code.H3RALD.com — litestore: 38bf1d8df400e660c4b57b1ce148c4803bf965df

Improved error management.

h3rald h3rald@h3rald.com

Sat, 30 Dec 2023 16:24:30 +0100

commit

38bf1d8df400e660c4b57b1ce148c4803bf965df

parent

65ecc1e47907dd769939f450f894e88367644e7d

1 files changed, 33 insertions(+), 29 deletions(-)

jump to

src/litestorepkg/lib/jwt.nim

M src/litestorepkg/lib/jwt.nim → src/litestorepkg/lib/jwt.nim

@@ -89,44 +89,48 @@ proc verifySignature*(jwt: JWT; x5c: string) =
     let sig = jwt.signature
     let payload = jwt.payload
     let cert = x5c.decode
+    var pkeyctx: EVP_PKEY_CTX
+    var mdctx: EVP_MD_CTX
     let alg = EVP_sha256();
     var x509: PX509
     var pubkey = EVP_PKEY_new()
+    try:
+        ### Validate Signature (Only RS256 supported)
+        x509 = d2i_X509(cert)
+        if x509.isNil:
+            raiseX509Error("Invalid X509 certificate")
 
-    ### Validate Signature (Only RS256 supported)
-    x509 = d2i_X509(cert)
-    if x509.isNil:
-        raiseX509Error("Invalid X509 certificate")
+        pubkey = X509_get_pubkey(x509)
+        if pubkey.isNil:
+            raiseX509Error("An error occurred while retrieving the public key")
 
-    pubkey = X509_get_pubkey(x509)
-    if pubkey.isNil:
-        raiseX509Error("An error occurred while retrieving the public key")
+        mdctx = EVP_MD_CTX_create()
+        if mdctx.isNil:
+            raiseX509Error("Unable to initialize MD CTX")
 
-    var mdctx = EVP_MD_CTX_create()
-    if mdctx.isNil:
-        raiseX509Error("Unable to initialize MD CTX")
-
-    var pkeyctx = EVP_PKEY_CTX_new(pubkey, nil)
-    if pkeyctx.isNil:
-        raiseX509Error("Unable to initialize PKEY CTX")
-
-    if EVP_DigestVerifyInit(mdctx, addr pkeyctx, alg, nil, pubkey) != 1:
-        raiseJwtError("Unable to initialize digest verification")
+        pkeyctx = EVP_PKEY_CTX_new(pubkey, nil)
+        if pkeyctx.isNil:
+            raiseX509Error("Unable to initialize PKEY CTX")
 
-    if EVP_DigestVerifyUpdate(mdctx, addr payload[0], payload.len.cuint) != 1:
-        raiseJwtError("Unable to update digest verification")
+        if EVP_DigestVerifyInit(mdctx, addr pkeyctx, alg, nil, pubkey) != 1:
+            raiseJwtError("Unable to initialize digest verification")
 
-    if EVP_DigestVerifyFinal(mdctx, addr sig[0], sig.len.cuint) != 1:
-        raiseJwtError("Verification failed")
+        if EVP_DigestVerifyUpdate(mdctx, addr payload[0], payload.len.cuint) != 1:
+            raiseJwtError("Unable to update digest verification")
 
-    if not mdctx.isNil:
-        EVP_MD_CTX_destroy(mdctx)
-    if not pkeyctx.isNil:
-        EVP_PKEY_CTX_free(pkeyctx)
-    if not pubkey.isNil:
-        EVP_PKEY_free(pubkey)
-    if not x509.isNil:
-        X509_free(x509)
+        if EVP_DigestVerifyFinal(mdctx, addr sig[0], sig.len.cuint) != 1:
+            raiseJwtError("Verification failed")
+    except CatchableError:
+        let err = getCurrentException()
+        if not mdctx.isNil:
+            EVP_MD_CTX_destroy(mdctx)
+        if not pkeyctx.isNil:
+            EVP_PKEY_CTX_free(pkeyctx)
+        if not pubkey.isNil:
+            EVP_PKEY_free(pubkey)
+        if not x509.isNil:
+            X509_free(x509)
+        raise err
 
 
 when isMainModule:

all repos — litestore @ 38bf1d8df400e660c4b57b1ce148c4803bf965df

A minimalist nosql document store.