From f2d755d3d5dd84b5546a5c3a9566d5eab10223dc Mon Sep 17 00:00:00 2001
From: Seth Schoen <schoen@eff.org>
Date: Sat, 14 Jul 2012 17:35:22 -0700
Subject: [PATCH] check recipient string before hashcash to produce more useful
 error message

This is more work for the server but if we don't do it in this
order we always get a hashcash error instead of a recipient error
if the client is confused about what server it meant to query.
Giving the wrong error in this sense is OK from a protocol point
of view but quite frustrating for a human being on the client end
trying to figure out why the server is rejecting its apparently
perfectly valid hashcash...
---
 server-ca/chocolate.py | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/server-ca/chocolate.py b/server-ca/chocolate.py
index 09594a57b..44f1616fc 100755
--- a/server-ca/chocolate.py
+++ b/server-ca/chocolate.py
@@ -212,6 +212,17 @@ class session(object):
             # It is mandatory to make a signing request at the outset of a session.
             self.die(r, r.BadRequest, uri="https://ca.example.com/failures/missingrequest")
             return
+        timestamp = m.request.timestamp
+        recipient = m.request.recipient
+        csr = m.request.csr
+        sig = m.request.sig
+        # Check whether we are the intended recipient of the request.  Doing this
+        # before the hashcash check is more work for the server but gives a more
+        # helpful error message (because the hashcash will be wrong automatically
+        # if it's addressed to a different server!).
+        if recipient != chocolate_server_name:
+            self.die(r, r.BadRequest, uri="https://ca.example.com/failures/recipient")
+            return
         # Check hashcash before doing any crypto or database access.
         if not m.request.clientpuzzle or not self.check_hashcash(m.request.clientpuzzle):
             self.die(r, r.NeedClientPuzzle, uri="https://ca.example.com/failures/hashcash")
@@ -223,10 +234,6 @@ class session(object):
             self.die(r, r.BadRequest, uri="https://ca.example.com/failures/priorrequest")
             return
         # Process the request.
-        timestamp = m.request.timestamp
-        recipient = m.request.recipient
-        csr = m.request.csr
-        sig = m.request.sig
         if not all([safe("recipient", recipient), safe("csr", csr)]):
             self.die(r, r.BadRequest, uri="https://ca.example.com/failures/illegalcharacter")
             return
@@ -236,9 +243,6 @@ class session(object):
         if time.time() - timestamp > 100:
             self.die(r, r.BadRequest, uri="https://ca.example.com/failures/past")
             return
-        if recipient != chocolate_server_name:
-            self.die(r, r.BadRequest, uri="https://ca.example.com/failures/recipient")
-            return
         if not CSR.parse(csr):
             self.die(r, r.BadCSR)
             return