aboutsummaryrefslogtreecommitdiffstats
path: root/lacme-accountd
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2021-02-22 14:49:00 +0100
committerGuilhem Moulin <guilhem@fripost.org>2021-02-22 22:36:24 +0100
commit87fa9468a26c1902423839473049cd3325098c1a (patch)
tree4ef4e57651f467ff5b1f6815ec76384ac4de18ce /lacme-accountd
parent6f375631548a3562635af555bd453e4de40bf135 (diff)
lacme-account: Improve log messages.
Again…
Diffstat (limited to 'lacme-accountd')
-rwxr-xr-xlacme-accountd23
1 files changed, 12 insertions, 11 deletions
diff --git a/lacme-accountd b/lacme-accountd
index 5794ec1..68d0f39 100755
--- a/lacme-accountd
+++ b/lacme-accountd
@@ -83,7 +83,8 @@ sub error(@) {
}
sub panic(@) {
my @loc = caller;
- my @msg = (@_, " at line $loc[2] in $loc[1]");
+ my @msg = ("PANIC at line $loc[2] in $loc[1]");
+ push @msg, ": ", @_ if @_;
info(@msg);
exit 255;
}
@@ -234,29 +235,29 @@ sub conn($$$) {
$out->printflush( "$PROTOCOL_VERSION OK ", $EXTRA_GREETING_STR, "\r\n",
$JWK_STR, "\r\n" ) or warn "print: $!";
- # sign whatever comes in
while (defined (my $data = $in->getline())) {
$data =~ s/\r\n\z// or panic();
+ # validate JWS Signing Input from RFC 7515:
+ # ASCII(BASE64URL(UTF8(JWS Protected Header)) || '.' || BASE64URL(JWS Payload))
my ($header, $payload) = split(/\./, $data, 2);
if (defined $header and $header =~ /\A[A-Za-z0-9\-_]+\z/) {
$header = decode_base64url($header);
} else {
- info("[$id] >>> Error: Refusing to sign request: Malformed protected header");
+ info("[$id] NOSIGN [malformed JWS Protected Header]");
last;
}
if (defined $payload and $payload =~ /\A[A-Za-z0-9\-_]*\z/) {
- # empty payloads are valid, cf. POST-as-GET
+ # empty payloads are valid, and used for POST-as-GET (RFC 8555 sec. 6.3)
$payload = decode_base64url($payload);
} else {
- info("[$id] >>> Error: Refusing to sign request: Malformed payload");
+ info("[$id] NOSIGN [malformed JWS Payload]");
last;
}
- my $req = "header=base64url($header); playload=base64url($payload)";
- logmsg(noquiet => "[$id] >>> OK signing request: ", $req);
-
- my $sig = $SIGN->($data);
+ my $req = "header=base64url($header) playload=base64url($payload)";
+ my $sig = $SIGN->($data) // panic();
+ logmsg(noquiet => "[$id] SIGNED ", $req);
$out->printflush( encode_base64url($sig), "\r\n" ) or warn "print: $!";
}
}
@@ -270,9 +271,9 @@ if (defined $OPTS{stdio}) {
next if $! == EINTR; # try again if accept(2) was interrupted by a signal
panic("accept: $!");
};
- logmsg(noquiet => "[$count] >>> Accepted new connection");
+ logmsg(noquiet => "[$count] Accepted new connection");
conn($conn, $conn, $count);
- logmsg(noquiet => "[$count] >>> Connection terminated");
+ logmsg(noquiet => "[$count] Connection terminated");
$conn->close() or warn "close: $!";
}
}