Added signature verification on client side.

1 files changed, 43 insertions, 0 deletions

diff --git a/http-client/client.go b/http-client/client.go
index a83659e..d448b8c 100644
--- a/http-client/client.go
+++ b/http-client/client.go
@@ -29,6 +29,8 @@ var storage struct {
 	binding  binding.ExternalStringList
 }
 
+var userKeys = make(map[string]string)
+
 type Request struct {
 	User string
 	Data string
@@ -106,6 +108,26 @@ func tryAuth(user UserData) (bool, error) {
 	}
 }
 
+func getUserKey(user UserData, checkedUser string) (string, error) {
+	var resp Response
+	httpResp, err := makeRequest(Request{
+		User: user.Username,
+		Data: checkedUser,
+	}, GetUserKey, user)
+	if err != nil {
+		return "", err
+	}
+
+	body, _ := io.ReadAll(httpResp.Body)
+	_ = json.Unmarshal(body, &resp)
+
+	if httpResp.StatusCode == http.StatusOK {
+		return resp.Message, nil
+	} else {
+		return "", errors.New(resp.Message)
+	}
+}
+
 func pingServer(user UserData) error {
 	_, err := http.Get(user.ServerUrl)
 	return err
@@ -157,6 +179,27 @@ func runClient(user UserData) {
 			storage.Lock()
 			for _, signedMessage := range signedMessages {
 				msg, _ := parseMessage(signedMessage)
+				userKey, ok := userKeys[msg.User]
+				if !ok {
+					key, err := getUserKey(user, msg.User)
+					if err != nil {
+						fmt.Printf("Error occurred when polling user (%s) key\n", msg.User)
+						continue
+					}
+					userKey = key
+					userKeys[msg.User] = key
+				}
+				passed, err := checkSignature(msg.Payload, msg.Signature, userKey)
+				if !passed {
+					fmt.Printf("Message didn't pass signature check. From %s: %s\n", msg.User, msg.Data)
+					continue
+				}
+				if err != nil {
+					fmt.Printf(
+						"Error occurred when checking signature of message. From %s: %s\n",
+						msg.User, msg.Data)
+				}
+
 				fmt.Printf("Polled new message from %s: %s\n", msg.User, msg.Data)
 				_ = storage.binding.Append(msg.toString())
 				storage.messages = append(storage.messages, msg)