aboutsummaryrefslogtreecommitdiff
path: root/reqres.go
diff options
context:
space:
mode:
Diffstat (limited to 'reqres.go')
-rw-r--r--reqres.go18
1 files changed, 17 insertions, 1 deletions
diff --git a/reqres.go b/reqres.go
index f35ddc3..7bbb9e7 100644
--- a/reqres.go
+++ b/reqres.go
@@ -4,6 +4,8 @@ import (
"fmt"
"strconv"
+ "crypto/ecdsa"
+ "crypto/rsa"
"encoding/base64"
"encoding/json"
"io/ioutil"
@@ -185,10 +187,24 @@ func VerifyAddEntryRequest(anchors ctfe.CertValidationOpts, r AddEntryRequest) (
if err != nil {
return nil, fmt.Errorf("failed decoding signature: %v", err)
}
- if err := c.CheckSignature(c.SignatureAlgorithm, leaf, signature); err != nil {
+
+ var algo x509.SignatureAlgorithm
+ switch t := c.PublicKey.(type) {
+ case *rsa.PublicKey:
+ algo = x509.SHA256WithRSA
+ case *ecdsa.PublicKey:
+ algo = x509.ECDSAWithSHA256
+ default:
+ return nil, fmt.Errorf("unsupported public key algorithm: %v", t)
+ }
+
+ if err := c.CheckSignature(algo, leaf, signature); err != nil {
return nil, fmt.Errorf("invalid signature: %v", err)
}
+ // TODO: update doc of what signature "is", i.e., w/e x509 does
+ // TODO: doc in markdown/api.md what signature schemes we expect
+ // TODO: return sig + chain
return leaf, nil
}