summaryrefslogtreecommitdiff
path: root/pkg/vpn/bonafide/auth_sip.go
diff options
context:
space:
mode:
authorkali kaneko (leap communications) <kali@leap.se>2020-01-31 12:15:06 -0600
committerkali kaneko (leap communications) <kali@leap.se>2020-08-20 20:27:41 +0200
commit8bb41cff9f47895e00d7773dfd9372a7e17fae59 (patch)
tree8c7658ec44f9df7af01aaf8391c3d66ab1686b4e /pkg/vpn/bonafide/auth_sip.go
parentefdeba8e994669ccd21c50d2b7491905b47a217e (diff)
[refactor] refactor auth files
Diffstat (limited to 'pkg/vpn/bonafide/auth_sip.go')
-rw-r--r--pkg/vpn/bonafide/auth_sip.go59
1 files changed, 28 insertions, 31 deletions
diff --git a/pkg/vpn/bonafide/auth_sip.go b/pkg/vpn/bonafide/auth_sip.go
index 072812f..b7ab0c8 100644
--- a/pkg/vpn/bonafide/auth_sip.go
+++ b/pkg/vpn/bonafide/auth_sip.go
@@ -23,70 +23,67 @@ import (
"strings"
)
-type SipAuthentication struct {
- bonafide *Bonafide
+type sipAuthentication struct {
+ client httpClient
+ authURI string
+ certURI string
}
-func (a *SipAuthentication) GetPemCertificate() ([]byte, error) {
- cred := a.bonafide.credentials
+func (a *sipAuthentication) needsCredentials() bool {
+ return true
+}
+
+func (a *sipAuthentication) getPemCertificate(cred *credentials) ([]byte, error) {
if cred == nil {
return nil, fmt.Errorf("Need bonafide credentials for sip auth")
}
- credJSON, err := formatCredentials(cred.User, cred.Password)
- if err != nil {
- return nil, fmt.Errorf("Cannot encode credentials: %s", err)
- }
- token, err := a.getToken(credJSON)
+ token, err := a.getToken(cred)
if err != nil {
return nil, fmt.Errorf("Error while getting token: %s", err)
}
- cert, err := a.getProtectedCert(string(token))
+ cert, err := a.getProtectedCert(a.certURI, string(token))
if err != nil {
return nil, fmt.Errorf("Error while getting cert: %s", err)
}
return cert, nil
}
-func (a *SipAuthentication) getProtectedCert(token string) ([]byte, error) {
- certURL, err := a.bonafide.GetURL("certv3")
+func (a *sipAuthentication) getToken(cred *credentials) ([]byte, error) {
+ /* TODO
+ [ ] get token from disk?
+ [ ] check if expired? set a goroutine to refresh it periodically?
+ */
+ credJSON, err := formatCredentials(cred.User, cred.Password)
if err != nil {
- return nil, err
+ return nil, fmt.Errorf("Cannot encode credentials: %s", err)
}
- req, err := http.NewRequest("POST", certURL, strings.NewReader(""))
- req.Header.Add("Authorization", fmt.Sprintf("Bearer %s", token))
- resp, err := a.bonafide.client.Do(req)
+ resp, err := http.Post(a.authURI, "text/json", strings.NewReader(credJSON))
if err != nil {
- return nil, fmt.Errorf("Error while getting token: %s", err)
+ return nil, fmt.Errorf("Error on auth request: %v", err)
}
defer resp.Body.Close()
if resp.StatusCode != 200 {
- return nil, fmt.Errorf("Error %d", resp.StatusCode)
+ return nil, fmt.Errorf("Cannot get token: Error %d", resp.StatusCode)
}
return ioutil.ReadAll(resp.Body)
}
-func (a *SipAuthentication) getToken(credJson string) ([]byte, error) {
- /* TODO
- [ ] get token from disk?
- [ ] check if expired? set a goroutine to refresh it periodically?
- */
- authURL, err := a.bonafide.GetURL("auth")
- if err != nil {
- return nil, fmt.Errorf("Error getting auth url")
- }
- resp, err := http.Post(authURL, "text/json", strings.NewReader(credJson))
+func (a *sipAuthentication) getProtectedCert(uri, token string) ([]byte, error) {
+ req, err := http.NewRequest("POST", uri, strings.NewReader(""))
+ req.Header.Add("Authorization", fmt.Sprintf("Bearer %s", token))
+ resp, err := a.client.Do(req)
if err != nil {
- return nil, fmt.Errorf("Error on auth request: %v", err)
+ return nil, fmt.Errorf("Error while getting token: %s", err)
}
defer resp.Body.Close()
if resp.StatusCode != 200 {
- return nil, fmt.Errorf("Cannot get token: Error %d", resp.StatusCode)
+ return nil, fmt.Errorf("Error %d", resp.StatusCode)
}
return ioutil.ReadAll(resp.Body)
}
func formatCredentials(user, pass string) (string, error) {
- c := Credentials{User: user, Password: pass}
+ c := credentials{User: user, Password: pass}
credJSON, err := json.Marshal(c)
if err != nil {
return "", err