diff options
author | kali kaneko (leap communications) <kali@leap.se> | 2020-01-31 12:15:06 -0600 |
---|---|---|
committer | kali kaneko (leap communications) <kali@leap.se> | 2020-08-20 20:27:41 +0200 |
commit | 8bb41cff9f47895e00d7773dfd9372a7e17fae59 (patch) | |
tree | 8c7658ec44f9df7af01aaf8391c3d66ab1686b4e /pkg/vpn/bonafide/auth_sip.go | |
parent | efdeba8e994669ccd21c50d2b7491905b47a217e (diff) |
[refactor] refactor auth files
Diffstat (limited to 'pkg/vpn/bonafide/auth_sip.go')
-rw-r--r-- | pkg/vpn/bonafide/auth_sip.go | 59 |
1 files changed, 28 insertions, 31 deletions
diff --git a/pkg/vpn/bonafide/auth_sip.go b/pkg/vpn/bonafide/auth_sip.go index 072812f..b7ab0c8 100644 --- a/pkg/vpn/bonafide/auth_sip.go +++ b/pkg/vpn/bonafide/auth_sip.go @@ -23,70 +23,67 @@ import ( "strings" ) -type SipAuthentication struct { - bonafide *Bonafide +type sipAuthentication struct { + client httpClient + authURI string + certURI string } -func (a *SipAuthentication) GetPemCertificate() ([]byte, error) { - cred := a.bonafide.credentials +func (a *sipAuthentication) needsCredentials() bool { + return true +} + +func (a *sipAuthentication) getPemCertificate(cred *credentials) ([]byte, error) { if cred == nil { return nil, fmt.Errorf("Need bonafide credentials for sip auth") } - credJSON, err := formatCredentials(cred.User, cred.Password) - if err != nil { - return nil, fmt.Errorf("Cannot encode credentials: %s", err) - } - token, err := a.getToken(credJSON) + token, err := a.getToken(cred) if err != nil { return nil, fmt.Errorf("Error while getting token: %s", err) } - cert, err := a.getProtectedCert(string(token)) + cert, err := a.getProtectedCert(a.certURI, string(token)) if err != nil { return nil, fmt.Errorf("Error while getting cert: %s", err) } return cert, nil } -func (a *SipAuthentication) getProtectedCert(token string) ([]byte, error) { - certURL, err := a.bonafide.GetURL("certv3") +func (a *sipAuthentication) getToken(cred *credentials) ([]byte, error) { + /* TODO + [ ] get token from disk? + [ ] check if expired? set a goroutine to refresh it periodically? + */ + credJSON, err := formatCredentials(cred.User, cred.Password) if err != nil { - return nil, err + return nil, fmt.Errorf("Cannot encode credentials: %s", err) } - req, err := http.NewRequest("POST", certURL, strings.NewReader("")) - req.Header.Add("Authorization", fmt.Sprintf("Bearer %s", token)) - resp, err := a.bonafide.client.Do(req) + resp, err := http.Post(a.authURI, "text/json", strings.NewReader(credJSON)) if err != nil { - return nil, fmt.Errorf("Error while getting token: %s", err) + return nil, fmt.Errorf("Error on auth request: %v", err) } defer resp.Body.Close() if resp.StatusCode != 200 { - return nil, fmt.Errorf("Error %d", resp.StatusCode) + return nil, fmt.Errorf("Cannot get token: Error %d", resp.StatusCode) } return ioutil.ReadAll(resp.Body) } -func (a *SipAuthentication) getToken(credJson string) ([]byte, error) { - /* TODO - [ ] get token from disk? - [ ] check if expired? set a goroutine to refresh it periodically? - */ - authURL, err := a.bonafide.GetURL("auth") - if err != nil { - return nil, fmt.Errorf("Error getting auth url") - } - resp, err := http.Post(authURL, "text/json", strings.NewReader(credJson)) +func (a *sipAuthentication) getProtectedCert(uri, token string) ([]byte, error) { + req, err := http.NewRequest("POST", uri, strings.NewReader("")) + req.Header.Add("Authorization", fmt.Sprintf("Bearer %s", token)) + resp, err := a.client.Do(req) if err != nil { - return nil, fmt.Errorf("Error on auth request: %v", err) + return nil, fmt.Errorf("Error while getting token: %s", err) } defer resp.Body.Close() if resp.StatusCode != 200 { - return nil, fmt.Errorf("Cannot get token: Error %d", resp.StatusCode) + return nil, fmt.Errorf("Error %d", resp.StatusCode) } return ioutil.ReadAll(resp.Body) } func formatCredentials(user, pass string) (string, error) { - c := Credentials{User: user, Password: pass} + c := credentials{User: user, Password: pass} credJSON, err := json.Marshal(c) if err != nil { return "", err |