When verifying HTTP sig, make Ed25519 verification failure message clearer

2024-12-29 00:34:54 +09:00 · 2019-03-06 01:31:30 +00:00 · 2019-03-06 01:31:30 +00:00 · 043022d117
commit 043022d117
parent c26289cf42
1 changed files with 4 additions and 3 deletions
--- a/src/Vervis/Foundation.hs
+++ b/src/Vervis/Foundation.hs
@ -879,7 +879,8 @@ instance YesodHttpSig App where
                        )
                Nothing -> fetched2vkd luKey <$> fetchUnknownKey manager sigAlgo host mluActorHeader luKey
        let verify' k = verify k input signature
-            errSig = throwE "Ed25519 sig verification says not valid"
+            errSig1 = throwE "Fetched fresh key; Ed25519 sig verification says not valid"
+            errSig2 = throwE "Used key from DB; Ed25519 sig verification says not valid; fetched fresh key; still not valid"
            errTime = throwE "Key expired"
        now <- liftIO getCurrentTime
        let stillValid Nothing        = True
@ -892,7 +893,7 @@ instance YesodHttpSig App where
            else case inboxOrVkid of
                Left _uinb ->
                    if stillValid $ vkdExpires vkd
-                        then errSig
+                        then errSig1
                        else errTime
                Right (iid, vkid) -> do
                    let ua = vkdActorId vkd
@ -909,7 +910,7 @@ instance YesodHttpSig App where
                                { vkdKey     = newKey
                                , vkdExpires = newExp
                                }
-                        else errSig
+                        else errSig2

        return $ l2f host $ vkdActorId vkd
        where