
   tzinfo-data
   web-console (>= 4.1.0)

app/controllers/readings_controller.rb

@@ -15,6 +15,8 @@ class ReadingsController < ActionController::API
       reading = raspberry.readings.build reading_params
       reading.id = params[:transaction_uuid]
       reading.signature = request.headers[:'X-Signature']
+      reading.transaction = request.raw_post
+      reading.verified = reading.verify
 
       params[:arduinos]&.each do |a|
         arduino = reading.arduinos.build local_id: a[:id], raspberry: raspberry

app/models/reading.rb

@@ -3,4 +3,20 @@
 class Reading < ApplicationRecord
   belongs_to :raspberry
   has_many :arduinos
+
+  def verify
+    ssh_signature.verify transaction
+  rescue SSHData::Error
+    false
+  end
+
+  private
+
+  def ssh_signature
+    @ssh_signature ||= SSHData::Signature.parse_pem <<~PEM
+      -----BEGIN SSH SIGNATURE-----
+      #{signature}
+      -----END SSH SIGNATURE-----
+    PEM
+  end
 end

db/migrate/20220312190759_add_verification_to_readings.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+# Agrega la verificación de firma en la lectura
+class AddVerificationToReadings < ActiveRecord::Migration[6.1]
+  def change
+    add_column :readings, :transaction, :text
+    add_column :readings, :verified, :boolean, default: false
+  end
+end