Properly handle validation of empty attachments

28b5d322 · Igor Markin · ca4a2cb7 · 28b5d322 · 28b5d322
Commit 28b5d322 authored 4 years ago by Igor Markin
--- a/dist/services/SigningService/SigningService.js
+++ b/dist/services/SigningService/SigningService.js
@@ -52,11 +52,14 @@ class SigningService {
            const pseudoPlainPartsMessageHash = yield this.preparePartsForSigning([
                pseudoPlainPart,
            ]);
-            const attachmentsPartsMessageHash = yield this.preparePartsForSigning(hashedAttachments.map((attachment) => attachment.content));
+            let attachmentsPartsSignature = "";
+            if (hashedAttachments.length) {
+                const attachmentsPartsMessageHash = yield this.preparePartsForSigning(hashedAttachments.map((attachment) => attachment.content));
+                attachmentsPartsSignature = yield this.helpers.signRSAExternal(attachmentsPartsMessageHash);
+            }
            const htmlPartsSignature = yield this.helpers.signRSAExternal(htmlPartsMessageHash);
            const plainPartsSignature = yield this.helpers.signRSAExternal(plainPartsMessageHash);
            const pseudoPlainPartsSignature = yield this.helpers.signRSAExternal(pseudoPlainPartsMessageHash);
-            const attachmentsPartsSignature = yield this.helpers.signRSAExternal(attachmentsPartsMessageHash);
            const rabinFingerprints = {
                htmlPartRabinFingerprint: rka_1.default.getRabinFingerprint(normalizedHTML),
                plainPartRabinFingerprint: rka_1.default.getRabinFingerprint(normalizedPlain),
@@ -106,11 +109,18 @@ class SigningService {
            const pseudoPlainPartsMessageHash = yield this.preparePartsForSigning([
                originalPseudoPlain,
            ]);
-            const attachmentsPartsMessageHash = yield this.preparePartsForSigning(hashedAttachments.map((attachment) => attachment.content));
+            let attachmentsPartsValid = true;
+            if (hashedAttachments.length) {
+                const attachmentsPartsMessageHash = yield this.preparePartsForSigning(hashedAttachments.map((attachment) => attachment.content));
+                attachmentsPartsValid = yield this.helpers.cryptoService.verifyRSASignature(publicKeyPEM, Buffer.from(attachmentsPartsMessageHash), Buffer.from(partsSignatures.attachmentsPartsSignature, "base64"));
+            }
+            else if (!hashedAttachments.length &&
+                partsSignatures.attachmentsPartsSignature) {
+                attachmentsPartsValid = false;
+            }
            const htmlPartsValid = yield this.helpers.cryptoService.verifyRSASignature(publicKeyPEM, Buffer.from(htmlPartsMessageHash), Buffer.from(partsSignatures.htmlPartsSignature, "base64"));
            const plainPartsValid = yield this.helpers.cryptoService.verifyRSASignature(publicKeyPEM, Buffer.from(plainPartsMessageHash), Buffer.from(partsSignatures.plainPartsSignature, "base64"));
            const pseudoPlainPartsValid = yield this.helpers.cryptoService.verifyRSASignature(publicKeyPEM, Buffer.from(pseudoPlainPartsMessageHash), Buffer.from(partsSignatures.pseudoPlainPartsSignature, "base64"));
-            const attachmentsPartsValid = yield this.helpers.cryptoService.verifyRSASignature(publicKeyPEM, Buffer.from(attachmentsPartsMessageHash), Buffer.from(partsSignatures.attachmentsPartsSignature, "base64"));
            const severityStateIndex = severityLevels_1.findSeverityStateIndex(htmlPartsValid, plainPartsValid, pseudoPlainPartsValid, attachmentsPartsValid);
            return {
                htmlPartsSignatureValid: htmlPartsValid,

--- a/src/services/SigningService/SigningService.ts
+++ b/src/services/SigningService/SigningService.ts
@@ -69,9 +69,17 @@ class SigningService {
    const pseudoPlainPartsMessageHash = await this.preparePartsForSigning([
      pseudoPlainPart,
    ]);
-    const attachmentsPartsMessageHash = await this.preparePartsForSigning(
-      hashedAttachments.map((attachment) => attachment.content)
-    );
+
+    let attachmentsPartsSignature = "";
+    if (hashedAttachments.length) {
+      const attachmentsPartsMessageHash = await this.preparePartsForSigning(
+        hashedAttachments.map((attachment) => attachment.content)
+      );
+
+      attachmentsPartsSignature = await this.helpers.signRSAExternal(
+        attachmentsPartsMessageHash
+      );
+    }

    const htmlPartsSignature = await this.helpers.signRSAExternal(
      htmlPartsMessageHash
@@ -82,9 +90,6 @@ class SigningService {
    const pseudoPlainPartsSignature = await this.helpers.signRSAExternal(
      pseudoPlainPartsMessageHash
    );
-    const attachmentsPartsSignature = await this.helpers.signRSAExternal(
-      attachmentsPartsMessageHash
-    );

    const rabinFingerprints: PartsRabinFingerprints = {
      htmlPartRabinFingerprint: RKAUtility.getRabinFingerprint(normalizedHTML),
@@ -163,9 +168,24 @@ class SigningService {
    const pseudoPlainPartsMessageHash = await this.preparePartsForSigning([
      originalPseudoPlain,
    ]);
-    const attachmentsPartsMessageHash = await this.preparePartsForSigning(
-      hashedAttachments.map((attachment) => attachment.content)
-    );
+
+    let attachmentsPartsValid = true;
+    if (hashedAttachments.length) {
+      const attachmentsPartsMessageHash = await this.preparePartsForSigning(
+        hashedAttachments.map((attachment) => attachment.content)
+      );
+
+      attachmentsPartsValid = await this.helpers.cryptoService.verifyRSASignature(
+        publicKeyPEM,
+        Buffer.from(attachmentsPartsMessageHash),
+        Buffer.from(partsSignatures.attachmentsPartsSignature, "base64")
+      );
+    } else if (
+      !hashedAttachments.length &&
+      partsSignatures.attachmentsPartsSignature
+    ) {
+      attachmentsPartsValid = false;
+    }

    const htmlPartsValid = await this.helpers.cryptoService.verifyRSASignature(
      publicKeyPEM,
@@ -185,12 +205,6 @@ class SigningService {
      Buffer.from(partsSignatures.pseudoPlainPartsSignature, "base64")
    );

-    const attachmentsPartsValid = await this.helpers.cryptoService.verifyRSASignature(
-      publicKeyPEM,
-      Buffer.from(attachmentsPartsMessageHash),
-      Buffer.from(partsSignatures.attachmentsPartsSignature, "base64")
-    );
-
    const severityStateIndex = findSeverityStateIndex(
      htmlPartsValid,
      plainPartsValid,