diff options
author | kali kaneko (leap communications) <kali@leap.se> | 2020-01-31 12:15:06 -0600 |
---|---|---|
committer | kali kaneko (leap communications) <kali@leap.se> | 2020-08-20 20:27:41 +0200 |
commit | 8bb41cff9f47895e00d7773dfd9372a7e17fae59 (patch) | |
tree | 8c7658ec44f9df7af01aaf8391c3d66ab1686b4e /pkg/vpn/bonafide/bonafide.go | |
parent | efdeba8e994669ccd21c50d2b7491905b47a217e (diff) |
[refactor] refactor auth files
Diffstat (limited to 'pkg/vpn/bonafide/bonafide.go')
-rw-r--r-- | pkg/vpn/bonafide/bonafide.go | 87 |
1 files changed, 59 insertions, 28 deletions
diff --git a/pkg/vpn/bonafide/bonafide.go b/pkg/vpn/bonafide/bonafide.go index 1bc6072..1b48276 100644 --- a/pkg/vpn/bonafide/bonafide.go +++ b/pkg/vpn/bonafide/bonafide.go @@ -19,6 +19,7 @@ import ( "crypto/tls" "crypto/x509" "encoding/json" + "errors" "fmt" "io" "io/ioutil" @@ -48,8 +49,8 @@ type Bonafide struct { client httpClient eip *eipService tzOffsetHours int - auth Authentication - credentials *Credentials + auth authentication + credentials credentials apiURL string } @@ -69,12 +70,6 @@ type httpClient interface { Do(req *http.Request) (*http.Response, error) } -// The Authentication interface allows to get a Certificate in Pem format. -// We implement Anonymous Authentication (Riseup et al), and Sip (Libraries). -type Authentication interface { - GetPemCertificate() ([]byte, error) -} - type geoLocation struct { IPAddress string `json:"ip"` Country string `json:"cc"` @@ -103,44 +98,80 @@ func New() *Bonafide { eip: nil, tzOffsetHours: tzOffsetHours, } - auth := AnonymousAuthentication{b} - b.auth = &auth + switch auth := config.Auth; auth { + case "sip": + log.Println("Client expects sip auth") + b.auth = &sipAuthentication{client, b.getURL("auth"), b.getURL("certv3")} + case "anon": + log.Println("Client expects anon auth") + b.auth = &anonymousAuthentication{client, "", b.getURL("certv3")} + default: + log.Println("Client expects invalid auth", auth) + b.auth = &anonymousAuthentication{client, "", b.getURL("certv3")} + } + return b } -func (b *Bonafide) SetCredentials(username, password string) { - b.credentials = &Credentials{username, password} +func (b *Bonafide) DoLogin(username, password string) (bool, error) { + if !b.auth.needsCredentials() { + return false, errors.New("Auth method does not need login") + } + + cred := credentials{username, password} + b.credentials = cred + + /* TODO keep this in memory */ + _, err := b.auth.getToken(&cred) + if err != nil { + return false, err + } + + return true, nil } -func (b *Bonafide) GetURL(object string) (string, error) { +func (b *Bonafide) checkCredentialsAreSet() bool { + if b.credentials.User == "" || b.credentials.Password == "" { + log.Println("BUG: expected credentials to be set") + return false + } + return true +} + +func (b *Bonafide) GetPemCertificate() ([]byte, error) { + if b.auth == nil { + log.Fatal("ERROR: bonafide did not initialize auth") + } + if b.auth.needsCredentials() { + b.checkCredentialsAreSet() + } + + cert, err := b.auth.getPemCertificate(&b.credentials) + return cert, err +} + +func (b *Bonafide) getURL(object string) string { if b.apiURL == "" { switch object { case "cert": - return certAPI, nil + return certAPI case "certv3": - return certAPI3, nil + return certAPI3 case "auth": - return authAPI, nil + return authAPI } } else { switch object { case "cert": - return b.apiURL + certPathv1, nil + return b.apiURL + certPathv1 case "certv3": - return b.apiURL + certPathv3, nil + return b.apiURL + certPathv3 case "auth": - return b.apiURL + authPathv3, nil + return b.apiURL + authPathv3 } } - return "", fmt.Errorf("ERROR: unknown object for api url") -} - -func (b *Bonafide) GetPemCertificate() ([]byte, error) { - if b.auth == nil { - log.Fatal("ERROR: bonafide did not initialize auth") - } - cert, err := b.auth.GetPemCertificate() - return cert, err + log.Println("BUG: unknown url object") + return "" } func (b *Bonafide) GetGateways(transport string) ([]Gateway, error) { |