diff options
| author | jwijenbergh <jeroenwijenbergh@protonmail.com> | 2022-02-09 18:10:09 +0100 |
|---|---|---|
| committer | jwijenbergh <jeroenwijenbergh@protonmail.com> | 2022-04-05 12:26:10 +0200 |
| commit | 23e63807085b13a9b221c3374d05099559583011 (patch) | |
| tree | 61f53f9c8282ba60edba322499a3b68317bc53a7 /src/server.go | |
| parent | 70b4bad8904fe02fe4d783b75c6137ba959363ec (diff) | |
Add signature verification to list retrieval
- Move test data to src
- Verify signatures by calling the Verify method
- Add a customizable parameter to force prehashed signatures
Signed-off-by: jwijenbergh <jeroenwijenbergh@protonmail.com>
Diffstat (limited to 'src/server.go')
| -rw-r--r-- | src/server.go | 56 |
1 files changed, 47 insertions, 9 deletions
diff --git a/src/server.go b/src/server.go index 7973654..314ceae 100644 --- a/src/server.go +++ b/src/server.go @@ -1,4 +1,4 @@ -package eduvpn_discovery +package eduvpn import ( "encoding/json" @@ -36,41 +36,79 @@ type servers struct { } `json:"server_list"` } -// Helper function that gets a disco json -// TODO: Verify signature -func getDiscoJson(jsonFile string, structure interface{}) bool { - url := "https://disco.eduvpn.org/v2/" + jsonFile +func getFileUrl(url string) ([]byte, bool) { // Do a Get request to the specified url resp, reqErr := http.Get(url) if reqErr != nil { fmt.Println("error making request") - return false + return nil, false } + // Close the response body at the end + defer resp.Body.Close() + // Check if http response code is ok + if resp.StatusCode != http.StatusOK { + return nil, false + } // Read the body body, readErr := ioutil.ReadAll(resp.Body) if readErr != nil { fmt.Println("error reading body of request") + return nil, false + } + return body, true +} + +// Helper function that gets a disco json +// TODO: Verify signature +func getDiscoJson(jsonFile string, structure interface{}) bool { + // Get json data + fileUrl := "https://disco.eduvpn.org/v2/" + jsonFile + fileBody, fileSuccess := getFileUrl(fileUrl) + + if !fileSuccess { + fmt.Println("error getting file") + } + + // Get signature + sigUrl := fileUrl + ".minisig" + sigBody, sigSuccess := getFileUrl(sigUrl) + + if !sigSuccess { + fmt.Println("error getting signature") + return false + } + + // Verify signature + // TODO: Handle this by keeping track of the previous sign time + // Wrappers must do this? + var previousSigTime uint64 = 0 + forcePrehash := false + verifySuccess, verifyErr := Verify(string(sigBody), fileBody, jsonFile, previousSigTime, forcePrehash) + + if !verifySuccess || verifyErr != nil { + fmt.Printf("signature is invalid with error: %s\n", verifyErr) return false } // Parse the json using the predefined struct - error := json.Unmarshal([]byte(body), &structure) + error := json.Unmarshal([]byte(fileBody), &structure) if error != nil { fmt.Println("error parsing server json") return false } + return true } // Get the organization list -func getOrganizationList() bool { +func GetOrganizationList() bool { organizations := organizations{} return getDiscoJson("organization_list.json", &organizations) } // Get the server list -func getServerList() bool { +func GetServerList() bool { servers := servers{} return getDiscoJson("server_list.json", &servers) } |