From ae520e9076f65d4219ee8002be64fe3aa8d1f812 Mon Sep 17 00:00:00 2001
From: f <f@sutty.nl>
Date: Sat, 12 Mar 2022 19:10:33 -0300
Subject: [PATCH] verificar firmas

---
 Gemfile                                          |  2 ++
 Gemfile.lock                                     |  2 ++
 app/controllers/readings_controller.rb           |  2 ++
 app/models/reading.rb                            | 16 ++++++++++++++++
 ...0220312190759_add_verification_to_readings.rb |  9 +++++++++
 5 files changed, 31 insertions(+)
 create mode 100644 db/migrate/20220312190759_add_verification_to_readings.rb

diff --git a/Gemfile b/Gemfile
index 7c63430..d69691a 100644
--- a/Gemfile
+++ b/Gemfile
@@ -25,6 +25,8 @@ gem 'jbuilder', '~> 2.7'
 # Reduces boot times through caching; required in config/boot.rb
 gem 'bootsnap', '>= 1.4.4', require: false
 
+gem 'ssh_data'
+
 group :development, :test do
   # Call 'byebug' anywhere in the code to stop execution and get a debugger console
   gem 'byebug', platforms: [:mri, :mingw, :x64_mingw]
diff --git a/Gemfile.lock b/Gemfile.lock
index ff99d78..8a465c9 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -214,6 +214,7 @@ GEM
       actionpack (>= 5.2)
       activesupport (>= 5.2)
       sprockets (>= 3.0.0)
+    ssh_data (1.3.0)
     thor (1.1.0)
     tilt (2.0.10)
     turbolinks (5.2.1)
@@ -266,6 +267,7 @@ DEPENDENCIES
   sass-rails (>= 6)
   selenium-webdriver
   spring
+  ssh_data
   turbolinks (~> 5)
   tzinfo-data
   web-console (>= 4.1.0)
diff --git a/app/controllers/readings_controller.rb b/app/controllers/readings_controller.rb
index a9aa8be..4290022 100644
--- a/app/controllers/readings_controller.rb
+++ b/app/controllers/readings_controller.rb
@@ -15,6 +15,8 @@ class ReadingsController < ActionController::API
       reading = raspberry.readings.build reading_params
       reading.id = params[:transaction_uuid]
       reading.signature = request.headers[:'X-Signature']
+      reading.transaction = request.raw_post
+      reading.verified = reading.verify
 
       params[:arduinos]&.each do |a|
         arduino = reading.arduinos.build local_id: a[:id], raspberry: raspberry
diff --git a/app/models/reading.rb b/app/models/reading.rb
index 7611809..342d1a4 100644
--- a/app/models/reading.rb
+++ b/app/models/reading.rb
@@ -3,4 +3,20 @@
 class Reading < ApplicationRecord
   belongs_to :raspberry
   has_many :arduinos
+
+  def verify
+    ssh_signature.verify transaction
+  rescue SSHData::Error
+    false
+  end
+
+  private
+
+  def ssh_signature
+    @ssh_signature ||= SSHData::Signature.parse_pem <<~PEM
+      -----BEGIN SSH SIGNATURE-----
+      #{signature}
+      -----END SSH SIGNATURE-----
+    PEM
+  end
 end
diff --git a/db/migrate/20220312190759_add_verification_to_readings.rb b/db/migrate/20220312190759_add_verification_to_readings.rb
new file mode 100644
index 0000000..abaa3e4
--- /dev/null
+++ b/db/migrate/20220312190759_add_verification_to_readings.rb
@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+# Agrega la verificación de firma en la lectura
+class AddVerificationToReadings < ActiveRecord::Migration[6.1]
+  def change
+    add_column :readings, :transaction, :text
+    add_column :readings, :verified, :boolean, default: false
+  end
+end