forked from blasthavers/blastmud
39 lines
1.5 KiB
Rust
39 lines
1.5 KiB
Rust
use std::fs;
|
|
use std::error::Error;
|
|
use serde::Deserialize;
|
|
use ring::signature;
|
|
use base64;
|
|
use crate::DResult;
|
|
|
|
#[derive(Deserialize)]
|
|
struct AV {
|
|
copyright: String,
|
|
serial: u64,
|
|
cn: String,
|
|
assertion: String,
|
|
sig: String
|
|
}
|
|
|
|
static KEY_BYTES: [u8;65] = [
|
|
0x04, 0x4f, 0xa0, 0x8b, 0x32, 0xa7, 0x7f, 0xc1, 0x0a, 0xfc, 0x51, 0x95, 0x93, 0x57, 0x05,
|
|
0xb3, 0x0f, 0xad, 0x16, 0x05, 0x3c, 0x7c, 0xfc, 0x02, 0xd2, 0x7a, 0x63, 0xff, 0xd3, 0x09,
|
|
0xaa, 0x5b, 0x78, 0xfe, 0xa8, 0xc2, 0xc3, 0x02, 0xc2, 0xe6, 0xaf, 0x81, 0xc7, 0xa3, 0x03,
|
|
0xfa, 0x4d, 0xf1, 0xf9, 0xfc, 0x0a, 0x36, 0xef, 0x6b, 0x1e, 0x9d, 0xce, 0x6e, 0x60, 0xc6,
|
|
0xa8, 0xb3, 0x02, 0x35, 0x7e
|
|
];
|
|
|
|
pub fn check() -> DResult<()> {
|
|
let av: AV = serde_yaml::from_str(&fs::read_to_string("age-verification.yml")?).
|
|
map_err(|error| Box::new(error) as Box<dyn Error + Send + Sync>)?;
|
|
if av.copyright != "This file is protected by copyright and may not be used or reproduced except as authorised by the copyright holder. All rights reserved." ||
|
|
av.assertion != "age>=18" {
|
|
Err(Box::<dyn Error + Send + Sync>::from("Invalid age-verification.yml"))?;
|
|
}
|
|
|
|
let sign_text = format!("cn={};{};serial={}", av.cn, av.assertion, av.serial);
|
|
let key: signature::UnparsedPublicKey<&[u8]> =
|
|
signature::UnparsedPublicKey::new(&signature::ECDSA_P256_SHA256_ASN1, &KEY_BYTES);
|
|
key.verify(&sign_text.as_bytes(), &base64::decode(av.sig)?)
|
|
.map_err(|_| Box::<dyn Error + Send + Sync>::from("Invalid age-verification.yml signature"))
|
|
}
|