1 files changed, 17 insertions, 5 deletions

diff --git a/src/sign.erl b/src/sign.erl
index b0916fd..167987d 100644
--- a/src/sign.erl
+++ b/src/sign.erl
@@ -8,7 +8,7 @@
 
 %% API.
 -export([start_link/0, stop/0]).
--export([sign_sct/1, sign_sth/1, get_pubkey/0, get_logid/0]).
+-export([sign_sct/1, sign_sth/1, get_pubkey/0, get_logid/0, verify_sth/2]).
 -export([read_keyfile_ec/1]).
 %% API for tests.
 -export([read_keyfile_rsa/2]).
@@ -111,19 +111,22 @@ public_key(#'RSAPrivateKey'{modulus = Mod, publicExponent = Exp}) ->
 
 remote_sign_request(URL, Request) ->
     case plop_httputil:request("signing", URL, [{"Content-Type", "text/json"}], list_to_binary(mochijson2:encode(Request))) of
-        {failure, StatusLine, RespHeaders, Body}  ->
+        {failure, _StatusLine, _RespHeaders, _Body}  ->
             lager:debug("auth check failed"),
             none;
-        {success, StatusLine, RespHeaders, Body} ->
+        {success, {_HttpVersion, StatusCode, _ReasonPhrase}, _RespHeaders, Body} when StatusCode == 200 ->
             lager:debug("auth check succeeded"),
             case (catch mochijson2:decode(Body)) of
                 {error, E} ->
+                    lager:error("json parse error: ~p", [E]),
                     none;
                 {struct, PropList} ->
                     base64:decode(proplists:get_value(<<"result">>, PropList))
             end;
-        {noauth, StatusLine, RespHeaders, Body} ->
+        {noauth, _StatusLine, _RespHeaders, _Body} ->
             lager:debug("no auth"),
+            none;
+        _ ->
             none
     end.
 
@@ -163,6 +166,13 @@ get_logid() ->
     PubKeyfile = application:get_env(plop, log_public_key, none),
     read_keyfile_ec_logid(PubKeyfile).
 
+verify_sth(STH, Signature) ->
+    lager:debug("verifying ~p: ~p", [STH, Signature]),
+    PubKeyfile = application:get_env(plop, log_public_key, none),
+    PublicKey = read_keyfile_ec(PubKeyfile),
+    public_key:verify(STH, sha256, Signature, PublicKey).
+
+
 %%%%%%%%%%%%%%%%%%%%
 %% gen_server callbacks.
 
@@ -190,4 +200,6 @@ handle_call({get, pubkey}, _From, State) ->
 
 handle_call({sign, Data}, _From, State) ->
     %% FIXME: Merge RSA and DC.
-    {reply, signhash_ec(Data, State#state.privkey), State}.
+    Signature = signhash_ec(Data, State#state.privkey),
+    lager:debug("signing ~p: ~p", [Data, Signature]),
+    {reply, Signature, State}.