summaryrefslogtreecommitdiff
path: root/pkg/vpn/bonafide/bonafide.go
diff options
context:
space:
mode:
authorkali kaneko (leap communications) <kali@leap.se>2020-06-12 20:35:48 +0200
committerkali kaneko (leap communications) <kali@leap.se>2020-06-12 20:35:48 +0200
commit4faad2cda4938806126c482c7f93b640d68b9fe8 (patch)
treee475b65a59ecdfac09bedc7b2ae380736de09c16 /pkg/vpn/bonafide/bonafide.go
parent0ac0afaaf312a02af01d1c307ecf9b5915f40b0d (diff)
[refactor] rename standalone to just vpn
Diffstat (limited to 'pkg/vpn/bonafide/bonafide.go')
-rw-r--r--pkg/vpn/bonafide/bonafide.go166
1 files changed, 166 insertions, 0 deletions
diff --git a/pkg/vpn/bonafide/bonafide.go b/pkg/vpn/bonafide/bonafide.go
new file mode 100644
index 0000000..fd32f2a
--- /dev/null
+++ b/pkg/vpn/bonafide/bonafide.go
@@ -0,0 +1,166 @@
+// Copyright (C) 2018 LEAP
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+package bonafide
+
+import (
+ "crypto/tls"
+ "crypto/x509"
+ "encoding/json"
+ "fmt"
+ "io"
+ "io/ioutil"
+ "log"
+ "net/http"
+ "time"
+
+ "0xacab.org/leap/bitmask-vpn/pkg/config"
+)
+
+const (
+ certAPI = config.APIURL + "1/cert"
+ certAPI3 = config.APIURL + "3/cert"
+ secondsPerHour = 60 * 60
+ retryFetchJSONSeconds = 15
+)
+
+type Bonafide struct {
+ client httpClient
+ eip *eipService
+ tzOffsetHours int
+}
+
+type Gateway struct {
+ Host string
+ IPAddress string
+ Location string
+ Ports []string
+ Protocols []string
+ Options map[string]string
+}
+
+type openvpnConfig map[string]interface{}
+
+type httpClient interface {
+ Post(url, contentType string, body io.Reader) (resp *http.Response, err error)
+}
+
+type geoLocation struct {
+ IPAddress string `json:"ip"`
+ Country string `json:"cc"`
+ City string `json:"city"`
+ Latitude float64 `json:"lat"`
+ Longitude float64 `json:"lon"`
+ SortedGateways []string `json:"gateways"`
+}
+
+func New() *Bonafide {
+ certs := x509.NewCertPool()
+ certs.AppendCertsFromPEM(config.CaCert)
+ client := &http.Client{
+ Transport: &http.Transport{
+ TLSClientConfig: &tls.Config{
+ RootCAs: certs,
+ },
+ },
+ }
+ _, tzOffsetSeconds := time.Now().Zone()
+ tzOffsetHours := tzOffsetSeconds / secondsPerHour
+
+ return &Bonafide{
+ client: client,
+ eip: nil,
+ tzOffsetHours: tzOffsetHours,
+ }
+}
+
+func (b *Bonafide) GetCertPem() ([]byte, error) {
+ resp, err := b.client.Post(certAPI, "", nil)
+ if err != nil {
+ return nil, err
+ }
+ defer resp.Body.Close()
+ if resp.StatusCode == 404 {
+ resp, err = b.client.Post(certAPI3, "", nil)
+ if err != nil {
+ return nil, err
+ }
+ defer resp.Body.Close()
+ }
+ if resp.StatusCode != 200 {
+ return nil, fmt.Errorf("get vpn cert has failed with status: %s", resp.Status)
+ }
+
+ return ioutil.ReadAll(resp.Body)
+}
+
+func (b *Bonafide) GetGateways(transport string) ([]Gateway, error) {
+ if b.eip == nil {
+ err := b.fetchEipJSON()
+ if err != nil {
+ return nil, err
+ }
+ }
+
+ return b.eip.getGateways(transport), nil
+}
+
+func (b *Bonafide) SetDefaultGateway(name string) {
+ b.eip.setDefaultGateway(name)
+ b.sortGateways()
+}
+
+func (b *Bonafide) GetOpenvpnArgs() ([]string, error) {
+ if b.eip == nil {
+ err := b.fetchEipJSON()
+ if err != nil {
+ return nil, err
+ }
+ }
+ return b.eip.getOpenvpnArgs(), nil
+}
+
+func (b *Bonafide) fetchGeolocation() ([]string, error) {
+ resp, err := b.client.Post(config.GeolocationAPI, "", nil)
+ if err != nil {
+ return nil, err
+ }
+ defer resp.Body.Close()
+ if resp.StatusCode != 200 {
+ return nil, fmt.Errorf("get geolocation failed with status: %s", resp.Status)
+ }
+
+ geo := &geoLocation{}
+ dataJSON, err := ioutil.ReadAll(resp.Body)
+ err = json.Unmarshal(dataJSON, &geo)
+ if err != nil {
+ _ = fmt.Errorf("get vpn cert has failed with status: %s", resp.Status)
+ return nil, err
+ }
+
+ return geo.SortedGateways, nil
+
+}
+
+func (b *Bonafide) sortGateways() {
+ geolocatedGateways, _ := b.fetchGeolocation()
+
+ if len(geolocatedGateways) > 0 {
+ b.eip.sortGatewaysByGeolocation(geolocatedGateways)
+ } else {
+ log.Printf("Falling back to timezone heuristic for gateway selection")
+ b.eip.sortGatewaysByTimezone(b.tzOffsetHours)
+ }
+}