[debug] improve error handling for geolocation

author: kali kaneko (leap communications) <kali@leap.se> 2020-08-19 17:40:36 +0200
committer: kali kaneko (leap communications) <kali@leap.se> 2020-08-20 20:27:47 +0200
commit: 709220836e10f559a11c2b70177f6d58d9b7a0a1 (patch)
tree: 17edf8c6d0d20e133f5dcb2747ea4dc35533a4ea /pkg
parent: b9cae0b715ce34cfb0b7f85f023c31ef8ddd54d3 (diff)
5 files changed, 70 insertions, 24 deletions
diff --git a/pkg/config/config.go b/pkg/config/config.go
index f3f9e6e..e799176 100644
--- a/pkg/config/config.go
+++ b/pkg/config/config.go
@@ -1,22 +1,22 @@
 // Code generated by go generate; DO NOT EDIT.
 // This file was generated by vendorize.py
-// At 2020-08-15 20:39:01
+// At 2020-08-19 17:38:43
 
 package config
 
 /* All these constants are defined in the vendor.conf file
  */
 const (
-	Provider        = "vpnlib.bitmask.net"
-	ApplicationName = "DemoLib"
-	BinaryName      = "demo-lib"
-	Auth            = "sip"
-	DonateURL       = ""
-	AskForDonations = "false"
-	HelpURL         = "https://libraryvpn.org/"
-	TosURL          = "https://libraryvpn.org/"
-	APIURL          = "https://api.vpnlib.bitmask.net:4430/"
-	GeolocationAPI  = "https://getmyip.vpnlib.bitmask.net/"
+	Provider        = "riseup.net"
+	ApplicationName = "RiseupVPN"
+	BinaryName      = "riseup-vpn"
+	Auth            = "anon"
+	DonateURL       = "https://riseup.net/vpn/donate"
+	AskForDonations = "true"
+	HelpURL         = "https://riseup.net/support"
+	TosURL          = "https://riseup.net/tos"
+	APIURL          = "https://api.black.riseup.net/"
+	GeolocationAPI  = "https://api.black.riseup.net:9001/json"
 )
 
 var Version string
@@ -29,11 +29,34 @@ CaCert : a string containing a representation of the provider CA, used to
 
 */
 var CaCert = []byte(`-----BEGIN CERTIFICATE-----
-MIIBQzCB6aADAgECAgEBMAoGCCqGSM49BAMCMBcxFTATBgNVBAMTDExFQVAgUm9v
-dCBDQTAeFw0yMDA4MDYxOTA3NDRaFw0yNTA4MDYxOTEyNDRaMBcxFTATBgNVBAMT
-DExFQVAgUm9vdCBDQTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABIG5POr4cAdK
-kTavKpSJr8nW1V7HLpr27qKaShpk1TUy5ipaAlusmavGLxKsPE+i3AMlvf/f6ch3
-1MjAtIf5rYujJjAkMA4GA1UdDwEB/wQEAwICpDASBgNVHRMBAf8ECDAGAQH/AgEB
-MAoGCCqGSM49BAMCA0kAMEYCIQDXj280LNZbSbi0Y2WvtQrJBUw4wdm8qAeOeuH7
-6XiLEwIhAPBRsmst/ujcChsG2t6LpG+p8s4rfIfh8YLo/4qrcc5p
+MIIFjTCCA3WgAwIBAgIBATANBgkqhkiG9w0BAQ0FADBZMRgwFgYDVQQKDA9SaXNl
+dXAgTmV0d29ya3MxGzAZBgNVBAsMEmh0dHBzOi8vcmlzZXVwLm5ldDEgMB4GA1UE
+AwwXUmlzZXVwIE5ldHdvcmtzIFJvb3QgQ0EwHhcNMTQwNDI4MDAwMDAwWhcNMjQw
+NDI4MDAwMDAwWjBZMRgwFgYDVQQKDA9SaXNldXAgTmV0d29ya3MxGzAZBgNVBAsM
+Emh0dHBzOi8vcmlzZXVwLm5ldDEgMB4GA1UEAwwXUmlzZXVwIE5ldHdvcmtzIFJv
+b3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC76J4ciMJ8Sg0m
+TP7DF2DT9zNe0Csk4myoMFC57rfJeqsAlJCv1XMzBmXrw8wq/9z7XHv6n/0sWU7a
+7cF2hLR33ktjwODlx7vorU39/lXLndo492ZBhXQtG1INMShyv+nlmzO6GT7ESfNE
+LliFitEzwIegpMqxCIHXFuobGSCWF4N0qLHkq/SYUMoOJ96O3hmPSl1kFDRMtWXY
+iw1SEKjUvpyDJpVs3NGxeLCaA7bAWhDY5s5Yb2fA1o8ICAqhowurowJpW7n5ZuLK
+5VNTlNy6nZpkjt1QycYvNycffyPOFm/Q/RKDlvnorJIrihPkyniV3YY5cGgP+Qkx
+HUOT0uLA6LHtzfiyaOqkXwc4b0ZcQD5Vbf6Prd20Ppt6ei0zazkUPwxld3hgyw58
+m/4UIjG3PInWTNf293GngK2Bnz8Qx9e/6TueMSAn/3JBLem56E0WtmbLVjvko+LF
+PM5xA+m0BmuSJtrD1MUCXMhqYTtiOvgLBlUm5zkNxALzG+cXB28k6XikXt6MRG7q
+hzIPG38zwkooM55yy5i1YfcIi5NjMH6A+t4IJxxwb67MSb6UFOwg5kFokdONZcwj
+shczHdG9gLKSBIvrKa03Nd3W2dF9hMbRu//STcQxOailDBQCnXXfAATj9pYzdY4k
+ha8VCAREGAKTDAex9oXf1yRuktES4QIDAQABo2AwXjAdBgNVHQ4EFgQUC4tdmLVu
+f9hwfK4AGliaet5KkcgwDgYDVR0PAQH/BAQDAgIEMAwGA1UdEwQFMAMBAf8wHwYD
+VR0jBBgwFoAUC4tdmLVuf9hwfK4AGliaet5KkcgwDQYJKoZIhvcNAQENBQADggIB
+AGzL+GRnYu99zFoy0bXJKOGCF5XUXP/3gIXPRDqQf5g7Cu/jYMID9dB3No4Zmf7v
+qHjiSXiS8jx1j/6/Luk6PpFbT7QYm4QLs1f4BlfZOti2KE8r7KRDPIecUsUXW6P/
+3GJAVYH/+7OjA39za9AieM7+H5BELGccGrM5wfl7JeEz8in+V2ZWDzHQO4hMkiTQ
+4ZckuaL201F68YpiItBNnJ9N5nHr1MRiGyApHmLXY/wvlrOpclh95qn+lG6/2jk7
+3AmihLOKYMlPwPakJg4PYczm3icFLgTpjV5sq2md9bRyAg3oPGfAuWHmKj2Ikqch
+Td5CHKGxEEWbGUWEMP0s1A/JHWiCbDigc4Cfxhy56CWG4q0tYtnc2GMw8OAUO6Wf
+Xu5pYKNkzKSEtT/MrNJt44tTZWbKV/Pi/N2Fx36my7TgTUj7g3xcE9eF4JV2H/sg
+tsK3pwE0FEqGnT4qMFbixQmc8bGyuakr23wjMvfO7eZUxBuWYR2SkcP26sozF9PF
+tGhbZHQVGZUTVPyvwahMUEhbPGVerOW0IYpxkm0x/eaWdTc4vPpf/rIlgbAjarnJ
+UN9SaWRlWKSdP4haujnzCoJbM7dU9bjvlGZNyXEekgeT0W2qFeGGp+yyUWw8tNsp
+0BuC1b7uW/bBn/xKm319wXVDvBgZgcktMolak39V7DVO
 -----END CERTIFICATE-----`)
diff --git a/pkg/vpn/bonafide/auth_sip.go b/pkg/vpn/bonafide/auth_sip.go
index e00252f..0c8ee4f 100644
--- a/pkg/vpn/bonafide/auth_sip.go
+++ b/pkg/vpn/bonafide/auth_sip.go
@@ -40,7 +40,6 @@ func (a *sipAuthentication) needsCredentials() bool {
 func (a *sipAuthentication) getToken(user, password string) ([]byte, error) {
 	/* TODO refresh session token periodically */
 	if hasRecentToken() {
-		log.Println("Got cached token")
 		return readToken()
 	}
 	credJSON, err := formatCredentials(user, password)
diff --git a/pkg/vpn/bonafide/bonafide.go b/pkg/vpn/bonafide/bonafide.go
index b81fd84..9963448 100644
--- a/pkg/vpn/bonafide/bonafide.go
+++ b/pkg/vpn/bonafide/bonafide.go
@@ -232,23 +232,36 @@ func (b *Bonafide) GetOpenvpnArgs() ([]string, error) {
 }
 
 func (b *Bonafide) fetchGeolocation() ([]string, error) {
+	/* FIXME in float deployments, geolocation is served on gemyip.domain/json, with a LE certificate.
+	So this is a workaround until we streamline that behavior */
 	resp, err := b.client.Post(config.GeolocationAPI, "", nil)
 	if err != nil {
-		return nil, err
+		client := &http.Client{}
+		_resp, err := client.Post(config.GeolocationAPI, "", nil)
+		if err != nil {
+			log.Println("ERROR: could not fetch geolocation:", fmt.Errorf("%s", err))
+			return nil, err
+		}
+		resp = _resp
 	}
+
 	defer resp.Body.Close()
 	if resp.StatusCode != 200 {
-		return nil, fmt.Errorf("get geolocation failed with status: %s", resp.Status)
+		log.Println("ERROR: bad status code while fetching geolocation:", fmt.Errorf("%s", resp.Status))
+		return nil, fmt.Errorf("Get geolocation failed with status: %s", resp.Status)
 	}
 
 	geo := &geoLocation{}
 	dataJSON, err := ioutil.ReadAll(resp.Body)
 	err = json.Unmarshal(dataJSON, &geo)
 	if err != nil {
-		_ = fmt.Errorf("get vpn cert has failed with status: %s", resp.Status)
+		log.Println("ERROR: cannot parse geolocation json", fmt.Errorf("%s", err))
+		log.Println(string(dataJSON))
+		_ = fmt.Errorf("bad json")
 		return nil, err
 	}
 
+	log.Println("Got sorted gateways:", geo.SortedGateways)
 	return geo.SortedGateways, nil
 
 }
diff --git a/pkg/vpn/bonafide/eip_service.go b/pkg/vpn/bonafide/eip_service.go
index ff73da9..49f4bb1 100644
--- a/pkg/vpn/bonafide/eip_service.go
+++ b/pkg/vpn/bonafide/eip_service.go
@@ -214,6 +214,7 @@ func (eip *eipService) sortGatewaysByGeolocation(geolocatedGateways []string) {
 			}
 		}
 	}
+
 	for _, host := range geolocatedGateways {
 		for _, gw := range eip.Gateways {
 			if gw.Host == host {
@@ -221,7 +222,17 @@ func (eip *eipService) sortGatewaysByGeolocation(geolocatedGateways []string) {
 			}
 		}
 	}
-	eip.Gateways = gws
+
+	if len(gws) == 0 {
+		log.Println("ERROR: avoiding to replace eip.Gateways will null list. Is the geolocation service properly configured?")
+	} else {
+		if len(gws) > 2 {
+			eip.Gateways = gws[:3]
+		} else {
+			eip.Gateways = gws
+		}
+		log.Println("Picked best gateways for location:", eip.Gateways)
+	}
 }
 
 type gatewayDistance struct {
diff --git a/pkg/vpn/openvpn.go b/pkg/vpn/openvpn.go
index 6055e6a..4997a34 100644
--- a/pkg/vpn/openvpn.go
+++ b/pkg/vpn/openvpn.go
@@ -158,7 +158,7 @@ func (b *Bitmask) getCert() (certPath string, err error) {
 	certPath = b.getCertPemPath()
 
 	if _, err := os.Stat(certPath); os.IsNotExist(err) {
-		log.Println("Cert does not exist in ", certPath, "...fetching")
+		log.Println("Fetching certificate to", certPath)
 		cert, err := b.bonafide.GetPemCertificate()
 		if err != nil {
 			return "", err
author	kali kaneko (leap communications) <kali@leap.se>	2020-08-19 17:40:36 +0200
committer	kali kaneko (leap communications) <kali@leap.se>	2020-08-20 20:27:47 +0200
commit	709220836e10f559a11c2b70177f6d58d9b7a0a1 (patch)
tree	17edf8c6d0d20e133f5dcb2747ea4dc35533a4ea /pkg
parent	b9cae0b715ce34cfb0b7f85f023c31ef8ddd54d3 (diff)