Merge pull request #18 from muzzammilshahid/cra-fixes

Fix CRA signature verification
xconnio · Jun 30, 2024 · cccda84 · cccda84
2 parents de554a4 + bb60a58
commit cccda84
Show file tree

Hide file tree

Showing 2 changed files with 33 additions and 5 deletions.
diff --git a/cmd/wampproto/main.go b/cmd/wampproto/main.go
@@ -447,20 +447,34 @@ func Run(args []string) (string, error) {
 	case c.signCRAChallenge.FullCommand():
 		craKey, err := wampprotocli.DecodeHexOrBase64(*c.craKey)
 		if err != nil {
-			return "", fmt.Errorf("invalid cra-key: %s", err.Error())
+			craKey = []byte(*c.craKey)
 		}
 
-		signedChallenge := auth.SignCRAChallenge(*c.craChallenge, craKey)
+		var craChallenge = *c.craChallenge
+		craChallengeBytes, err := wampprotocli.DecodeHexOrBase64(craChallenge)
+		if err == nil {
+			craChallenge = string(craChallengeBytes)
+		}
+
+		signedChallenge := auth.SignCRAChallengeBytes(craChallenge, craKey)
 
-		return wampprotocli.FormatOutputBytes(*c.output, []byte(signedChallenge))
+		return wampprotocli.FormatOutputBytes(*c.output, signedChallenge)
 
 	case c.verifyCRASignature.FullCommand():
 		craKey, err := wampprotocli.DecodeHexOrBase64(*c.verifyCRAKey)
 		if err != nil {
-			return "", fmt.Errorf("invalid cra-key: %s", err.Error())
+			craKey = []byte(*c.verifyCRAKey)
 		}
 
-		isVerified := auth.VerifyCRASignature(*c.verifyCRASign, *c.verifyCRAChallenge, craKey)
+		var craChallenge = *c.verifyCRAChallenge
+		craChallengeBytes, err := wampprotocli.DecodeHexOrBase64(craChallenge)
+		if err == nil {
+			craChallenge = string(craChallengeBytes)
+		}
+
+		craSignature := wampprotocli.EnsureBase64(*c.verifyCRASign)
+
+		isVerified := auth.VerifyCRASignature(craSignature, craChallenge, craKey)
 		if !isVerified {
 			return "", fmt.Errorf("signature verification failed")
 		}

diff --git a/helpers.go b/helpers.go
@@ -21,6 +21,20 @@ func HexToBase64(hexStr string) (string, error) {
 	return base64Str, nil
 }
 
+func EnsureBase64(str string) string {
+	base64Str, err := HexToBase64(str)
+	if err == nil {
+		return base64Str
+	}
+
+	_, err = base64.StdEncoding.DecodeString(str)
+	if err == nil {
+		return str
+	}
+
+	return base64.StdEncoding.EncodeToString([]byte(str))
+}
+
 func DecodeHexOrBase64(str string) ([]byte, error) {
 	bytes, err := hex.DecodeString(str)
 	if err == nil {