mirror of
https://github.com/jeremyd/ergo.git
synced 2026-07-09 09:58:10 -07:00
+11
-9
@@ -8,12 +8,16 @@ import (
|
||||
"crypto/subtle"
|
||||
"encoding/base32"
|
||||
"encoding/base64"
|
||||
"encoding/hex"
|
||||
"errors"
|
||||
"strings"
|
||||
)
|
||||
|
||||
var (
|
||||
// slingamn's own private b32 alphabet, removing 1, l, o, and 0
|
||||
B32Encoder = base32.NewEncoding("abcdefghijkmnpqrstuvwxyz23456789").WithPadding(base32.NoPadding)
|
||||
|
||||
ErrInvalidCertfp = errors.New("Invalid certfp")
|
||||
)
|
||||
|
||||
const (
|
||||
@@ -70,14 +74,12 @@ func GenerateSecretKey() string {
|
||||
return base64.RawURLEncoding.EncodeToString(buf[:])
|
||||
}
|
||||
|
||||
func normalizeCertfp(certfp string) string {
|
||||
return strings.ToLower(strings.Replace(certfp, ":", "", -1))
|
||||
}
|
||||
|
||||
// Convenience to compare certfps as returned by different tools, e.g., openssl vs. oragono
|
||||
func CertfpsMatch(storedCertfp, suppliedCertfp string) bool {
|
||||
if storedCertfp == "" {
|
||||
return false
|
||||
// Normalize openssl-formatted certfp's to oragono's format
|
||||
func NormalizeCertfp(certfp string) (result string, err error) {
|
||||
result = strings.ToLower(strings.Replace(certfp, ":", "", -1))
|
||||
decoded, err := hex.DecodeString(result)
|
||||
if err != nil || len(decoded) != 32 {
|
||||
return "", ErrInvalidCertfp
|
||||
}
|
||||
return normalizeCertfp(storedCertfp) == normalizeCertfp(suppliedCertfp)
|
||||
return
|
||||
}
|
||||
|
||||
+17
-11
@@ -85,17 +85,23 @@ func BenchmarkMungeSecretToken(b *testing.B) {
|
||||
func TestCertfpComparisons(t *testing.T) {
|
||||
opensslFP := "3D:6B:11:BF:B4:05:C3:F8:4B:38:CD:30:38:FB:EC:01:71:D5:03:54:79:04:07:88:4C:A5:5D:23:41:85:66:C9"
|
||||
oragonoFP := "3d6b11bfb405c3f84b38cd3038fbec0171d50354790407884ca55d23418566c9"
|
||||
badFP := "3d6b11bfb405c3f84b38cd3038fbec0171d50354790407884ca55d23418566c8"
|
||||
if !CertfpsMatch(opensslFP, oragonoFP) {
|
||||
t.Error("these certs should match")
|
||||
badFP := "3d6b11bfb405c3f84b38cd3038fbec0171d50354790407884ca55d23418566c"
|
||||
badFP2 := "*"
|
||||
|
||||
normalizedOpenssl, err := NormalizeCertfp(opensslFP)
|
||||
assertEqual(err, nil, t)
|
||||
assertEqual(normalizedOpenssl, oragonoFP, t)
|
||||
|
||||
normalizedOragono, err := NormalizeCertfp(oragonoFP)
|
||||
assertEqual(err, nil, t)
|
||||
assertEqual(normalizedOragono, oragonoFP, t)
|
||||
|
||||
_, err = NormalizeCertfp(badFP)
|
||||
if err == nil {
|
||||
t.Errorf("corrupt fp should fail normalization")
|
||||
}
|
||||
if !CertfpsMatch(oragonoFP, opensslFP) {
|
||||
t.Error("these certs should match")
|
||||
}
|
||||
if CertfpsMatch("", "") {
|
||||
t.Error("empty stored certfp should not match empty provided certfp")
|
||||
}
|
||||
if CertfpsMatch(opensslFP, badFP) {
|
||||
t.Error("these certs should not match")
|
||||
_, err = NormalizeCertfp(badFP2)
|
||||
if err == nil {
|
||||
t.Errorf("corrupt fp should fail normalization")
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user