diff options
| author | jwijenbergh <jeroenwijenbergh@protonmail.com> | 2022-08-23 14:08:58 +0200 |
|---|---|---|
| committer | jwijenbergh <jeroenwijenbergh@protonmail.com> | 2022-08-23 14:08:58 +0200 |
| commit | 5839eedd22e28a281f3faa90433f0452ca31b385 (patch) | |
| tree | 71e4ed1fd7a5bcf1da1813891197aeaaed359be2 /internal | |
| parent | d41af72a9673728cfe9390e31cb4e67da31fc355 (diff) | |
Formatting: Run golines
Diffstat (limited to 'internal')
| -rw-r--r-- | internal/discovery/discovery.go | 59 | ||||
| -rw-r--r-- | internal/fsm/fsm.go | 137 | ||||
| -rw-r--r-- | internal/http/http.go | 33 | ||||
| -rw-r--r-- | internal/log/log.go | 6 | ||||
| -rw-r--r-- | internal/oauth/oauth.go | 67 | ||||
| -rw-r--r-- | internal/server/api.go | 40 | ||||
| -rw-r--r-- | internal/server/common.go | 103 | ||||
| -rw-r--r-- | internal/server/instituteaccess.go | 8 | ||||
| -rw-r--r-- | internal/server/secureinternet.go | 21 | ||||
| -rw-r--r-- | internal/types/error.go | 4 | ||||
| -rw-r--r-- | internal/util/util.go | 10 | ||||
| -rw-r--r-- | internal/verify/verify.go | 60 | ||||
| -rw-r--r-- | internal/verify/verify_test.go | 331 | ||||
| -rw-r--r-- | internal/wireguard/wireguard.go | 5 |
14 files changed, 752 insertions, 132 deletions
diff --git a/internal/discovery/discovery.go b/internal/discovery/discovery.go index 79e7230..415c71a 100644 --- a/internal/discovery/discovery.go +++ b/internal/discovery/discovery.go @@ -40,7 +40,13 @@ func getDiscoFile(jsonFile string, previousVersion uint64, structure interface{} // Verify signature // Set this to true when we want to force prehash forcePrehash := false - verifySuccess, verifyErr := verify.Verify(string(sigBody), fileBody, jsonFile, previousVersion, forcePrehash) + verifySuccess, verifyErr := verify.Verify( + string(sigBody), + fileBody, + jsonFile, + previousVersion, + forcePrehash, + ) if !verifySuccess || verifyErr != nil { return "", &types.WrappedErrorMessage{Message: errorMessage, Err: verifyErr} @@ -75,22 +81,34 @@ func (discovery *Discovery) GetSecureLocationList() []string { return locations } -func (discovery *Discovery) GetServerByURL(url string, _type string) (*types.DiscoveryServer, error) { +func (discovery *Discovery) GetServerByURL( + url string, + _type string, +) (*types.DiscoveryServer, error) { for _, server := range discovery.Servers.List { if server.BaseURL == url && server.Type == _type { return &server, nil } } - return nil, &types.WrappedErrorMessage{Message: "failed getting server by URL from discovery", Err: &GetServerByURLNotFoundError{URL: url, Type: _type}} + return nil, &types.WrappedErrorMessage{ + Message: "failed getting server by URL from discovery", + Err: &GetServerByURLNotFoundError{URL: url, Type: _type}, + } } -func (discovery *Discovery) GetServerByCountryCode(code string, _type string) (*types.DiscoveryServer, error) { +func (discovery *Discovery) GetServerByCountryCode( + code string, + _type string, +) (*types.DiscoveryServer, error) { for _, server := range discovery.Servers.List { if server.CountryCode == code && server.Type == _type { return &server, nil } } - return nil, &types.WrappedErrorMessage{Message: "failed getting server by country code from discovery", Err: &GetServerByCountryCodeNotFoundError{CountryCode: code, Type: _type}} + return nil, &types.WrappedErrorMessage{ + Message: "failed getting server by country code from discovery", + Err: &GetServerByCountryCodeNotFoundError{CountryCode: code, Type: _type}, + } } func (discovery *Discovery) getOrgByID(orgID string) (*types.DiscoveryOrganization, error) { @@ -99,10 +117,15 @@ func (discovery *Discovery) getOrgByID(orgID string) (*types.DiscoveryOrganizati return &organization, nil } } - return nil, &types.WrappedErrorMessage{Message: "failed getting Secure Internet Home URL from discovery", Err: &GetOrgByIDNotFoundError{ID: orgID}} + return nil, &types.WrappedErrorMessage{ + Message: "failed getting Secure Internet Home URL from discovery", + Err: &GetOrgByIDNotFoundError{ID: orgID}, + } } -func (discovery *Discovery) GetSecureHomeArgs(orgID string) (*types.DiscoveryOrganization, *types.DiscoveryServer, error) { +func (discovery *Discovery) GetSecureHomeArgs( + orgID string, +) (*types.DiscoveryOrganization, *types.DiscoveryServer, error) { errorMessage := "failed getting Secure Internet Home arguments from discovery" org, orgErr := discovery.getOrgByID(orgID) @@ -147,7 +170,10 @@ func (discovery *Discovery) GetOrganizationsList() (string, error) { body, bodyErr := getDiscoFile(file, discovery.Organizations.Version, &discovery.Organizations) if bodyErr != nil { // Return previous with an error - return discovery.Organizations.RawString, &types.WrappedErrorMessage{Message: "failed getting organizations in Discovery", Err: bodyErr} + return discovery.Organizations.RawString, &types.WrappedErrorMessage{ + Message: "failed getting organizations in Discovery", + Err: bodyErr, + } } discovery.Organizations.RawString = body discovery.Organizations.Timestamp = util.GetCurrentTime() @@ -163,7 +189,10 @@ func (discovery *Discovery) GetServersList() (string, error) { body, bodyErr := getDiscoFile(file, discovery.Servers.Version, &discovery.Servers) if bodyErr != nil { // Return previous with an error - return discovery.Servers.RawString, &types.WrappedErrorMessage{Message: "failed getting servers in Discovery", Err: bodyErr} + return discovery.Servers.RawString, &types.WrappedErrorMessage{ + Message: "failed getting servers in Discovery", + Err: bodyErr, + } } // Update servers timestamp discovery.Servers.RawString = body @@ -185,7 +214,11 @@ type GetServerByURLNotFoundError struct { } func (e GetServerByURLNotFoundError) Error() string { - return fmt.Sprintf("No institute access server found in organizations with URL %s and type %s", e.URL, e.Type) + return fmt.Sprintf( + "No institute access server found in organizations with URL %s and type %s", + e.URL, + e.Type, + ) } type GetServerByCountryCodeNotFoundError struct { @@ -194,7 +227,11 @@ type GetServerByCountryCodeNotFoundError struct { } func (e GetServerByCountryCodeNotFoundError) Error() string { - return fmt.Sprintf("No institute access server found in organizations with country code %s and type %s", e.CountryCode, e.Type) + return fmt.Sprintf( + "No institute access server found in organizations with country code %s and type %s", + e.CountryCode, + e.Type, + ) } type GetSecureHomeArgsNotFoundError struct { diff --git a/internal/fsm/fsm.go b/internal/fsm/fsm.go index f5b1507..0b32f84 100644 --- a/internal/fsm/fsm.go +++ b/internal/fsm/fsm.go @@ -134,22 +134,104 @@ type FSM struct { Debug bool } -func (fsm *FSM) Init(name string, callback func(FSMStateID, FSMStateID, interface{}), directory string, debug bool) { +func (fsm *FSM) Init( + name string, + callback func(FSMStateID, FSMStateID, interface{}), + directory string, + debug bool, +) { fsm.States = FSMStates{ - DEREGISTERED: FSMState{Transitions: []FSMTransition{{NO_SERVER, "Client registers"}}}, - NO_SERVER: FSMState{Transitions: []FSMTransition{{CHOSEN_SERVER, "User chooses a server"}, {SEARCH_SERVER, "The user is trying to choose a Server in the UI"}, {CONNECTED, "The user is already connected"}, {ASK_LOCATION, "Change the location in the main screen"}}}, - SEARCH_SERVER: FSMState{Transitions: []FSMTransition{{LOADING_SERVER, "User clicks a server in the UI"}, {NO_SERVER, "Cancel or Error"}}, BackState: NO_SERVER}, - ASK_LOCATION: FSMState{Transitions: []FSMTransition{{CHOSEN_SERVER, "Location chosen"}, {NO_SERVER, "Go back or Error"}, {SEARCH_SERVER, "Cancel or Error"}}}, - LOADING_SERVER: FSMState{Transitions: []FSMTransition{{CHOSEN_SERVER, "Server info loaded"}, {ASK_LOCATION, "User chooses a Secure Internet server but no location is configured"}}}, - CHOSEN_SERVER: FSMState{Transitions: []FSMTransition{{AUTHORIZED, "Found tokens in config"}, {OAUTH_STARTED, "No tokens found in config"}}}, - OAUTH_STARTED: FSMState{Transitions: []FSMTransition{{AUTHORIZED, "User authorizes with browser"}, {NO_SERVER, "Cancel or Error"}, {SEARCH_SERVER, "Cancel or Error"}}, BackState: NO_SERVER}, - AUTHORIZED: FSMState{Transitions: []FSMTransition{{OAUTH_STARTED, "Re-authorize with OAuth"}, {REQUEST_CONFIG, "Client requests a config"}}}, - REQUEST_CONFIG: FSMState{Transitions: []FSMTransition{{ASK_PROFILE, "Multiple profiles found and no profile chosen"}, {HAS_CONFIG, "Only one profile or profile already chosen"}, {NO_SERVER, "Cancel or Error"}, {OAUTH_STARTED, "Re-authorize"}}}, - ASK_PROFILE: FSMState{Transitions: []FSMTransition{{HAS_CONFIG, "User chooses profile"}, {NO_SERVER, "Cancel or Error"}, {SEARCH_SERVER, "Cancel or Error"}}}, - HAS_CONFIG: FSMState{Transitions: []FSMTransition{{CONNECTING, "OS reports it is trying to connect"}, {REQUEST_CONFIG, "User reconnects"}, {NO_SERVER, "User wants to choose a new server"}, {OAUTH_STARTED, "Re-authorize with OAuth"}}, BackState: NO_SERVER}, - DISCONNECTING: FSMState{Transitions: []FSMTransition{{HAS_CONFIG, "Cancel or Error"}, {HAS_CONFIG, "Done disconnecting"}}}, - CONNECTING: FSMState{Transitions: []FSMTransition{{HAS_CONFIG, "Cancel or Error"}, {CONNECTED, "Done connecting"}}}, - CONNECTED: FSMState{Transitions: []FSMTransition{{DISCONNECTING, "App wants to disconnect"}}}, + DEREGISTERED: FSMState{Transitions: []FSMTransition{{NO_SERVER, "Client registers"}}}, + NO_SERVER: FSMState{ + Transitions: []FSMTransition{ + {CHOSEN_SERVER, "User chooses a server"}, + {SEARCH_SERVER, "The user is trying to choose a Server in the UI"}, + {CONNECTED, "The user is already connected"}, + {ASK_LOCATION, "Change the location in the main screen"}, + }, + }, + SEARCH_SERVER: FSMState{ + Transitions: []FSMTransition{ + {LOADING_SERVER, "User clicks a server in the UI"}, + {NO_SERVER, "Cancel or Error"}, + }, + BackState: NO_SERVER, + }, + ASK_LOCATION: FSMState{ + Transitions: []FSMTransition{ + {CHOSEN_SERVER, "Location chosen"}, + {NO_SERVER, "Go back or Error"}, + {SEARCH_SERVER, "Cancel or Error"}, + }, + }, + LOADING_SERVER: FSMState{ + Transitions: []FSMTransition{ + {CHOSEN_SERVER, "Server info loaded"}, + { + ASK_LOCATION, + "User chooses a Secure Internet server but no location is configured", + }, + }, + }, + CHOSEN_SERVER: FSMState{ + Transitions: []FSMTransition{ + {AUTHORIZED, "Found tokens in config"}, + {OAUTH_STARTED, "No tokens found in config"}, + }, + }, + OAUTH_STARTED: FSMState{ + Transitions: []FSMTransition{ + {AUTHORIZED, "User authorizes with browser"}, + {NO_SERVER, "Cancel or Error"}, + {SEARCH_SERVER, "Cancel or Error"}, + }, + BackState: NO_SERVER, + }, + AUTHORIZED: FSMState{ + Transitions: []FSMTransition{ + {OAUTH_STARTED, "Re-authorize with OAuth"}, + {REQUEST_CONFIG, "Client requests a config"}, + }, + }, + REQUEST_CONFIG: FSMState{ + Transitions: []FSMTransition{ + {ASK_PROFILE, "Multiple profiles found and no profile chosen"}, + {HAS_CONFIG, "Only one profile or profile already chosen"}, + {NO_SERVER, "Cancel or Error"}, + {OAUTH_STARTED, "Re-authorize"}, + }, + }, + ASK_PROFILE: FSMState{ + Transitions: []FSMTransition{ + {HAS_CONFIG, "User chooses profile"}, + {NO_SERVER, "Cancel or Error"}, + {SEARCH_SERVER, "Cancel or Error"}, + }, + }, + HAS_CONFIG: FSMState{ + Transitions: []FSMTransition{ + {CONNECTING, "OS reports it is trying to connect"}, + {REQUEST_CONFIG, "User reconnects"}, + {NO_SERVER, "User wants to choose a new server"}, + {OAUTH_STARTED, "Re-authorize with OAuth"}, + }, + BackState: NO_SERVER, + }, + DISCONNECTING: FSMState{ + Transitions: []FSMTransition{ + {HAS_CONFIG, "Cancel or Error"}, + {HAS_CONFIG, "Done disconnecting"}, + }, + }, + CONNECTING: FSMState{ + Transitions: []FSMTransition{ + {HAS_CONFIG, "Cancel or Error"}, + {CONNECTED, "Done connecting"}, + }, + }, + CONNECTED: FSMState{ + Transitions: []FSMTransition{{DISCONNECTING, "App wants to disconnect"}}, + }, } fsm.Current = DEREGISTERED fsm.Name = name @@ -249,7 +331,12 @@ func (fsm *FSM) GenerateGraph() string { type DeregisteredError struct{} func (e DeregisteredError) CustomError() *types.WrappedErrorMessage { - return &types.WrappedErrorMessage{Message: "Client not registered with the GO library", Err: errors.New("the current FSM state is deregistered, but the function needs a state that is not deregistered")} + return &types.WrappedErrorMessage{ + Message: "Client not registered with the GO library", + Err: errors.New( + "the current FSM state is deregistered, but the function needs a state that is not deregistered", + ), + } } type WrongStateTransitionError struct { @@ -258,7 +345,16 @@ type WrongStateTransitionError struct { } func (e WrongStateTransitionError) CustomError() *types.WrappedErrorMessage { - return &types.WrappedErrorMessage{Message: "Wrong FSM transition", Err: errors.New(fmt.Sprintf("wrong FSM state, got: %s, want: a state with a transition to: %s", e.Got.String(), e.Want.String()))} + return &types.WrappedErrorMessage{ + Message: "Wrong FSM transition", + Err: errors.New( + fmt.Sprintf( + "wrong FSM state, got: %s, want: a state with a transition to: %s", + e.Got.String(), + e.Want.String(), + ), + ), + } } type WrongStateError struct { @@ -267,5 +363,10 @@ type WrongStateError struct { } func (e WrongStateError) CustomError() *types.WrappedErrorMessage { - return &types.WrappedErrorMessage{Message: "Wrong FSM State", Err: errors.New(fmt.Sprintf("wrong FSM state, got: %s, want: %s", e.Got.String(), e.Want.String()))} + return &types.WrappedErrorMessage{ + Message: "Wrong FSM State", + Err: errors.New( + fmt.Sprintf("wrong FSM state, got: %s, want: %s", e.Got.String(), e.Want.String()), + ), + } } diff --git a/internal/http/http.go b/internal/http/http.go index ae791a9..0ca444d 100644 --- a/internal/http/http.go +++ b/internal/http/http.go @@ -24,7 +24,14 @@ type HTTPOptionalParams struct { func HTTPConstructURL(baseURL string, parameters URLParameters) (string, error) { url, parseErr := url.Parse(baseURL) if parseErr != nil { - return "", &types.WrappedErrorMessage{Message: fmt.Sprintf("failed to construct url: %s including parameters: %v", url, parameters), Err: parseErr} + return "", &types.WrappedErrorMessage{ + Message: fmt.Sprintf( + "failed to construct url: %s including parameters: %v", + url, + parameters, + ), + Err: parseErr, + } } q := url.Query() @@ -58,7 +65,10 @@ func httpOptionalURL(url string, opts *HTTPOptionalParams) (string, error) { url, urlErr := HTTPConstructURL(url, opts.URLParameters) if urlErr != nil { - return url, &types.WrappedErrorMessage{Message: fmt.Sprintf("failed to create HTTP request with url: %s", url), Err: urlErr} + return url, &types.WrappedErrorMessage{ + Message: fmt.Sprintf("failed to create HTTP request with url: %s", url), + Err: urlErr, + } } return url, nil } @@ -81,7 +91,11 @@ func httpOptionalBodyReader(opts *HTTPOptionalParams) io.Reader { return nil } -func HTTPMethodWithOpts(method string, url string, opts *HTTPOptionalParams) (http.Header, []byte, error) { +func HTTPMethodWithOpts( + method string, + url string, + opts *HTTPOptionalParams, +) (http.Header, []byte, error) { // Make sure the url contains all the parameters // This can return an error, // it already has the right error so so we don't wrap it further @@ -139,7 +153,11 @@ type HTTPStatusError struct { } func (e *HTTPStatusError) Error() string { - return fmt.Sprintf("failed obtaining HTTP resource: %s as it gave an unsuccesful status code: %d", e.URL, e.Status) + return fmt.Sprintf( + "failed obtaining HTTP resource: %s as it gave an unsuccesful status code: %d", + e.URL, + e.Status, + ) } type HTTPParseJsonError struct { @@ -149,5 +167,10 @@ type HTTPParseJsonError struct { } func (e *HTTPParseJsonError) Error() string { - return fmt.Sprintf("failed parsing json %s for HTTP resource: %s with error: %v", e.Body, e.URL, e.Err) + return fmt.Sprintf( + "failed parsing json %s for HTTP resource: %s with error: %v", + e.Body, + e.URL, + e.Err, + ) } diff --git a/internal/log/log.go b/internal/log/log.go index f4024e2..27c9bba 100644 --- a/internal/log/log.go +++ b/internal/log/log.go @@ -46,7 +46,11 @@ func (logger *FileLogger) Init(level LogLevel, name string, directory string) er if configDirErr != nil { return &types.WrappedErrorMessage{Message: errorMessage, Err: configDirErr} } - logFile, logOpenErr := os.OpenFile(logger.getFilename(directory, name), os.O_RDWR|os.O_CREATE|os.O_APPEND, 0o666) + logFile, logOpenErr := os.OpenFile( + logger.getFilename(directory, name), + os.O_RDWR|os.O_CREATE|os.O_APPEND, + 0o666, + ) if logOpenErr != nil { return &types.WrappedErrorMessage{Message: errorMessage, Err: logOpenErr} } diff --git a/internal/oauth/oauth.go b/internal/oauth/oauth.go index 75a2e9f..bab1de2 100644 --- a/internal/oauth/oauth.go +++ b/internal/oauth/oauth.go @@ -51,7 +51,10 @@ func genChallengeS256(verifier string) string { func genVerifier() (string, error) { randomBytes, err := util.MakeRandomByteSlice(32) if err != nil { - return "", &types.WrappedErrorMessage{Message: "failed generating an OAuth verifier", Err: err} + return "", &types.WrappedErrorMessage{ + Message: "failed generating an OAuth verifier", + Err: err, + } } return base64.RawURLEncoding.EncodeToString(randomBytes), nil @@ -135,10 +138,15 @@ func (oauth *OAuth) getTokensWithAuthCode(authCode string) error { jsonErr := json.Unmarshal(body, &tokenStructure) if jsonErr != nil { - return &types.WrappedErrorMessage{Message: errorMessage, Err: &httpw.HTTPParseJsonError{URL: reqURL, Body: string(body), Err: jsonErr}} + return &types.WrappedErrorMessage{ + Message: errorMessage, + Err: &httpw.HTTPParseJsonError{URL: reqURL, Body: string(body), Err: jsonErr}, + } } - tokenStructure.ExpiredTimestamp = current_time.Add(time.Second * time.Duration(tokenStructure.Expires)) + tokenStructure.ExpiredTimestamp = current_time.Add( + time.Second * time.Duration(tokenStructure.Expires), + ) oauth.Token = tokenStructure return nil } @@ -173,10 +181,15 @@ func (oauth *OAuth) getTokensWithRefresh() error { jsonErr := json.Unmarshal(body, &tokenStructure) if jsonErr != nil { - return &types.WrappedErrorMessage{Message: errorMessage, Err: &httpw.HTTPParseJsonError{URL: reqURL, Body: string(body), Err: jsonErr}} + return &types.WrappedErrorMessage{ + Message: errorMessage, + Err: &httpw.HTTPParseJsonError{URL: reqURL, Body: string(body), Err: jsonErr}, + } } - tokenStructure.ExpiredTimestamp = current_time.Add(time.Second * time.Duration(tokenStructure.Expires)) + tokenStructure.ExpiredTimestamp = current_time.Add( + time.Second * time.Duration(tokenStructure.Expires), + ) oauth.Token = tokenStructure return nil } @@ -192,7 +205,10 @@ func (oauth *OAuth) Callback(w http.ResponseWriter, req *http.Request) { go oauth.Session.Server.Shutdown(oauth.Session.Context) }() if !success { - oauth.Session.CallbackError = &types.WrappedErrorMessage{Message: errorMessage, Err: &OAuthCallbackParameterError{Parameter: "code", URL: req.URL.String()}} + oauth.Session.CallbackError = &types.WrappedErrorMessage{ + Message: errorMessage, + Err: &OAuthCallbackParameterError{Parameter: "code", URL: req.URL.String()}, + } return } // The code is the first entry @@ -203,13 +219,22 @@ func (oauth *OAuth) Callback(w http.ResponseWriter, req *http.Request) { state, success := req.URL.Query()["state"] if !success { - oauth.Session.CallbackError = &types.WrappedErrorMessage{Message: errorMessage, Err: &OAuthCallbackParameterError{Parameter: "state", URL: req.URL.String()}} + oauth.Session.CallbackError = &types.WrappedErrorMessage{ + Message: errorMessage, + Err: &OAuthCallbackParameterError{Parameter: "state", URL: req.URL.String()}, + } return } // The state is the first entry extractedState := state[0] if extractedState != oauth.Session.State { - oauth.Session.CallbackError = &types.WrappedErrorMessage{Message: errorMessage, Err: &OAuthCallbackStateMatchError{State: extractedState, ExpectedState: oauth.Session.State}} + oauth.Session.CallbackError = &types.WrappedErrorMessage{ + Message: errorMessage, + Err: &OAuthCallbackStateMatchError{ + State: extractedState, + ExpectedState: oauth.Session.State, + }, + } return } @@ -217,7 +242,10 @@ func (oauth *OAuth) Callback(w http.ResponseWriter, req *http.Request) { // Obtaining the access and refresh tokens getTokensErr := oauth.getTokensWithAuthCode(extractedCode) if getTokensErr != nil { - oauth.Session.CallbackError = &types.WrappedErrorMessage{Message: errorMessage, Err: getTokensErr} + oauth.Session.CallbackError = &types.WrappedErrorMessage{ + Message: errorMessage, + Err: getTokensErr, + } return } } @@ -232,7 +260,13 @@ func (oauth *OAuth) Init(baseAuthorizationURL string, tokenURL string, fsm *fsm. func (oauth *OAuth) start(name string, postprocessAuth func(string) string) error { errorMessage := "failed starting OAuth exchange" if !oauth.FSM.HasTransition(fsm.OAUTH_STARTED) { - return &types.WrappedErrorMessage{Message: errorMessage, Err: fsm.WrongStateTransitionError{Got: oauth.FSM.Current, Want: fsm.OAUTH_STARTED}.CustomError()} + return &types.WrappedErrorMessage{ + Message: errorMessage, + Err: fsm.WrongStateTransitionError{ + Got: oauth.FSM.Current, + Want: fsm.OAUTH_STARTED, + }.CustomError(), + } } // Generate the state state, stateErr := genState() @@ -275,7 +309,13 @@ func (oauth *OAuth) start(name string, postprocessAuth func(string) string) erro func (oauth *OAuth) Finish() error { errorMessage := "failed finishing OAuth" if !oauth.FSM.HasTransition(fsm.AUTHORIZED) { - return &types.WrappedErrorMessage{Message: errorMessage, Err: fsm.WrongStateTransitionError{Got: oauth.FSM.Current, Want: fsm.AUTHORIZED}.CustomError()} + return &types.WrappedErrorMessage{ + Message: errorMessage, + Err: fsm.WrongStateTransitionError{ + Got: oauth.FSM.Current, + Want: fsm.AUTHORIZED, + }.CustomError(), + } } tokenErr := oauth.getTokensWithCallback() @@ -287,7 +327,10 @@ func (oauth *OAuth) Finish() error { } func (oauth *OAuth) Cancel() { - oauth.Session.CallbackError = &types.WrappedErrorMessage{Message: "cancelled OAuth", Err: &OAuthCancelledCallbackError{}} + oauth.Session.CallbackError = &types.WrappedErrorMessage{ + Message: "cancelled OAuth", + Err: &OAuthCancelledCallbackError{}, + } oauth.Session.Server.Shutdown(oauth.Session.Context) } diff --git a/internal/server/api.go b/internal/server/api.go index bf6a577..57d91c6 100644 --- a/internal/server/api.go +++ b/internal/server/api.go @@ -32,7 +32,12 @@ func APIGetEndpoints(baseURL string) (*ServerEndpoints, error) { return endpoints, nil } -func apiAuthorized(server Server, method string, endpoint string, opts *httpw.HTTPOptionalParams) (http.Header, []byte, error) { +func apiAuthorized( + server Server, + method string, + endpoint string, + opts *httpw.HTTPOptionalParams, +) (http.Header, []byte, error) { errorMessage := "failed API authorized" // Ensure optional is not nil as we will fill it with headers if opts == nil { @@ -67,7 +72,12 @@ func apiAuthorized(server Server, method string, endpoint string, opts *httpw.HT return httpw.HTTPMethodWithOpts(method, url, opts) } -func apiAuthorizedRetry(server Server, method string, endpoint string, opts *httpw.HTTPOptionalParams) (http.Header, []byte, error) { +func apiAuthorizedRetry( + server Server, + method string, + endpoint string, + opts *httpw.HTTPOptionalParams, +) (http.Header, []byte, error) { errorMessage := "failed authorized API retry" header, body, bodyErr := apiAuthorized(server, method, endpoint, opts) @@ -116,7 +126,12 @@ func APIInfo(server Server) error { return nil } -func APIConnectWireguard(server Server, profile_id string, pubkey string, supportsOpenVPN bool) (string, string, time.Time, error) { +func APIConnectWireguard( + server Server, + profile_id string, + pubkey string, + supportsOpenVPN bool, +) (string, string, time.Time, error) { errorMessage := "failed obtaining a WireGuard configuration" headers := http.Header{ "content-type": {"application/x-www-form-urlencoded"}, @@ -131,9 +146,17 @@ func APIConnectWireguard(server Server, profile_id string, pubkey string, suppor "profile_id": {profile_id}, "public_key": {pubkey}, } - header, connectBody, connectErr := apiAuthorizedRetry(server, http.MethodPost, "/connect", &httpw.HTTPOptionalParams{Headers: headers, Body: urlForm}) + header, connectBody, connectErr := apiAuthorizedRetry( + server, + http.MethodPost, + "/connect", + &httpw.HTTPOptionalParams{Headers: headers, Body: urlForm}, + ) if connectErr != nil { - return "", "", time.Time{}, &types.WrappedErrorMessage{Message: errorMessage, Err: connectErr} + return "", "", time.Time{}, &types.WrappedErrorMessage{ + Message: errorMessage, + Err: connectErr, + } } expires := header.Get("expires") @@ -163,7 +186,12 @@ func APIConnectOpenVPN(server Server, profile_id string) (string, time.Time, err "profile_id": {profile_id}, } - header, connectBody, connectErr := apiAuthorizedRetry(server, http.MethodPost, "/connect", &httpw.HTTPOptionalParams{Headers: headers, Body: urlForm}) + header, connectBody, connectErr := apiAuthorizedRetry( + server, + http.MethodPost, + "/connect", + &httpw.HTTPOptionalParams{Headers: headers, Body: urlForm}, + ) if connectErr != nil { return "", time.Time{}, &types.WrappedErrorMessage{Message: errorMessage, Err: connectErr} } diff --git a/internal/server/common.go b/internal/server/common.go index 56c8af0..1a92eb0 100644 --- a/internal/server/common.go +++ b/internal/server/common.go @@ -88,7 +88,10 @@ func (servers *Servers) GetCurrentServer() (Server, error) { errorMessage := "failed getting current server" if servers.IsType == SecureInternetServerType { if !servers.HasSecureLocation() { - return nil, &types.WrappedErrorMessage{Message: errorMessage, Err: &ServerGetCurrentNotFoundError{}} + return nil, &types.WrappedErrorMessage{ + Message: errorMessage, + Err: &ServerGetCurrentNotFoundError{}, + } } return &servers.SecureInternetHomeServer, nil } @@ -101,12 +104,18 @@ func (servers *Servers) GetCurrentServer() (Server, error) { currentServerURL := serversStruct.CurrentURL bases := serversStruct.Map if bases == nil { - return nil, &types.WrappedErrorMessage{Message: errorMessage, Err: &ServerGetCurrentNoMapError{}} + return nil, &types.WrappedErrorMessage{ + Message: errorMessage, + Err: &ServerGetCurrentNoMapError{}, + } } server, exists := bases[currentServerURL] if !exists || server == nil { - return nil, &types.WrappedErrorMessage{Message: errorMessage, Err: &ServerGetCurrentNotFoundError{}} + return nil, &types.WrappedErrorMessage{ + Message: errorMessage, + Err: &ServerGetCurrentNotFoundError{}, + } } return server, nil } @@ -146,7 +155,7 @@ func getServerInfoScreen(base ServerBase) ServerInfoScreen { return serverInfoScreen } -func (servers *Servers) GetServersConfigured() (*ServersConfiguredScreen) { +func (servers *Servers) GetServersConfigured() *ServersConfiguredScreen { customServersInfo := []ServerInfoScreen{} instituteServersInfo := []ServerInfoScreen{} var secureInternetServerInfo *ServerInfoScreen = nil @@ -171,7 +180,11 @@ func (servers *Servers) GetServersConfigured() (*ServersConfiguredScreen) { secureInternetServerInfo.CountryCode = servers.SecureInternetHomeServer.CurrentLocation } - return &ServersConfiguredScreen{CustomServers: customServersInfo, InstituteAccessServers: instituteServersInfo, SecureInternetServer: secureInternetServerInfo} + return &ServersConfiguredScreen{ + CustomServers: customServersInfo, + InstituteAccessServers: instituteServersInfo, + SecureInternetServer: secureInternetServerInfo, + } } func (servers *Servers) GetCurrentServerInfo() (*ServerInfoScreen, error) { @@ -198,7 +211,11 @@ func (servers *Servers) GetCurrentServerInfo() (*ServerInfoScreen, error) { return &serverInfoScreen, nil } -func (servers *Servers) addInstituteAndCustom(discoServer *types.DiscoveryServer, isCustom bool, fsm *fsm.FSM) (Server, error) { +func (servers *Servers) addInstituteAndCustom( + discoServer *types.DiscoveryServer, + isCustom bool, + fsm *fsm.FSM, +) (Server, error) { url := discoServer.BaseURL errorMessage := fmt.Sprintf("failed adding institute access server: %s", url) toAddServers := &servers.InstituteServers @@ -222,7 +239,13 @@ func (servers *Servers) addInstituteAndCustom(discoServer *types.DiscoveryServer // Set the current server toAddServers.CurrentURL = url - instituteInitErr := server.init(url, discoServer.DisplayName, discoServer.Type, discoServer.SupportContact, fsm) + instituteInitErr := server.init( + url, + discoServer.DisplayName, + discoServer.Type, + discoServer.SupportContact, + fsm, + ) if instituteInitErr != nil { return nil, &types.WrappedErrorMessage{Message: errorMessage, Err: instituteInitErr} } @@ -231,11 +254,17 @@ func (servers *Servers) addInstituteAndCustom(discoServer *types.DiscoveryServer return server, nil } -func (servers *Servers) AddInstituteAccessServer(instituteServer *types.DiscoveryServer, fsm *fsm.FSM) (Server, error) { +func (servers *Servers) AddInstituteAccessServer( + instituteServer *types.DiscoveryServer, + fsm *fsm.FSM, +) (Server, error) { return servers.addInstituteAndCustom(instituteServer, false, fsm) } -func (servers *Servers) AddCustomServer(customServer *types.DiscoveryServer, fsm *fsm.FSM) (Server, error) { +func (servers *Servers) AddCustomServer( + customServer *types.DiscoveryServer, + fsm *fsm.FSM, +) (Server, error) { return servers.addInstituteAndCustom(customServer, true, fsm) } @@ -243,7 +272,10 @@ func (servers *Servers) GetSecureLocation() string { return servers.SecureInternetHomeServer.CurrentLocation } -func (servers *Servers) SetSecureLocation(chosenLocationServer *types.DiscoveryServer, fsm *fsm.FSM) error { +func (servers *Servers) SetSecureLocation( + chosenLocationServer *types.DiscoveryServer, + fsm *fsm.FSM, +) error { errorMessage := "failed to set secure location" // Make sure to add the current location _, addLocationErr := servers.SecureInternetHomeServer.addLocation(chosenLocationServer, fsm) @@ -256,7 +288,11 @@ func (servers *Servers) SetSecureLocation(chosenLocationServer *types.DiscoveryS return nil } -func (servers *Servers) AddSecureInternet(secureOrg *types.DiscoveryOrganization, secureServer *types.DiscoveryServer, fsm *fsm.FSM) (Server, error) { +func (servers *Servers) AddSecureInternet( + secureOrg *types.DiscoveryOrganization, + secureServer *types.DiscoveryServer, + fsm *fsm.FSM, +) (Server, error) { errorMessage := "failed adding secure internet server" // If we have specified an organization ID // We also need to get an authorization template @@ -361,7 +397,10 @@ func getCurrentProfile(server Server) (*ServerProfile, error) { } } - return nil, &types.WrappedErrorMessage{Message: errorMessage, Err: &ServerGetCurrentProfileNotFoundError{ProfileID: profileID}} + return nil, &types.WrappedErrorMessage{ + Message: errorMessage, + Err: &ServerGetCurrentProfileNotFoundError{ProfileID: profileID}, + } } func wireguardGetConfig(server Server, supportsOpenVPN bool) (string, string, error) { @@ -380,7 +419,12 @@ func wireguardGetConfig(server Server, supportsOpenVPN bool) (string, string, er } wireguardPublicKey := wireguardKey.PublicKey().String() - config, content, expires, configErr := APIConnectWireguard(server, profile_id, wireguardPublicKey, supportsOpenVPN) + config, content, expires, configErr := APIConnectWireguard( + server, + profile_id, + wireguardPublicKey, + supportsOpenVPN, + ) if configErr != nil { return "", "", &types.WrappedErrorMessage{Message: errorMessage, Err: configErr} @@ -430,7 +474,13 @@ func getConfigWithProfile(server Server, forceTCP bool) (string, string, error) return "", "", &types.WrappedErrorMessage{Message: errorMessage, Err: baseErr} } if !base.FSM.HasTransition(fsm.HAS_CONFIG) { - return "", "", &types.WrappedErrorMessage{Message: errorMessage, Err: fsm.WrongStateTransitionError{Got: base.FSM.Current, Want: fsm.HAS_CONFIG}.CustomError()} + return "", "", &types.WrappedErrorMessage{ + Message: errorMessage, + Err: fsm.WrongStateTransitionError{ + Got: base.FSM.Current, + Want: fsm.HAS_CONFIG, + }.CustomError(), + } } profile, profileErr := getCurrentProfile(server) @@ -443,7 +493,10 @@ func getConfigWithProfile(server Server, forceTCP bool) (string, string, error) // If forceTCP we must be able to get a config with OpenVPN if forceTCP && supportsOpenVPN { - return "", "", &types.WrappedErrorMessage{Message: errorMessage, Err: &ServerGetConfigForceTCPError{}} + return "", "", &types.WrappedErrorMessage{ + Message: errorMessage, + Err: &ServerGetConfigForceTCPError{}, + } } var config string @@ -473,7 +526,13 @@ func askForProfileID(server Server) error { return &types.WrappedErrorMessage{Message: errorMessage, Err: baseErr} } if !base.FSM.HasTransition(fsm.ASK_PROFILE) { - return &types.WrappedErrorMessage{Message: errorMessage, Err: fsm.WrongStateTransitionError{Got: base.FSM.Current, Want: fsm.ASK_PROFILE}.CustomError()} + return &types.WrappedErrorMessage{ + Message: errorMessage, + Err: fsm.WrongStateTransitionError{ + Got: base.FSM.Current, + Want: fsm.ASK_PROFILE, + }.CustomError(), + } } base.FSM.GoTransitionWithData(fsm.ASK_PROFILE, &base.Profiles, false) return nil @@ -487,7 +546,13 @@ func GetConfig(server Server, forceTCP bool) (string, string, error) { return "", "", &types.WrappedErrorMessage{Message: errorMessage, Err: baseErr} } if !base.FSM.InState(fsm.REQUEST_CONFIG) { - return "", "", &types.WrappedErrorMessage{Message: errorMessage, Err: fsm.WrongStateError{Got: base.FSM.Current, Want: fsm.REQUEST_CONFIG}.CustomError()} + return "", "", &types.WrappedErrorMessage{ + Message: errorMessage, + Err: fsm.WrongStateError{ + Got: base.FSM.Current, + Want: fsm.REQUEST_CONFIG, + }.CustomError(), + } } // Get new profiles using the info call @@ -538,7 +603,9 @@ func (e *ServerGetCurrentProfileNotFoundError) Error() string { type ServerGetConfigForceTCPError struct{} func (e *ServerGetConfigForceTCPError) Error() string { - return fmt.Sprintf("failed to get config, force TCP is on but the server does not support OpenVPN") + return fmt.Sprintf( + "failed to get config, force TCP is on but the server does not support OpenVPN", + ) } type ServerEnsureServerEmptyURLError struct{} diff --git a/internal/server/instituteaccess.go b/internal/server/instituteaccess.go index 1da2d1e..6ac248d 100644 --- a/internal/server/instituteaccess.go +++ b/internal/server/instituteaccess.go @@ -37,7 +37,13 @@ func (institute *InstituteAccessServer) GetBase() (*ServerBase, error) { return &institute.Base, nil } -func (institute *InstituteAccessServer) init(url string, displayName map[string]string, serverType string, supportContact []string, fsm *fsm.FSM) error { +func (institute *InstituteAccessServer) init( + url string, + displayName map[string]string, + serverType string, + supportContact []string, + fsm *fsm.FSM, +) error { errorMessage := fmt.Sprintf("failed initializing institute server %s", url) institute.Base.URL = url institute.Base.DisplayName = displayName diff --git a/internal/server/secureinternet.go b/internal/server/secureinternet.go index 9ada8ae..3498bcc 100644 --- a/internal/server/secureinternet.go +++ b/internal/server/secureinternet.go @@ -37,13 +37,19 @@ func (secure *SecureInternetHomeServer) GetTemplateAuth() func(string) string { func (server *SecureInternetHomeServer) GetBase() (*ServerBase, error) { errorMessage := "failed getting current secure internet home base" if server.BaseMap == nil { - return nil, &types.WrappedErrorMessage{Message: errorMessage, Err: &ServerSecureInternetMapNotFoundError{}} + return nil, &types.WrappedErrorMessage{ + Message: errorMessage, + Err: &ServerSecureInternetMapNotFoundError{}, + } } base, exists := server.BaseMap[server.CurrentLocation] if !exists { - return nil, &types.WrappedErrorMessage{Message: errorMessage, Err: &ServerSecureInternetBaseNotFoundError{Current: server.CurrentLocation}} + return nil, &types.WrappedErrorMessage{ + Message: errorMessage, + Err: &ServerSecureInternetBaseNotFoundError{Current: server.CurrentLocation}, + } } return base, nil } @@ -52,7 +58,10 @@ func (servers *Servers) HasSecureLocation() bool { return servers.SecureInternetHomeServer.CurrentLocation != "" } -func (secure *SecureInternetHomeServer) addLocation(locationServer *types.DiscoveryServer, fsm *fsm.FSM) (*ServerBase, error) { +func (secure *SecureInternetHomeServer) addLocation( + locationServer *types.DiscoveryServer, + fsm *fsm.FSM, +) (*ServerBase, error) { errorMessage := "failed adding a location" // Initialize the base map if it is non-nil if secure.BaseMap == nil { @@ -85,7 +94,11 @@ func (secure *SecureInternetHomeServer) addLocation(locationServer *types.Discov } // Initializes the home server and adds its own location -func (secure *SecureInternetHomeServer) init(homeOrg *types.DiscoveryOrganization, homeLocation *types.DiscoveryServer, fsm *fsm.FSM) error { +func (secure *SecureInternetHomeServer) init( + homeOrg *types.DiscoveryOrganization, + homeLocation *types.DiscoveryServer, + fsm *fsm.FSM, +) error { errorMessage := "failed initializing secure internet home server" if secure.HomeOrganizationID != homeOrg.OrgId { diff --git a/internal/types/error.go b/internal/types/error.go index 4a882e2..c7ee67f 100644 --- a/internal/types/error.go +++ b/internal/types/error.go @@ -105,7 +105,9 @@ func GetErrorJSONString(err error) string { traceback = err.Error() } - json, jsonErr := json.Marshal(&WrappedErrorMessageJSON{Level: level, Cause: cause.Error(), Traceback: traceback}) + json, jsonErr := json.Marshal( + &WrappedErrorMessageJSON{Level: level, Cause: cause.Error(), Traceback: traceback}, + ) if jsonErr != nil { panic(jsonErr) diff --git a/internal/util/util.go b/internal/util/util.go index 17ae1c3..6dad4b1 100644 --- a/internal/util/util.go +++ b/internal/util/util.go @@ -14,7 +14,10 @@ import ( func EnsureValidURL(s string) (string, error) { parsedURL, parseErr := url.Parse(s) if parseErr != nil { - return "", &types.WrappedErrorMessage{Message: fmt.Sprintf("failed parsing url: %s", s), Err: parseErr} + return "", &types.WrappedErrorMessage{ + Message: fmt.Sprintf("failed parsing url: %s", s), + Err: parseErr, + } } if parsedURL.Scheme == "" { @@ -41,7 +44,10 @@ func EnsureDirectory(directory string) error { // Create with 700 permissions, read, write, execute only for the owner mkdirErr := os.MkdirAll(directory, 0o700) if mkdirErr != nil { - return &types.WrappedErrorMessage{Message: fmt.Sprintf("failed to create directory %s", directory), Err: mkdirErr} + return &types.WrappedErrorMessage{ + Message: fmt.Sprintf("failed to create directory %s", directory), + Err: mkdirErr, + } } return nil } diff --git a/internal/verify/verify.go b/internal/verify/verify.go index e9a9316..50bdd0b 100644 --- a/internal/verify/verify.go +++ b/internal/verify/verify.go @@ -18,13 +18,26 @@ import ( // The return value will either be (true, nil) for a valid signature or (false, VerifyError) otherwise. // // Verify is a wrapper around verifyWithKeys where allowedPublicKeys is set to the list from https://git.sr.ht/~eduvpn/disco.eduvpn.org#public-keys. -func Verify(signatureFileContent string, signedJson []byte, expectedFileName string, minSignTime uint64, forcePrehash bool) (bool, error) { +func Verify( + signatureFileContent string, + signedJson []byte, + expectedFileName string, + minSignTime uint64, + forcePrehash bool, +) (bool, error) { // keys taken from https://git.sr.ht/~eduvpn/disco.eduvpn.org#public-keys keyStrs := []string{ "RWRtBSX1alxyGX+Xn3LuZnWUT0w//B6EmTJvgaAxBMYzlQeI+jdrO6KF", // fkooman@tuxed.net, kolla@uninett.no "RWQKqtqvd0R7rUDp0rWzbtYPA3towPWcLDCl7eY9pBMMI/ohCmrS0WiM", // RoSp } - valid, err := verifyWithKeys(signatureFileContent, signedJson, expectedFileName, minSignTime, keyStrs, forcePrehash) + valid, err := verifyWithKeys( + signatureFileContent, + signedJson, + expectedFileName, + minSignTime, + keyStrs, + forcePrehash, + ) if err != nil { return valid, &types.WrappedErrorMessage{Message: "failed signature verify", Err: err} } @@ -41,12 +54,22 @@ func Verify(signatureFileContent string, signedJson []byte, expectedFileName str // // The return value will either be (true, nil) on success or (false, detailedVerifyError) on failure. // Note that every error path is wrapped in a custom type here because minisign does not return custom error types, they use errors.New -func verifyWithKeys(signatureFileContent string, signedJson []byte, filename string, minSignTime uint64, allowedPublicKeys []string, forcePrehash bool) (bool, error) { +func verifyWithKeys( + signatureFileContent string, + signedJson []byte, + filename string, + minSignTime uint64, + allowedPublicKeys []string, + forcePrehash bool, +) (bool, error) { switch filename { case "server_list.json", "organization_list.json": break default: - return false, &VerifyUnknownExpectedFilenameError{Filename: filename, Expected: "server_list.json or organization_list.json"} + return false, &VerifyUnknownExpectedFilenameError{ + Filename: filename, + Expected: "server_list.json or organization_list.json", + } } sig, err := minisign.DecodeSignature(signatureFileContent) @@ -56,7 +79,10 @@ func verifyWithKeys(signatureFileContent string, signedJson []byte, filename str // Check if signature is prehashed, see https://jedisct1.github.io/minisign/#signature-format if forcePrehash && sig.SignatureAlgorithm != [2]byte{'E', 'D'} { - return false, &VerifyInvalidSignatureAlgorithmError{Algorithm: string(sig.SignatureAlgorithm[:]), WantedAlgorithm: "ED (BLAKE2b-prehashed EdDSA)"} + return false, &VerifyInvalidSignatureAlgorithmError{ + Algorithm: string(sig.SignatureAlgorithm[:]), + WantedAlgorithm: "ED (BLAKE2b-prehashed EdDSA)", + } } // Find allowed key used for signature @@ -80,9 +106,17 @@ func verifyWithKeys(signatureFileContent string, signedJson []byte, filename str var signTime uint64 var sigFileName string // sigFileName cannot have spaces - _, err = fmt.Sscanf(sig.TrustedComment, "trusted comment: timestamp:%d\tfile:%s", &signTime, &sigFileName) + _, err = fmt.Sscanf( + sig.TrustedComment, + "trusted comment: timestamp:%d\tfile:%s", + &signTime, + &sigFileName, + ) if err != nil { - return false, &VerifyInvalidTrustedCommentError{TrustedComment: sig.TrustedComment, Err: err} + return false, &VerifyInvalidTrustedCommentError{ + TrustedComment: sig.TrustedComment, + Err: err, + } } if sigFileName != filename { @@ -127,7 +161,11 @@ type VerifyInvalidSignatureAlgorithmError struct { } func (e *VerifyInvalidSignatureAlgorithmError) Error() string { - return fmt.Sprintf("invalid signature algorithm: %s, wanted: %s", e.Algorithm, e.WantedAlgorithm) + return fmt.Sprintf( + "invalid signature algorithm: %s, wanted: %s", + e.Algorithm, + e.WantedAlgorithm, + ) } type VerifyCreatePublicKeyError struct { @@ -174,7 +212,11 @@ type VerifyWrongSigFilenameError struct { } func (e *VerifyWrongSigFilenameError) Error() string { - return fmt.Sprintf("wrong filename: %s, expected filename: %s for signature", e.Filename, e.SigFilename) + return fmt.Sprintf( + "wrong filename: %s, expected filename: %s for signature", + e.Filename, + e.SigFilename, + ) } type VerifySigTimeEarlierError struct { diff --git a/internal/verify/verify_test.go b/internal/verify/verify_test.go index 7d577dd..47b1dc2 100644 --- a/internal/verify/verify_test.go +++ b/internal/verify/verify_test.go @@ -51,46 +51,278 @@ func Test_verifyWithKeys(t *testing.T) { minSignTime uint64 allowedPks []string }{ - {&verifyInvalidSignatureAlgorithmError, "pure", "server_list.json.pure.minisig", "server_list.json", "server_list.json", 10, pk}, - - {nil, "valid server_list", "server_list.json.minisig", "server_list.json", "server_list.json", 10, pk}, - {nil, "TC no hashed", "server_list.json.tc_nohashed.minisig", "server_list.json", "server_list.json", 10, pk}, - {nil, "TC later time", "server_list.json.tc_latertime.minisig", "server_list.json", "server_list.json", 10, pk}, - {&verifyWrongSigFilenameError, "server_list TC file:organization_list", "server_list.json.tc_orglist.minisig", "server_list.json", "server_list.json", 10, pk}, - {&verifyWrongSigFilenameError, "organization_list as server_list", "organization_list.json.minisig", "organization_list.json", "server_list.json", 10, pk}, - {&verifyWrongSigFilenameError, "TC file:otherfile", "server_list.json.tc_otherfile.minisig", "server_list.json", "server_list.json", 10, pk}, - {&verifySigTimeEarlierError, "TC no file", "server_list.json.tc_nofile.minisig", "server_list.json", "server_list.json", 10, pk}, - {&verifySigTimeEarlierError, "TC no time", "server_list.json.tc_notime.minisig", "server_list.json", "server_list.json", 10, pk}, - {&verifySigTimeEarlierError, "TC empty time", "server_list.json.tc_emptytime.minisig", "server_list.json", "server_list.json", 10, pk}, - {&verifyInvalidSignatureFormatError, "TC empty file", "server_list.json.tc_emptyfile.minisig", "server_list.json", "server_list.json", 10, pk}, - {&verifyInvalidTrustedCommentError, "TC random", "server_list.json.tc_random.minisig", "server_list.json", "server_list.json", 10, pk}, - {nil, "large time", "server_list.json.large_time.minisig", "server_list.json", "server_list.json", 43e8, pk}, - {nil, "lower min time", "server_list.json.minisig", "server_list.json", "server_list.json", 5, pk}, - {&verifySigTimeEarlierError, "higher min time", "server_list.json.minisig", "server_list.json", "server_list.json", 11, pk}, - - {nil, "valid organization_list", "organization_list.json.minisig", "organization_list.json", "organization_list.json", 10, pk}, - {&verifyWrongSigFilenameError, "organization_list TC file:server_list", "organization_list.json.tc_servlist.minisig", "organization_list.json", "organization_list.json", 10, pk}, - {&verifyWrongSigFilenameError, "server_list as organization_list", "server_list.json.minisig", "server_list.json", "organization_list.json", 10, pk}, - - {&verifyUnknownExpectedFilenameError, "valid other_list", "other_list.json.minisig", "other_list.json", "other_list.json", 10, pk}, - {&verifyWrongSigFilenameError, "other_list as server_list", "other_list.json.minisig", "other_list.json", "server_list.json", 10, pk}, - - {&verifyInvalidSignatureFormatError, "invalid signature file", "random.txt", "server_list.json", "server_list.json", 10, pk}, - {&verifyInvalidSignatureFormatError, "empty signature file", "empty", "server_list.json", "server_list.json", 10, pk}, - - {&verifyUnknownKeyError, "wrong key", "server_list.json.wrong_key.minisig", "server_list.json", "server_list.json", 10, pk}, - - {&verifyInvalidSignatureAlgorithmError, "forged pure signature", "server_list.json.forged_pure.minisig", "server_list.json.blake2b", "server_list.json", 10, pk}, - {&verifyInvalidSignatureError, "forged key ID", "server_list.json.forged_keyid.minisig", "server_list.json", "server_list.json", 10, pk}, - - {&verifyUnknownKeyError, "no allowed keys", "server_list.json.minisig", "server_list.json", "server_list.json", 10, []string{}}, - {nil, "multiple allowed keys 1", "server_list.json.minisig", "server_list.json", "server_list.json", 10, []string{ - pk[0], "RWSf0PYToIUJmDlsz21YOXvgQzHj9NSdyJUqEY5ZdfS9GepeXt3+JJRZ", - }}, - {nil, "multiple allowed keys 2", "server_list.json.minisig", "server_list.json", "server_list.json", 10, []string{ - "RWSf0PYToIUJmDlsz21YOXvgQzHj9NSdyJUqEY5ZdfS9GepeXt3+JJRZ", pk[0], - }}, - {&verifyCreatePublicKeyError, "invalid allowed key", "server_list.json.minisig", "server_list.json", "server_list.json", 10, []string{"AAA"}}, + { + &verifyInvalidSignatureAlgorithmError, + "pure", + "server_list.json.pure.minisig", + "server_list.json", + "server_list.json", + 10, + pk, + }, + + { + nil, + "valid server_list", + "server_list.json.minisig", + "server_list.json", + "server_list.json", + 10, + pk, + }, + { + nil, + "TC no hashed", + "server_list.json.tc_nohashed.minisig", + "server_list.json", + "server_list.json", + 10, + pk, + }, + { + nil, + "TC later time", + "server_list.json.tc_latertime.minisig", + "server_list.json", + "server_list.json", + 10, + pk, + }, + { + &verifyWrongSigFilenameError, + "server_list TC file:organization_list", + "server_list.json.tc_orglist.minisig", + "server_list.json", + "server_list.json", + 10, + pk, + }, + { + &verifyWrongSigFilenameError, + "organization_list as server_list", + "organization_list.json.minisig", + "organization_list.json", + "server_list.json", + 10, + pk, + }, + { + &verifyWrongSigFilenameError, + "TC file:otherfile", + "server_list.json.tc_otherfile.minisig", + "server_list.json", + "server_list.json", + 10, + pk, + }, + { + &verifySigTimeEarlierError, + "TC no file", + "server_list.json.tc_nofile.minisig", + "server_list.json", + "server_list.json", + 10, + pk, + }, + { + &verifySigTimeEarlierError, + "TC no time", + "server_list.json.tc_notime.minisig", + "server_list.json", + "server_list.json", + 10, + pk, + }, + { + &verifySigTimeEarlierError, + "TC empty time", + "server_list.json.tc_emptytime.minisig", + "server_list.json", + "server_list.json", + 10, + pk, + }, + { + &verifyInvalidSignatureFormatError, + "TC empty file", + "server_list.json.tc_emptyfile.minisig", + "server_list.json", + "server_list.json", + 10, + pk, + }, + { + &verifyInvalidTrustedCommentError, + "TC random", + "server_list.json.tc_random.minisig", + "server_list.json", + "server_list.json", + 10, + pk, + }, + { + nil, + "large time", + "server_list.json.large_time.minisig", + "server_list.json", + "server_list.json", + 43e8, + pk, + }, + { + nil, + "lower min time", + "server_list.json.minisig", + "server_list.json", + "server_list.json", + 5, + pk, + }, + { + &verifySigTimeEarlierError, + "higher min time", + "server_list.json.minisig", + "server_list.json", + "server_list.json", + 11, + pk, + }, + + { + nil, + "valid organization_list", + "organization_list.json.minisig", + "organization_list.json", + "organization_list.json", + 10, + pk, + }, + { + &verifyWrongSigFilenameError, + "organization_list TC file:server_list", + "organization_list.json.tc_servlist.minisig", + "organization_list.json", + "organization_list.json", + 10, + pk, + }, + { + &verifyWrongSigFilenameError, + "server_list as organization_list", + "server_list.json.minisig", + "server_list.json", + "organization_list.json", + 10, + pk, + }, + + { + &verifyUnknownExpectedFilenameError, + "valid other_list", + "other_list.json.minisig", + "other_list.json", + "other_list.json", + 10, + pk, + }, + { + &verifyWrongSigFilenameError, + "other_list as server_list", + "other_list.json.minisig", + "other_list.json", + "server_list.json", + 10, + pk, + }, + + { + &verifyInvalidSignatureFormatError, + "invalid signature file", + "random.txt", + "server_list.json", + "server_list.json", + 10, + pk, + }, + { + &verifyInvalidSignatureFormatError, + "empty signature file", + "empty", + "server_list.json", + "server_list.json", + 10, + pk, + }, + + { + &verifyUnknownKeyError, + "wrong key", + "server_list.json.wrong_key.minisig", + "server_list.json", + "server_list.json", + 10, + pk, + }, + + { + &verifyInvalidSignatureAlgorithmError, + "forged pure signature", + "server_list.json.forged_pure.minisig", + "server_list.json.blake2b", + "server_list.json", + 10, + pk, + }, + { + &verifyInvalidSignatureError, + "forged key ID", + "server_list.json.forged_keyid.minisig", + "server_list.json", + "server_list.json", + 10, + pk, + }, + + { + &verifyUnknownKeyError, + "no allowed keys", + "server_list.json.minisig", + "server_list.json", + "server_list.json", + 10, + []string{}, + }, + { + nil, + "multiple allowed keys 1", + "server_list.json.minisig", + "server_list.json", + "server_list.json", + 10, + []string{ + pk[0], "RWSf0PYToIUJmDlsz21YOXvgQzHj9NSdyJUqEY5ZdfS9GepeXt3+JJRZ", + }, + }, + { + nil, + "multiple allowed keys 2", + "server_list.json.minisig", + "server_list.json", + "server_list.json", + 10, + []string{ + "RWSf0PYToIUJmDlsz21YOXvgQzHj9NSdyJUqEY5ZdfS9GepeXt3+JJRZ", pk[0], + }, + }, + { + &verifyCreatePublicKeyError, + "invalid allowed key", + "server_list.json.minisig", + "server_list.json", + "server_list.json", + 10, + []string{"AAA"}, + }, } // Cache file contents in map, mapping file names to contents @@ -117,8 +349,15 @@ func Test_verifyWithKeys(t *testing.T) { valid, err := verifyWithKeys(string(files[tt.signatureFile]), files[tt.jsonFile], tt.expectedFileName, tt.minSignTime, tt.allowedPks, forcePrehash) compareResults(t, valid, err, tt.expectedErr, func() string { - return fmt.Sprintf("verifyWithKeys(%q, %q, %q, %v, %v, %t)", - tt.signatureFile, tt.jsonFile, tt.expectedFileName, tt.minSignTime, tt.allowedPks, forcePrehash) + return fmt.Sprintf( + "verifyWithKeys(%q, %q, %q, %v, %v, %t)", + tt.signatureFile, + tt.jsonFile, + tt.expectedFileName, + tt.minSignTime, + tt.allowedPks, + forcePrehash, + ) }) }) } @@ -126,7 +365,13 @@ func Test_verifyWithKeys(t *testing.T) { // compareResults compares returned ret, err from a verify function with expected error code expected. // callStr is called to get the formatted parameters passed to the function. -func compareResults(t *testing.T, ret bool, err error, expectedErr interface{}, callStr func() string) { +func compareResults( + t *testing.T, + ret bool, + err error, + expectedErr interface{}, + callStr func() string, +) { // different error returned if expectedErr != nil && !errors.As(err, expectedErr) { t.Errorf("%v\nerror %T = %v, wantErr %T", callStr(), err, err, expectedErr) diff --git a/internal/wireguard/wireguard.go b/internal/wireguard/wireguard.go index bb26b69..5722915 100644 --- a/internal/wireguard/wireguard.go +++ b/internal/wireguard/wireguard.go @@ -12,7 +12,10 @@ func GenerateKey() (wgtypes.Key, error) { key, keyErr := wgtypes.GeneratePrivateKey() if keyErr != nil { - return key, &types.WrappedErrorMessage{Message: "failed generating WireGuard key", Err: keyErr} + return key, &types.WrappedErrorMessage{ + Message: "failed generating WireGuard key", + Err: keyErr, + } } return key, nil } |