choore: Prepares support for certificate validation in client.
This commit is contained in:
greysoh
parent
8eb9bb3cee
commit
a977e69aef
GPG key ID:
8FA7DD57BA6CEA37
1 changed files with 59 additions and 3 deletions
|
|
@ -41,6 +41,20 @@ func (bismuth BismuthClient) decryptMessage(aead cipher.AEAD, encMsg []byte) ([]
|
|||
return decryptedData, nil
|
||||
}
|
||||
|
||||
// Checks to see if a certificate is trusted in the client cache.
|
||||
//
|
||||
// - `host`: The host of the server.
|
||||
// - `certificateFingerprint`: A fingerprint of the servers key.
|
||||
// - `isSelfSigned`: If true, the certificate is either actually self-signed, or
|
||||
// verification is dsabled (CheckIfCertificatesAreSigned in BismuthClient is false)
|
||||
// - `isTrustworthy`: If true, the certificate is signed by 51% of peers.
|
||||
type CertCheckCallback func(host, certificateFingerprint string, isSelfSigned, isTrustworthy bool) bool
|
||||
|
||||
// Connects to a server using a provided method, with host being the host:
|
||||
//
|
||||
// OwnConnMethodCallback("google.com:80")
|
||||
type OwnConnMethodCallback func(address string) (net.Conn, error)
|
||||
|
||||
// Bismuth Client
|
||||
type BismuthClient struct {
|
||||
// GOpenPGP public key
|
||||
|
|
@ -48,9 +62,48 @@ type BismuthClient struct {
|
|||
// GOpenPGP private key
|
||||
PrivateKey *crypto.Key
|
||||
|
||||
// Check if the certificates are signed if enabled.
|
||||
//
|
||||
// If true, "cross-verifies" the server to make sure the certificates are signed.
|
||||
//
|
||||
// If false, all certificates will be reported as being self signed because we can't
|
||||
// really prove otherwise.
|
||||
CheckIfCertificatesAreSigned bool
|
||||
// Checks to see if a certificate is trusted in the client cache.
|
||||
// See CertCheckCallback for more typing information.
|
||||
CertificateSignChecker CertCheckCallback
|
||||
|
||||
// Connects to a server (used for CheckIfCertificatesAreSigned if enabled/set to true).
|
||||
ConnectToServer OwnConnMethodCallback
|
||||
|
||||
// GopenPGP instance
|
||||
pgp *crypto.PGPHandle
|
||||
}
|
||||
|
||||
// Initializes the client. Should be done automatically if you call New()
|
||||
//
|
||||
// If you don't call client.New(), you *MUST* call this function before running bismuth.Conn().
|
||||
func (bismuth *BismuthClient) InitializeClient() error {
|
||||
if bismuth.pgp == nil {
|
||||
bismuth.pgp = crypto.PGP()
|
||||
}
|
||||
|
||||
if bismuth.CertificateSignChecker == nil {
|
||||
bismuth.CertificateSignChecker = func(host, certificateFingerprint string, isSelfSigned, isTrustworthy bool) bool {
|
||||
fmt.Println("WARNING: Using stub CertificateSignChecker. Returing true and ignoring arguments")
|
||||
return true
|
||||
}
|
||||
}
|
||||
|
||||
if bismuth.ConnectToServer == nil {
|
||||
bismuth.ConnectToServer = func(address string) (net.Conn, error) {
|
||||
return net.Dial("tcp", address)
|
||||
}
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// Connects to a Bismuth server. This wraps an existing net.Conn interface.
|
||||
// The returned net.Conn is the server, but over bismuth.
|
||||
func (bismuth BismuthClient) Conn(conn net.Conn) (net.Conn, error) {
|
||||
|
|
@ -204,12 +257,15 @@ func New(pubKey string, privKey string) (*BismuthClient, error) {
|
|||
return nil, err
|
||||
}
|
||||
|
||||
pgp := crypto.PGP()
|
||||
|
||||
bismuth := BismuthClient{
|
||||
PublicKey: publicKey,
|
||||
PrivateKey: privateKey,
|
||||
pgp: pgp,
|
||||
}
|
||||
|
||||
err = bismuth.InitializeClient()
|
||||
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return &bismuth, nil
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue