func (h *Handler) handleVerify(rw http.ResponseWriter, req *http.Request) {
req.ParseForm()
sjson := req.FormValue("sjson")
if sjson == "" {
http.Error(rw, "missing \"sjson\" parameter", http.StatusBadRequest)
return
}
m := make(map[string]interface{})
// TODO: use a different fetcher here that checks memory, disk,
// the internet, etc.
fetcher := h.pubKeyFetcher
vreq := jsonsign.NewVerificationRequest(sjson, fetcher)
if vreq.Verify() {
m["signatureValid"] = 1
m["signerKeyId"] = vreq.SignerKeyId
m["verifiedData"] = vreq.PayloadMap
} else {
errStr := vreq.Err.Error()
m["signatureValid"] = 0
m["errorMessage"] = errStr
}
rw.WriteHeader(http.StatusOK) // no HTTP response code fun, error info in JSON
httputil.ReturnJSON(rw, m)
}
func handleVerify(conn http.ResponseWriter, req *http.Request) {
if !(req.Method == "POST" && req.URL.Path == "/camli/sig/verify") {
httputil.BadRequestError(conn, "Inconfigured handler.")
return
}
req.ParseForm()
sjson := req.FormValue("sjson")
if sjson == "" {
httputil.BadRequestError(conn, "Missing sjson parameter.")
return
}
m := make(map[string]interface{})
vreq := jsonsign.NewVerificationRequest(sjson, pubKeyFetcher)
if vreq.Verify() {
m["signatureValid"] = 1
m["verifiedData"] = vreq.PayloadMap
} else {
m["signatureValid"] = 0
m["errorMessage"] = vreq.Err.Error()
}
conn.WriteHeader(http.StatusOK) // no HTTP response code fun, error info in JSON
httputil.ReturnJSON(conn, m)
}
func (h *Handler) handleVerify(rw http.ResponseWriter, req *http.Request) {
req.ParseForm()
sjson := req.FormValue("sjson")
if sjson == "" {
http.Error(rw, "missing \"sjson\" parameter", http.StatusBadRequest)
return
}
// TODO: use a different fetcher here that checks memory, disk,
// the internet, etc.
fetcher := h.pubKeyFetcher
var res camtypes.VerifyResponse
vreq := jsonsign.NewVerificationRequest(sjson, fetcher)
if vreq.Verify() {
res.SignatureValid = true
res.SignerKeyId = vreq.SignerKeyId
res.VerifiedData = vreq.PayloadMap
} else {
res.SignatureValid = false
res.ErrorMessage = vreq.Err.Error()
}
rw.WriteHeader(http.StatusOK) // no HTTP response code fun, error info in JSON
httputil.ReturnJSON(rw, &res)
}
func (ix *Index) populateClaim(fetcher *missTrackFetcher, b *schema.Blob, mm *mutationMap) error {
br := b.BlobRef()
claim, ok := b.AsClaim()
if !ok {
// Skip bogus claim with malformed permanode.
return nil
}
vr := jsonsign.NewVerificationRequest(b.JSON(), blob.NewSerialFetcher(ix.KeyFetcher, fetcher))
if !vr.Verify() {
// TODO(bradfitz): ask if the vr.Err.(jsonsign.Error).IsPermanent() and retry
// later if it's not permanent? or maybe do this up a level?
if vr.Err != nil {
return vr.Err
}
return errors.New("index: populateClaim verification failure")
}
verifiedKeyId := vr.SignerKeyId
mm.Set("signerkeyid:"+vr.CamliSigner.String(), verifiedKeyId)
if claim.ClaimType() == string(schema.DeleteClaim) {
if err := ix.populateDeleteClaim(claim, vr, mm); err != nil {
return err
}
mm.noteDelete(claim)
return nil
}
pnbr := claim.ModifiedPermanode()
if !pnbr.Valid() {
// A different type of claim; not modifying a permanode.
return nil
}
attr, value := claim.Attribute(), claim.Value()
recentKey := keyRecentPermanode.Key(verifiedKeyId, claim.ClaimDateString(), br)
mm.Set(recentKey, pnbr.String())
claimKey := keyPermanodeClaim.Key(pnbr, verifiedKeyId, claim.ClaimDateString(), br)
mm.Set(claimKey, keyPermanodeClaim.Val(claim.ClaimType(), attr, value, vr.CamliSigner))
if strings.HasPrefix(attr, "camliPath:") {
targetRef, ok := blob.Parse(value)
if ok {
// TODO: deal with set-attribute vs. del-attribute
// properly? I think we get it for free when
// del-attribute has no Value, but we need to deal
// with the case where they explicitly delete the
// current value.
suffix := attr[len("camliPath:"):]
active := "Y"
if claim.ClaimType() == "del-attribute" {
active = "N"
}
baseRef := pnbr
claimRef := br
key := keyPathBackward.Key(verifiedKeyId, targetRef, claimRef)
val := keyPathBackward.Val(claim.ClaimDateString(), baseRef, active, suffix)
mm.Set(key, val)
key = keyPathForward.Key(verifiedKeyId, baseRef, suffix, claim.ClaimDateString(), claimRef)
val = keyPathForward.Val(active, targetRef)
mm.Set(key, val)
}
}
if claim.ClaimType() != string(schema.DelAttributeClaim) && IsIndexedAttribute(attr) {
key := keySignerAttrValue.Key(verifiedKeyId, attr, value, claim.ClaimDateString(), br)
mm.Set(key, keySignerAttrValue.Val(pnbr))
}
if IsBlobReferenceAttribute(attr) {
targetRef, ok := blob.Parse(value)
if ok {
key := keyEdgeBackward.Key(targetRef, pnbr, br)
mm.Set(key, keyEdgeBackward.Val("permanode", ""))
}
}
return nil
}
func (ix *Index) populateClaim(br *blobref.BlobRef, ss *schema.Superset, sniffer *BlobSniffer, bm BatchMutation) error {
pnbr := blobref.Parse(ss.Permanode)
if pnbr == nil {
// Skip bogus claim with malformed permanode.
return nil
}
rawJson, err := sniffer.Body()
if err != nil {
return err
}
vr := jsonsign.NewVerificationRequest(string(rawJson), ix.KeyFetcher)
if !vr.Verify() {
// TODO(bradfitz): ask if the vr.Err.(jsonsign.Error).IsPermanent() and retry
// later if it's not permanent? or maybe do this up a level?
if vr.Err != nil {
return vr.Err
}
return errors.New("index: populateClaim verification failure")
}
verifiedKeyId := vr.SignerKeyId
bm.Set("signerkeyid:"+vr.CamliSigner.String(), verifiedKeyId)
recentKey := keyRecentPermanode.Key(verifiedKeyId, ss.ClaimDate, br)
bm.Set(recentKey, pnbr.String())
claimKey := pipes("claim", pnbr, verifiedKeyId, ss.ClaimDate, br)
bm.Set(claimKey, pipes(urle(ss.ClaimType), urle(ss.Attribute), urle(ss.Value)))
if strings.HasPrefix(ss.Attribute, "camliPath:") {
targetRef := blobref.Parse(ss.Value)
if targetRef != nil {
// TODO: deal with set-attribute vs. del-attribute
// properly? I think we get it for free when
// del-attribute has no Value, but we need to deal
// with the case where they explicitly delete the
// current value.
suffix := ss.Attribute[len("camliPath:"):]
active := "Y"
if ss.ClaimType == "del-attribute" {
active = "N"
}
baseRef := pnbr
claimRef := br
key := keyPathBackward.Key(verifiedKeyId, targetRef, claimRef)
val := keyPathBackward.Val(ss.ClaimDate, baseRef, active, suffix)
bm.Set(key, val)
key = keyPathForward.Key(verifiedKeyId, baseRef, suffix, ss.ClaimDate, claimRef)
val = keyPathForward.Val(active, targetRef)
bm.Set(key, val)
}
}
if search.IsIndexedAttribute(ss.Attribute) {
key := keySignerAttrValue.Key(verifiedKeyId, ss.Attribute, ss.Value, ss.ClaimDate, br)
bm.Set(key, keySignerAttrValue.Val(pnbr))
}
if search.IsBlobReferenceAttribute(ss.Attribute) {
targetRef := blobref.Parse(ss.Value)
if targetRef != nil {
key := keyEdgeBackward.Key(targetRef, pnbr, br)
bm.Set(key, keyEdgeBackward.Val("permanode", ""))
}
}
return nil
}