diff options
author | kali kaneko (leap communications) <kali@leap.se> | 2020-01-27 20:44:34 -0600 |
---|---|---|
committer | kali kaneko (leap communications) <kali@leap.se> | 2020-08-20 20:27:26 +0200 |
commit | c236dfcfdd60ea700e5f50ed2568398cd161dd4c (patch) | |
tree | db298b28716a25012dc8806afd402b6454b2b37b /pkg/vpn/bonafide/auth_sip.go | |
parent | 7c4a4f5ae0c02f57eb9073fa8f412a38b8f79363 (diff) |
[feat] add sip authentication
initial merge of the sip authentication mechanism
Diffstat (limited to 'pkg/vpn/bonafide/auth_sip.go')
-rw-r--r-- | pkg/vpn/bonafide/auth_sip.go | 88 |
1 files changed, 88 insertions, 0 deletions
diff --git a/pkg/vpn/bonafide/auth_sip.go b/pkg/vpn/bonafide/auth_sip.go new file mode 100644 index 0000000..d8ebedb --- /dev/null +++ b/pkg/vpn/bonafide/auth_sip.go @@ -0,0 +1,88 @@ +// Copyright (C) 2018 LEAP +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see <http://www.gnu.org/licenses/>. + +package bonafide + +import ( + "encoding/json" + "fmt" + "io/ioutil" + "log" + "net/http" + "strings" +) + +type SipAuthentication struct { + bonafide *Bonafide +} + +func (a *SipAuthentication) GetPemCertificate() ([]byte, error) { + cred := a.bonafide.credentials + if cred == nil { + return nil, fmt.Errorf("Need bonafide credentials for sip auth") + } + credJson, err := formatCredentials(cred.User, cred.Password) + if err != nil { + return nil, fmt.Errorf("Cannot encode credentials: %s", err) + } + token, err := a.getToken(credJson) + if err != nil { + return nil, fmt.Errorf("Error while getting token: %s", err) + } + cert, err := a.getProtectedCert(string(token)) + if err != nil { + return nil, fmt.Errorf("Error while getting cert: %s", err) + } + return cert, nil +} + +func (a *SipAuthentication) getProtectedCert(token string) ([]byte, error) { + req, err := http.NewRequest("POST", certAPI, strings.NewReader("")) + req.Header.Add("Authorization", fmt.Sprintf("Bearer %s", token)) + resp, err := a.bonafide.client.Do(req) + if err != nil { + return nil, fmt.Errorf("Error while getting token: %s", err) + } + defer resp.Body.Close() + if resp.StatusCode != 200 { + return nil, fmt.Errorf("Cannot get cert: Error %d", resp.StatusCode) + } + return ioutil.ReadAll(resp.Body) +} + +func (a *SipAuthentication) getToken(credJson string) ([]byte, error) { + /* TODO + [ ] get token from disk? + [ ] check if expired? set a goroutine to refresh it periodically? + */ + resp, err := http.Post(authAPI, "text/json", strings.NewReader(credJson)) + if err != nil { + log.Fatal("Error on auth request: ", err) + } + defer resp.Body.Close() + if resp.StatusCode != 200 { + return nil, fmt.Errorf("Cannot get token: Error %d", resp.StatusCode) + } + return ioutil.ReadAll(resp.Body) +} + +func formatCredentials(user, pass string) (string, error) { + c := Credentials{User: user, Password: pass} + credJson, err := json.Marshal(c) + if err != nil { + return "", err + } + return string(credJson), nil +} |