diff options
| author | Ruben Pollan <meskio@sindominio.net> | 2020-02-11 13:43:01 +0100 |
|---|---|---|
| committer | kali kaneko (leap communications) <kali@leap.se> | 2020-08-20 20:27:42 +0200 |
| commit | c56df01274a91ff730018dcd6272423a3e1593f0 (patch) | |
| tree | 0650d3b8cb27caff177b7306cc7f27d987824664 /pkg/vpn/bonafide/auth_sip.go | |
| parent | 8bb41cff9f47895e00d7773dfd9372a7e17fae59 (diff) | |
[feat] expose auth API in pkg/vpn
Be able to check if it needs auth and then be able to login. Use the
logged in token for fetching the cert.
Diffstat (limited to 'pkg/vpn/bonafide/auth_sip.go')
| -rw-r--r-- | pkg/vpn/bonafide/auth_sip.go | 34 |
1 files changed, 2 insertions, 32 deletions
diff --git a/pkg/vpn/bonafide/auth_sip.go b/pkg/vpn/bonafide/auth_sip.go index b7ab0c8..1bfef52 100644 --- a/pkg/vpn/bonafide/auth_sip.go +++ b/pkg/vpn/bonafide/auth_sip.go @@ -26,34 +26,18 @@ import ( type sipAuthentication struct { client httpClient authURI string - certURI string } func (a *sipAuthentication) needsCredentials() bool { return true } -func (a *sipAuthentication) getPemCertificate(cred *credentials) ([]byte, error) { - if cred == nil { - return nil, fmt.Errorf("Need bonafide credentials for sip auth") - } - token, err := a.getToken(cred) - if err != nil { - return nil, fmt.Errorf("Error while getting token: %s", err) - } - cert, err := a.getProtectedCert(a.certURI, string(token)) - if err != nil { - return nil, fmt.Errorf("Error while getting cert: %s", err) - } - return cert, nil -} - -func (a *sipAuthentication) getToken(cred *credentials) ([]byte, error) { +func (a *sipAuthentication) getToken(user, password string) ([]byte, error) { /* TODO [ ] get token from disk? [ ] check if expired? set a goroutine to refresh it periodically? */ - credJSON, err := formatCredentials(cred.User, cred.Password) + credJSON, err := formatCredentials(user, password) if err != nil { return nil, fmt.Errorf("Cannot encode credentials: %s", err) } @@ -68,20 +52,6 @@ func (a *sipAuthentication) getToken(cred *credentials) ([]byte, error) { return ioutil.ReadAll(resp.Body) } -func (a *sipAuthentication) getProtectedCert(uri, token string) ([]byte, error) { - req, err := http.NewRequest("POST", uri, strings.NewReader("")) - req.Header.Add("Authorization", fmt.Sprintf("Bearer %s", token)) - resp, err := a.client.Do(req) - if err != nil { - return nil, fmt.Errorf("Error while getting token: %s", err) - } - defer resp.Body.Close() - if resp.StatusCode != 200 { - return nil, fmt.Errorf("Error %d", resp.StatusCode) - } - return ioutil.ReadAll(resp.Body) -} - func formatCredentials(user, pass string) (string, error) { c := credentials{User: user, Password: pass} credJSON, err := json.Marshal(c) |