2018-12-04 11:52:42 +00:00
|
|
|
#!/bin/bash
|
|
|
|
|
|
|
|
|
|
# Script to verify signatures, with both signature & data given in b64
|
|
|
|
|
# Args:
|
|
|
|
|
# 1. data (base64 encoded)
|
|
|
|
|
# 2. signature (base64 encoded)
|
|
|
|
|
# The arg values can be taken from the debug log for SignedConfigService when verbose logging is
|
|
|
|
|
# enabled.
|
|
|
|
|
|
2018-12-14 13:53:52 +00:00
|
|
|
function verify() {
|
|
|
|
|
D=${1}
|
|
|
|
|
S=${2}
|
|
|
|
|
K=${3}
|
|
|
|
|
echo Trying ${K}
|
|
|
|
|
openssl dgst -sha256 -verify $(dirname $0)/${K} -signature <(echo ${S} | base64 -d) <(echo ${D} | base64 -d)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
PROD_KEY_NAME=prod_public.pem
|
|
|
|
|
DEBUG_KEY_NAME=debug_public.pem
|
|
|
|
|
SIGNATURE="$2"
|
|
|
|
|
DATA="$1"
|
|
|
|
|
|
|
|
|
|
echo DATA: ${DATA}
|
|
|
|
|
echo SIGNATURE: ${SIGNATURE}
|
|
|
|
|
|
|
|
|
|
if verify "${DATA}" "${SIGNATURE}" "${PROD_KEY_NAME}"; then
|
|
|
|
|
echo Verified with ${PROD_KEY_NAME}
|
|
|
|
|
exit 0
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
if verify "${DATA}" "${SIGNATURE}" "${DEBUG_KEY_NAME}"; then
|
|
|
|
|
echo Verified with ${DEBUG_KEY_NAME}
|
|
|
|
|
exit 0
|
|
|
|
|
fi
|
|
|
|
|
exit 1
|
