diff options
-rwxr-xr-x | lacme-accountd | 15 |
1 files changed, 9 insertions, 6 deletions
diff --git a/lacme-accountd b/lacme-accountd index 0f5deb2..5794ec1 100755 --- a/lacme-accountd +++ b/lacme-accountd @@ -239,19 +239,22 @@ sub conn($$$) { $data =~ s/\r\n\z// or panic(); my ($header, $payload) = split(/\./, $data, 2); - unless (defined $header and $header =~ /\A[A-Za-z0-9\-_]+\z/) { + if (defined $header and $header =~ /\A[A-Za-z0-9\-_]+\z/) { + $header = decode_base64url($header); + } else { info("[$id] >>> Error: Refusing to sign request: Malformed protected header"); last; } - unless (defined $payload and $payload =~ /\A[A-Za-z0-9\-_]*\z/) { - # POST-as-GET yields an empty payload + if (defined $payload and $payload =~ /\A[A-Za-z0-9\-_]*\z/) { + # empty payloads are valid, cf. POST-as-GET + $payload = decode_base64url($payload); + } else { info("[$id] >>> Error: Refusing to sign request: Malformed payload"); last; } - logmsg(noquiet => "[$id] >>> OK signing request: ", - "header=base64url(", decode_base64url($header), "); ", - "playload=base64url(", decode_base64url($payload), ")"); + my $req = "header=base64url($header); playload=base64url($payload)"; + logmsg(noquiet => "[$id] >>> OK signing request: ", $req); my $sig = $SIGN->($data); $out->printflush( encode_base64url($sig), "\r\n" ) or warn "print: $!"; |