summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorjwijenbergh <jeroenwijenbergh@protonmail.com>2022-06-21 10:08:48 +0200
committerjwijenbergh <jeroenwijenbergh@protonmail.com>2022-06-21 10:08:48 +0200
commit717a7cf2b9e04bb08e5b9f68fc5b7fa0e1d99e48 (patch)
tree35256231336d15def57550239ef88b4fd29d8fe6
parent2252135fadb8c579ad27345e3203be755130e3cd (diff)
Verify: Remove unneeded code paths
- We should never panic now because there is no way to set an extra key for testing - This was not used anyways in the Go code, and we should never expose an insecure function to wrappers
Diffstat
-rw-r--r--internal/verify/verify.go29
1 files changed, 1 insertions, 28 deletions
diff --git a/internal/verify/verify.go b/internal/verify/verify.go
index b159297..c335e39 100644
--- a/internal/verify/verify.go
+++ b/internal/verify/verify.go
@@ -1,9 +1,7 @@
package verify
import (
- "errors"
"fmt"
- "os"
"github.com/jedisct1/go-minisign"
"github.com/jwijenbergh/eduvpn-common/internal/types"
@@ -29,39 +27,14 @@ func getKeys() []string {
//
// Verify is a wrapper around verifyWithKeys where allowedPublicKeys is set to the list from https://git.sr.ht/~eduvpn/disco.eduvpn.org#public-keys.
func Verify(signatureFileContent string, signedJson []byte, expectedFileName string, minSignTime uint64, forcePrehash bool) (bool, error) {
- errorMessage := "failed signature verify"
keyStrs := getKeys()
- if extraKey != "" {
- keyStrs = append(keyStrs, extraKey)
- _, err := fmt.Fprintf(os.Stderr, "INSECURE TEST MODE ENABLED WITH KEY %q\n", extraKey)
- err = &types.WrappedErrorMessage{Message: errorMessage, Err: err}
- if err != nil {
- panic(err)
- }
- }
valid, err := verifyWithKeys(signatureFileContent, signedJson, expectedFileName, minSignTime, keyStrs, forcePrehash)
if err != nil {
- err = &types.WrappedErrorMessage{Message: errorMessage, Err: err}
- var verifyCreatePublickeyError *VerifyCreatePublicKeyError
- if errors.As(err, &verifyCreatePublickeyError) {
- panic(err) // This should not happen unless keyStrs has an invalid key
- }
- return valid, err
+ return valid, &types.WrappedErrorMessage{Message: "failed signature verify", Err: err}
}
return valid, nil
}
-// extraKey is an extra allowed key for testing.
-var extraKey = ""
-
-// InsecureTestingSetExtraKey adds an extra allowed key for verification with Verify.
-// ONLY USE FOR TESTING. Applies to all threads. Probably not thread-safe. Do not call in parallel to Verify.
-//
-// keyString must be a Base64-encoded Minisign key, or empty to reset.
-func InsecureTestingSetExtraKey(keyString string) {
- extraKey = keyString
-}
-
// verifyWithKeys verifies the Minisign signature in signatureFileContent (minisig file format) over the server_list/organization_list JSON in signedJson.
//
// Verification is performed using a matching key in allowedPublicKeys.