fix #696

2026-04-26 15:40:00 -07:00 · 2019-12-18 15:44:06 -05:00
parent 9d56677691
commit e143aaa83f
7 changed files with 47 additions and 6 deletions
--- a/irc/utils/crypto.go
+++ b/irc/utils/crypto.go
@@ -8,6 +8,7 @@ import (
 	"crypto/subtle"
 	"encoding/base32"
 	"encoding/base64"
+	"strings"
 )

 var (
@@ -68,3 +69,15 @@ func GenerateSecretKey() string {
 	rand.Read(buf[:])
 	return base64.RawURLEncoding.EncodeToString(buf[:])
 }
+
+func normalizeCertfp(certfp string) string {
+	return strings.ToLower(strings.Replace(certfp, ":", "", -1))
+}
+
+// Convenience to compare certfps as returned by different tools, e.g., openssl vs. oragono
+func CertfpsMatch(storedCertfp, suppliedCertfp string) bool {
+	if storedCertfp == "" {
+		return false
+	}
+	return normalizeCertfp(storedCertfp) == normalizeCertfp(suppliedCertfp)
+}
--- a/irc/utils/crypto_test.go
+++ b/irc/utils/crypto_test.go
@@ -81,3 +81,21 @@ func BenchmarkMungeSecretToken(b *testing.B) {
 		t = MungeSecretToken(t)
 	}
 }
+
+func TestCertfpComparisons(t *testing.T) {
+	opensslFP := "3D:6B:11:BF:B4:05:C3:F8:4B:38:CD:30:38:FB:EC:01:71:D5:03:54:79:04:07:88:4C:A5:5D:23:41:85:66:C9"
+	oragonoFP := "3d6b11bfb405c3f84b38cd3038fbec0171d50354790407884ca55d23418566c9"
+	badFP := "3d6b11bfb405c3f84b38cd3038fbec0171d50354790407884ca55d23418566c8"
+	if !CertfpsMatch(opensslFP, oragonoFP) {
+		t.Error("these certs should match")
+	}
+	if !CertfpsMatch(oragonoFP, opensslFP) {
+		t.Error("these certs should match")
+	}
+	if CertfpsMatch("", "") {
+		t.Error("empty stored certfp should not match empty provided certfp")
+	}
+	if CertfpsMatch(opensslFP, badFP) {
+		t.Error("these certs should not match")
+	}
+}