From 3e4234ca5ad53361c8d7384930a8e182add744b9 Mon Sep 17 00:00:00 2001
From: Julio Capote <jcapote@gmail.com>
Date: Wed, 4 Jan 2023 09:51:20 -0500
Subject: ensure decoded pem object is an rsa pubkey

---
 registry/registry.go | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

(limited to 'registry/registry.go')

diff --git a/registry/registry.go b/registry/registry.go
index 3d8c3ee..83fe8e6 100644
--- a/registry/registry.go
+++ b/registry/registry.go
@@ -3,10 +3,12 @@ package registry
 import (
 	"bytes"
 	"context"
+	"crypto/rsa"
 	"crypto/x509"
 	"encoding/gob"
 	"encoding/json"
 	"encoding/pem"
+	"fmt"
 	"io"
 	"net/http"
 	"net/url"
@@ -208,13 +210,19 @@ func (r *Registry) Inbox(name string, req *http.Request) error {
 	pemStr := pemProp.Get()
 	logger.With("keyId", keyId).With("pem", pemStr).Debugf("extracted pem")
 	pemObj, _ := pem.Decode([]byte(pemStr))
-
+	if pemObj == nil {
+		return fmt.Errorf("no PEM block found")
+	}
 	decodedKey, err := x509.ParsePKIXPublicKey(pemObj.Bytes)
 	if err != nil {
 		return err
 	}
+	rsaPub, ok := decodedKey.(*rsa.PublicKey)
+	if !ok {
+		return fmt.Errorf("not an RSA public key")
+	}
 	algo := httpsig.RSA_SHA256
-	return verifier.Verify(decodedKey, algo)
+	return verifier.Verify(rsaPub, algo)
 }
 
 func (r *Registry) ActivityOrNote(activityOrNote, name, id string) (map[string]interface{}, error) {
-- 
cgit v1.2.3