From 33573ed878b16bd1200659e2a2f401247aff43a4 Mon Sep 17 00:00:00 2001 From: Julio Capote Date: Fri, 6 Jan 2023 10:21:48 -0500 Subject: verify before sending --- registry/registry.go | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/registry/registry.go b/registry/registry.go index d2c0794..25ea338 100644 --- a/registry/registry.go +++ b/registry/registry.go @@ -290,10 +290,22 @@ func (r *Registry) deliverAcceptToInbox(url, actorUrl, actorKeyUrl *url.URL, fol digestBytes := sha256.Sum256([]byte(signedString)) + fmt.Println() + fmt.Println() + fmt.Println("'" + signedString + "'") + fmt.Println() + fmt.Println() + r.mu.Lock() signature, err := rsa.SignPKCS1v15(rand.Reader, privKey, crypto.SHA256, digestBytes[:]) if err != nil { - r.log.Error(err) + return err + } + + // verify our own signature to ensure sanity + err = rsa.VerifyPKCS1v15(&privKey.PublicKey, crypto.SHA256, digestBytes[:], signature) + if err != nil { + return err } r.mu.Unlock() -- cgit v1.2.3