Class: Linzer::Verifier

Inherits:

Object

• Object
• Linzer::Verifier

Defined in:

lib/linzer/verifier.rb

Instance Attribute Summary

• #pubkeys ⇒ Object readonly

  Returns the value of attribute pubkeys.

Instance Method Summary

• #initialize(pubkeys = nil) ⇒ Verifier constructor

  A new instance of Verifier.

• #verify(message) ⇒ Object

  XXX: probably all this validation can be moved to the Message class.

Constructor Details

#initialize(pubkeys = nil) ⇒ Verifier

Returns a new instance of Verifier.

# File 'lib/linzer/verifier.rb', line 5

def initialize(pubkeys = nil)
  @pubkeys = Hash(pubkeys)
end

Instance Attribute Details

#pubkeys ⇒ Object (readonly)

Returns the value of attribute pubkeys.

# File 'lib/linzer/verifier.rb', line 9

def pubkeys
  @pubkeys
end

Instance Method Details

#verify(message) ⇒ Object

XXX: probably all this validation can be moved to the Message class

# File 'lib/linzer/verifier.rb', line 12

def verify(message)
  validate message

  signature_input = parse_field(message, "signature-input")
  signature = parse_field(message, "signature")

  # XXX: this is a self-imposed limitation, fix later
  reject_multiple(signature)

  choosen_signature = signature.keys[0]
  if !signature_input.key?(choosen_signature)
    raise Error.new "Signature \"#{choosen_signature}\" is not found."
  end

  covered_components = signature_input[choosen_signature].to_a
  signature_parameters = signature_input[choosen_signature].parameters

  signature_value = signature[choosen_signature].value
  # XXX to-do: have a mechanism to inspect components and parameters

  check_key_presence signature_parameters
  check_components message, covered_components

  signature_base = build_signature_base(message, signature_input)

  # XXX to-do: get rid of this hard-coded SHA512 values, support more algs
  key = pubkeys[signature_parameters["keyid"]]
  if !key.verify_pss("SHA512", signature_value, signature_base, salt_length: :auto, mgf1_hash: "SHA512")
    raise Error.new "Failed to verify message: Invalid signature."
  end

  true
end