micord/ervu-sign-module
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'feature/8821_add_generate_uuid' into develop

Browse source
This commit is contained in:
Наиля Алашкова 2025-01-21 11:32:35 +03:00
commit ddee027932
2 changed files with 28 additions and 27 deletions
Download patch file Download diff file Expand all files Collapse all files

2
README.md
View file

@ -7,7 +7,7 @@
### Подпись данных ### Подпись данных
Приложение принимает POST-запрос по протоколу FastCGI (Content-Type: text/plain). Приложение принимает POST-запрос по протоколу FastCGI (Content-Type: text/plain).
C помощью аппаратного ДСЧ генерирует state - набор случайных символов, генерируется по стандарту UUID. C помощью ДСЧ генерирует state - набор случайных символов, генерируется по стандарту UUID.
В строку, полученную в теле запроса, добавляет state. В строку, полученную в теле запроса, добавляет state.
В ответе возвращает подпись полученной строки в формате urlSafeBase64 (параметр "signature") и сгенерированный state (параметр "state") (Content-Type: application/json). В ответе возвращает подпись полученной строки в формате urlSafeBase64 (параметр "signature") и сгенерированный state (параметр "state") (Content-Type: application/json).

53
src/modules/service_sign.c
View file

@ -40,7 +40,7 @@ static void fcgi_sign_request_clear(fcgi_sign_request_t *req_info);
static fcgi_request_handler_pt fcgi_request_finalize_handler(fcgi_handler_status_t status); static fcgi_request_handler_pt fcgi_request_finalize_handler(fcgi_handler_status_t status);
static int sign_client_secret(const sign_service_t *hsign, fcgi_sign_request_t *req_info); static int sign_content_with_state(const sign_service_t *hsign, fcgi_sign_request_t *req_info);
int int
sign_conf_load(sign_conf_t *conf, const conf_file_context_t conf_file) sign_conf_load(sign_conf_t *conf, const conf_file_context_t conf_file)
@ -184,7 +184,7 @@ fcgi_sign_handler(FCGX_Request* request, void* ctx)
goto exit; goto exit;
} }
if (sign_client_secret(hsign, &req_info)) { if (sign_content_with_state(hsign, &req_info)) {
status = HANDLER_ERROR; status = HANDLER_ERROR;
goto exit; goto exit;
} }
@ -264,33 +264,34 @@ fcgi_request_finalize_handler(fcgi_handler_status_t status)
} }
static int static int
generate_client_secret(const fcgi_sign_request_t *req_info, const char *state, add_state_to_content(const fcgi_sign_request_t *req_info, const char *state,
/*out*/ str_t *secret) /*out*/ str_t *content_state)
{ {
LOG_TRACE("generate_client_secret enter"); LOG_TRACE("add_state_to_content enter");
size_t secret_size = req_info->content_length + strlen(state); size_t content_state_size = req_info->content_length + strlen(state);
secret->data = malloc(secret_size); content_state->data = malloc(content_state_size);
if (secret->data == NULL) { if (content_state->data == NULL) {
LOG_ERROR("Could not allocate memory for client_secret (%zd bytes)", secret_size); LOG_ERROR("Could not allocate memory for content with state (%zd bytes)",
content_state_size);
goto error; goto error;
} }
int len = snprintf(secret->data, secret_size, req_info->content, state); int len = snprintf(content_state->data, content_state_size, req_info->content, state);
if (len < 0 || (size_t)len >= secret_size) { if (len < 0 || (size_t)len >= content_state_size) {
LOG_ERROR("Could not concatenate client_secret"); LOG_ERROR("Could not concatenate content with state");
goto error; goto error;
} }
secret->len = len; content_state->len = len;
LOG_TRACE("generate_client_secret exit"); LOG_TRACE("add_state_to_content exit");
return 0; return 0;
error: error:
str_t_clear(secret); str_t_clear(content_state);
LOG_ERROR("generate_client_secret exit with error"); LOG_ERROR("add_state_to_content exit with error");
return -1; return -1;
} }
@ -342,24 +343,24 @@ error:
} }
static int static int
sign_client_secret(const sign_service_t *hsign, fcgi_sign_request_t *req_info) sign_content_with_state(const sign_service_t *hsign, fcgi_sign_request_t *req_info)
{ {
str_t secret = str_t_null; str_t content_state = str_t_null;
char *state = NULL; char *state = NULL;
str_t signature = str_t_null; str_t signature = str_t_null;
LOG_TRACE("sign_client_secret enter"); LOG_TRACE("sign_content_with_state enter");
state = generate_uuid4(); state = generate_uuid4();
if (state == NULL) { if (state == NULL) {
goto error; goto error;
} }
if (generate_client_secret(req_info, state, &secret)) { if (add_state_to_content(req_info, state, &content_state)) {
goto error; goto error;
} }
if (cryptopro_sign(&hsign->cryptopro_ctx, &secret, &signature)) { if (cryptopro_sign(&hsign->cryptopro_ctx, &content_state, &signature)) {
goto error; goto error;
} }
@ -372,20 +373,20 @@ sign_client_secret(const sign_service_t *hsign, fcgi_sign_request_t *req_info)
} }
LOG_DEBUG("state: '%s'", state); LOG_DEBUG("state: '%s'", state);
LOG_DEBUG("client secret: '%.*s'", (int) secret.len, secret.data); LOG_DEBUG("content with state: '%.*s'", (int) content_state.len, content_state.data);
LOG_DEBUG("response: '%s'", req_info->response); LOG_DEBUG("response: '%s'", req_info->response);
str_t_clear(&secret); str_t_clear(&content_state);
free(state); free(state);
str_t_clear(&signature); str_t_clear(&signature);
LOG_TRACE("sign_client_secret exit"); LOG_TRACE("sign_content_with_state exit");
return 0; return 0;
error: error:
str_t_clear(&secret); str_t_clear(&content_state);
free(state); free(state);
str_t_clear(&signature); str_t_clear(&signature);
LOG_ERROR("sign_client_secret exit with error"); LOG_ERROR("sign_content_with_state exit with error");
return -1; return -1;
} }