From 7b0a17dd5440fd854e4da8dfc15d23ea78175c59 Mon Sep 17 00:00:00 2001
From: shimun <shimun@shimun.net>
Date: Wed, 7 Dec 2022 18:24:30 +0100
Subject: [PATCH] added: run signature verification in worker

---
 src/api.rs | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/src/api.rs b/src/api.rs
index f0242db..7269dec 100644
--- a/src/api.rs
+++ b/src/api.rs
@@ -267,8 +267,17 @@ async fn put_cert_update(
     }): State<ApiState>,
     CertificateBody(cert): CertificateBody,
 ) -> ApiResult<String> {
-    cert.validate(&[ca.fingerprint(Default::default())])
-        .map_err(|_| ApiError::CertificateInvalid)?;
+    let cert = {
+        let ca = ca.clone();
+        tokio::task::spawn_blocking(move || -> ApiResult<Certificate> {
+            let cert = cert;
+            cert.validate(&[ca.fingerprint(Default::default())])
+                .map_err(|_| ApiError::CertificateInvalid)?;
+            Ok(cert)
+        })
+        .await
+        .context("signature verification")??
+    };
     let prev = load_cert_by_id(&cert_dir, &ca, cert.key_id()).await?;
     let mut prev_serial = 0;
     let serial = cert.serial();