summaryrefslogtreecommitdiff
path: root/pkg/vpn/bonafide/bonafide.go
diff options
context:
space:
mode:
authorkali kaneko (leap communications) <kali@leap.se>2020-01-31 12:15:06 -0600
committerkali kaneko (leap communications) <kali@leap.se>2020-08-20 20:27:41 +0200
commit8bb41cff9f47895e00d7773dfd9372a7e17fae59 (patch)
tree8c7658ec44f9df7af01aaf8391c3d66ab1686b4e /pkg/vpn/bonafide/bonafide.go
parentefdeba8e994669ccd21c50d2b7491905b47a217e (diff)
[refactor] refactor auth files
Diffstat (limited to 'pkg/vpn/bonafide/bonafide.go')
-rw-r--r--pkg/vpn/bonafide/bonafide.go87
1 files changed, 59 insertions, 28 deletions
diff --git a/pkg/vpn/bonafide/bonafide.go b/pkg/vpn/bonafide/bonafide.go
index 1bc6072..1b48276 100644
--- a/pkg/vpn/bonafide/bonafide.go
+++ b/pkg/vpn/bonafide/bonafide.go
@@ -19,6 +19,7 @@ import (
"crypto/tls"
"crypto/x509"
"encoding/json"
+ "errors"
"fmt"
"io"
"io/ioutil"
@@ -48,8 +49,8 @@ type Bonafide struct {
client httpClient
eip *eipService
tzOffsetHours int
- auth Authentication
- credentials *Credentials
+ auth authentication
+ credentials credentials
apiURL string
}
@@ -69,12 +70,6 @@ type httpClient interface {
Do(req *http.Request) (*http.Response, error)
}
-// The Authentication interface allows to get a Certificate in Pem format.
-// We implement Anonymous Authentication (Riseup et al), and Sip (Libraries).
-type Authentication interface {
- GetPemCertificate() ([]byte, error)
-}
-
type geoLocation struct {
IPAddress string `json:"ip"`
Country string `json:"cc"`
@@ -103,44 +98,80 @@ func New() *Bonafide {
eip: nil,
tzOffsetHours: tzOffsetHours,
}
- auth := AnonymousAuthentication{b}
- b.auth = &auth
+ switch auth := config.Auth; auth {
+ case "sip":
+ log.Println("Client expects sip auth")
+ b.auth = &sipAuthentication{client, b.getURL("auth"), b.getURL("certv3")}
+ case "anon":
+ log.Println("Client expects anon auth")
+ b.auth = &anonymousAuthentication{client, "", b.getURL("certv3")}
+ default:
+ log.Println("Client expects invalid auth", auth)
+ b.auth = &anonymousAuthentication{client, "", b.getURL("certv3")}
+ }
+
return b
}
-func (b *Bonafide) SetCredentials(username, password string) {
- b.credentials = &Credentials{username, password}
+func (b *Bonafide) DoLogin(username, password string) (bool, error) {
+ if !b.auth.needsCredentials() {
+ return false, errors.New("Auth method does not need login")
+ }
+
+ cred := credentials{username, password}
+ b.credentials = cred
+
+ /* TODO keep this in memory */
+ _, err := b.auth.getToken(&cred)
+ if err != nil {
+ return false, err
+ }
+
+ return true, nil
}
-func (b *Bonafide) GetURL(object string) (string, error) {
+func (b *Bonafide) checkCredentialsAreSet() bool {
+ if b.credentials.User == "" || b.credentials.Password == "" {
+ log.Println("BUG: expected credentials to be set")
+ return false
+ }
+ return true
+}
+
+func (b *Bonafide) GetPemCertificate() ([]byte, error) {
+ if b.auth == nil {
+ log.Fatal("ERROR: bonafide did not initialize auth")
+ }
+ if b.auth.needsCredentials() {
+ b.checkCredentialsAreSet()
+ }
+
+ cert, err := b.auth.getPemCertificate(&b.credentials)
+ return cert, err
+}
+
+func (b *Bonafide) getURL(object string) string {
if b.apiURL == "" {
switch object {
case "cert":
- return certAPI, nil
+ return certAPI
case "certv3":
- return certAPI3, nil
+ return certAPI3
case "auth":
- return authAPI, nil
+ return authAPI
}
} else {
switch object {
case "cert":
- return b.apiURL + certPathv1, nil
+ return b.apiURL + certPathv1
case "certv3":
- return b.apiURL + certPathv3, nil
+ return b.apiURL + certPathv3
case "auth":
- return b.apiURL + authPathv3, nil
+ return b.apiURL + authPathv3
}
}
- return "", fmt.Errorf("ERROR: unknown object for api url")
-}
-
-func (b *Bonafide) GetPemCertificate() ([]byte, error) {
- if b.auth == nil {
- log.Fatal("ERROR: bonafide did not initialize auth")
- }
- cert, err := b.auth.GetPemCertificate()
- return cert, err
+ log.Println("BUG: unknown url object")
+ return ""
}
func (b *Bonafide) GetGateways(transport string) ([]Gateway, error) {