feature: Gets signing server and client infrastructure working.
This commit is contained in:
imterah
parent
a5e479cc0c
commit
e527413faf
GPG key ID:
8FA7DD57BA6CEA37
13 changed files with 865 additions and 62 deletions
|
|
@ -6,25 +6,11 @@ import (
|
|||
"github.com/ProtonMail/gopenpgp/v3/crypto"
|
||||
)
|
||||
|
||||
// Checks to see if a certificate is trusted in the client cache.
|
||||
//
|
||||
// - `host`: The host of the server.
|
||||
// - `certificateFingerprint`: A fingerprint of the servers key.
|
||||
// - `isSelfSigned`: If true, the certificate is either actually self-signed, or
|
||||
// verification is dsabled (CheckIfCertificatesAreSigned in BismuthClient is false)
|
||||
// - `isTrustworthy`: If true, the certificate is signed by 51% of peers.
|
||||
type CertCheckCallback func(host, certificateFingerprint string, isSelfSigned, isTrustworthy bool) bool
|
||||
|
||||
// Connects to a server using a provided method, with host being the host:
|
||||
//
|
||||
// OwnConnMethodCallback("google.com:80")
|
||||
type OwnConnMethodCallback func(address string) (net.Conn, error)
|
||||
|
||||
// Bismuth Client
|
||||
type BismuthClient struct {
|
||||
// GOpenPGP public key
|
||||
// GOpenPGP public key for the client
|
||||
PublicKey *crypto.Key
|
||||
// GOpenPGP private key
|
||||
// GOpenPGP private key for the client
|
||||
PrivateKey *crypto.Key
|
||||
|
||||
// Check if the certificates are signed if enabled.
|
||||
|
|
@ -34,13 +20,72 @@ type BismuthClient struct {
|
|||
// If false, all certificates will be reported as being self signed because we can't
|
||||
// really prove otherwise.
|
||||
CheckIfCertificatesAreSigned bool
|
||||
// Checks to see if a certificate is trusted in the client cache.
|
||||
// See CertCheckCallback for more typing information.
|
||||
CertificateSignChecker CertCheckCallback
|
||||
|
||||
// Connects to a server (used for CheckIfCertificatesAreSigned if enabled/set to true).
|
||||
ConnectToServer OwnConnMethodCallback
|
||||
// Checks to see if a certificate is trusted in the client cache.
|
||||
//
|
||||
// - `host`: The host of the server.
|
||||
// - `certificateFingerprint`: A fingerprint of the servers key.
|
||||
// - `isSelfSigned`: If true, the certificate is either actually self-signed, or
|
||||
// verification is dsabled (CheckIfCertificatesAreSigned in BismuthClient is false)
|
||||
// - `isTrustworthy`: If true, the certificate is signed by 51% or more of peers.
|
||||
//
|
||||
// This function will only be called if client.CheckIfCertificatesAreSigned is true.
|
||||
//
|
||||
// Example usage inside the Bismuth client source:
|
||||
// client.CertificateSignChecker("example.com:9090", "6c5eaff6f5c65e65e6f6ce6fc", false, true)
|
||||
CertificateSignChecker func(host, certificateFingerprint string, isSelfSigned, isTrustworthy bool) bool
|
||||
|
||||
// If any certificates are false in the certificate cache, and the client has determined that
|
||||
// they may need to be added, this function will get called.
|
||||
//
|
||||
// All of the certificates that will be called by this function in arguments are ones that
|
||||
// client.CertificateSignChecker has reported to be untrustworthy, but not all untrustworthy
|
||||
// certificates will be reported, as they can be trusted by future nodes that you have already
|
||||
// trusted.
|
||||
//
|
||||
// This function will only be called if client.CheckIfCertificatesAreSigned is true.
|
||||
AddCertificatesToSignCache func(certificates []*BismuthCertificates)
|
||||
|
||||
// Connects to a server.
|
||||
// This function will only be called if client.CheckIfCertificatesAreSigned is true.
|
||||
//
|
||||
// client.ConnectToServer("google.com:80")
|
||||
ConnectToServer func(address string) (net.Conn, error)
|
||||
|
||||
// GopenPGP instance
|
||||
pgp *crypto.PGPHandle
|
||||
}
|
||||
|
||||
// Sign result data for the node
|
||||
type BismuthSignResultData struct {
|
||||
// Future node pointers in the tree
|
||||
ChildNodes []*BismuthSignResultData
|
||||
|
||||
// If true, the server is already trusting this node
|
||||
IsTrustingAlready bool
|
||||
// If true, server is trusting the previous server
|
||||
IsTrustingRootServer bool
|
||||
}
|
||||
|
||||
type BismuthSignResults struct {
|
||||
// Overall trust score calculated
|
||||
OverallTrustScore int
|
||||
// Parent node in tree for sign results
|
||||
Node *BismuthSignResultData
|
||||
|
||||
// GopenPGP public key
|
||||
ServerPublicKey *crypto.Key
|
||||
}
|
||||
|
||||
type BismuthCertificates struct {
|
||||
// The host of the server
|
||||
host string
|
||||
// A fingerprint of the servers key
|
||||
certificateFingerprint string
|
||||
// Certificate UserID
|
||||
certificateUsername string
|
||||
certificateMail string
|
||||
|
||||
// If true, the certificate is self signed
|
||||
isSelfSigned bool
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue