fix constant panics when keystore is weird (pt3)

2023-08-03 11:43:09 -04:00 · 2023-08-03 11:43:09 -04:00 · 909ab973aa
parent b60c7a5bb0
commit 909ab973aa
1 changed files with 9 additions and 5 deletions
--- a/trifid-api/src/routes/v1/dnclient.rs
+++ b/trifid-api/src/routes/v1/dnclient.rs
@ -74,7 +74,7 @@ pub async fn dnclient(
    let client_keys_2 = host_in_ks
        .client_keys
        .iter()
-        .find(|u| u.id == host_in_ks.current_client_key);;
+        .find(|u| u.id == host_in_ks.current_client_key);

    let signature = match Signature::from_slice(&req.signature) {
        Ok(sig) => sig,
@ -91,21 +91,25 @@ pub async fn dnclient(
    };

    let mut valid = false;
-    let mut valid_key;
+    let mut valid_key = None;

    if let Some(client_keys) = client_keys {
        if client_keys.ed_pub.verify(req.message.as_bytes(), &signature).is_ok() {
            valid = true;
-            valid_key = client_keys;
+            valid_key = Some(client_keys);
        }
    }
    if let Some(client_keys_2) = client_keys_2 {
        if client_keys_2.ed_pub.verify(req.message.as_bytes(), &signature).is_ok() {
            valid = true;
-            valid_key = client_keys_2;
+            valid_key = Some(client_keys_2);
        }
    }

+    if client_keys.is_none() && client_keys_2.is_none() {
+        panic!("No valid keys for host {}", host);
+    }
+
    if !valid {
        // Be intentionally vague as the message is invalid.
        warn!("! invalid signature from {}", host);
@ -117,7 +121,7 @@ pub async fn dnclient(
        }]);
    }

-    let client_keys = valid_key;
+    let client_keys = valid_key.unwrap();

    // Sig OK
    // Decode the message from base64