From 550f7878bf509cc825726e6d95506e62857d48c9 Mon Sep 17 00:00:00 2001
From: Rasmus Dahlberg <rasmus.dahlberg@kau.se>
Date: Mon, 26 Oct 2020 23:48:36 +0100
Subject: tested certificate chain code path further

Added more documentation and quick helper scripts for now.  We need to
specify which signature schemes we expect/support from submitters.
---
 reqres.go | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

(limited to 'reqres.go')

diff --git a/reqres.go b/reqres.go
index f35ddc3..7bbb9e7 100644
--- a/reqres.go
+++ b/reqres.go
@@ -4,6 +4,8 @@ import (
 	"fmt"
 	"strconv"
 
+	"crypto/ecdsa"
+	"crypto/rsa"
 	"encoding/base64"
 	"encoding/json"
 	"io/ioutil"
@@ -185,10 +187,24 @@ func VerifyAddEntryRequest(anchors ctfe.CertValidationOpts, r AddEntryRequest) (
 	if err != nil {
 		return nil, fmt.Errorf("failed decoding signature: %v", err)
 	}
-	if err := c.CheckSignature(c.SignatureAlgorithm, leaf, signature); err != nil {
+
+	var algo x509.SignatureAlgorithm
+	switch t := c.PublicKey.(type) {
+	case *rsa.PublicKey:
+		algo = x509.SHA256WithRSA
+	case *ecdsa.PublicKey:
+		algo = x509.ECDSAWithSHA256
+	default:
+		return nil, fmt.Errorf("unsupported public key algorithm: %v", t)
+	}
+
+	if err := c.CheckSignature(algo, leaf, signature); err != nil {
 		return nil, fmt.Errorf("invalid signature: %v", err)
 	}
 
+	// TODO: update doc of what signature "is", i.e., w/e x509 does
+	// TODO: doc in markdown/api.md what signature schemes we expect
+	// TODO: return sig + chain
 	return leaf, nil
 }
 
-- 
cgit v1.2.3