ensure decoded pem object is an rsa pubkey

author: Julio Capote <jcapote@gmail.com> 2023-01-04 14:51:20 +0000
committer: Julio Capote <jcapote@gmail.com> 2023-01-04 14:51:20 +0000
commit: 3e4234ca5ad53361c8d7384930a8e182add744b9 (patch)
tree: 12dd26ddedcc2cdc9c53236bcd38630f4540ad6c /registry
parent: e58e7f9e01bff7ef274dd77ed3bdb9e14b34709b (diff)
download: communique-3e4234ca5ad53361c8d7384930a8e182add744b9.tar.gz
1 files changed, 10 insertions, 2 deletions
diff --git a/registry/registry.go b/registry/registry.go
index 3d8c3ee..83fe8e6 100644
--- a/registry/registry.go
+++ b/registry/registry.go
@@ -3,10 +3,12 @@ package registry
 import (
 	"bytes"
 	"context"
+	"crypto/rsa"
 	"crypto/x509"
 	"encoding/gob"
 	"encoding/json"
 	"encoding/pem"
+	"fmt"
 	"io"
 	"net/http"
 	"net/url"
@@ -208,13 +210,19 @@ func (r *Registry) Inbox(name string, req *http.Request) error {
 	pemStr := pemProp.Get()
 	logger.With("keyId", keyId).With("pem", pemStr).Debugf("extracted pem")
 	pemObj, _ := pem.Decode([]byte(pemStr))
-
+	if pemObj == nil {
+		return fmt.Errorf("no PEM block found")
+	}
 	decodedKey, err := x509.ParsePKIXPublicKey(pemObj.Bytes)
 	if err != nil {
 		return err
 	}
+	rsaPub, ok := decodedKey.(*rsa.PublicKey)
+	if !ok {
+		return fmt.Errorf("not an RSA public key")
+	}
 	algo := httpsig.RSA_SHA256
-	return verifier.Verify(decodedKey, algo)
+	return verifier.Verify(rsaPub, algo)
 }
 
 func (r *Registry) ActivityOrNote(activityOrNote, name, id string) (map[string]interface{}, error) {
author	Julio Capote <jcapote@gmail.com>	2023-01-04 14:51:20 +0000
committer	Julio Capote <jcapote@gmail.com>	2023-01-04 14:51:20 +0000
commit	3e4234ca5ad53361c8d7384930a8e182add744b9 (patch)
tree	12dd26ddedcc2cdc9c53236bcd38630f4540ad6c /registry
parent	e58e7f9e01bff7ef274dd77ed3bdb9e14b34709b (diff)
download	communique-3e4234ca5ad53361c8d7384930a8e182add744b9.tar.gz