diff options
author | Ruben Pollan <meskio@sindominio.net> | 2018-06-25 18:39:49 +0200 |
---|---|---|
committer | Ruben Pollan <meskio@sindominio.net> | 2018-06-25 18:47:08 +0200 |
commit | e24355110a908af9fc95ac0fd4c2754562a125ec (patch) | |
tree | 287fc23470378d75d7fd7c374e57d8e28a97666e /standalone/bonafide.go | |
parent | 3a27fa8dd3da90897b6bc7f8a035f1325313e4ac (diff) |
[feat] rename bitmask_go to standalone
Diffstat (limited to 'standalone/bonafide.go')
-rw-r--r-- | standalone/bonafide.go | 231 |
1 files changed, 231 insertions, 0 deletions
diff --git a/standalone/bonafide.go b/standalone/bonafide.go new file mode 100644 index 0000000..449383e --- /dev/null +++ b/standalone/bonafide.go @@ -0,0 +1,231 @@ +// Copyright (C) 2018 LEAP +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see <http://www.gnu.org/licenses/>. + +package bitmask + +import ( + "crypto/tls" + "crypto/x509" + "encoding/json" + "fmt" + "io/ioutil" + "log" + "net/http" + "sort" + "strconv" + "strings" + "time" +) + +const ( + certAPI = "https://api.black.riseup.net/1/cert" + eipAPI = "https://api.black.riseup.net/1/config/eip-service.json" +) + +var ( + caCert = []byte(`-----BEGIN CERTIFICATE----- +MIIFjTCCA3WgAwIBAgIBATANBgkqhkiG9w0BAQ0FADBZMRgwFgYDVQQKDA9SaXNl +dXAgTmV0d29ya3MxGzAZBgNVBAsMEmh0dHBzOi8vcmlzZXVwLm5ldDEgMB4GA1UE +AwwXUmlzZXVwIE5ldHdvcmtzIFJvb3QgQ0EwHhcNMTQwNDI4MDAwMDAwWhcNMjQw +NDI4MDAwMDAwWjBZMRgwFgYDVQQKDA9SaXNldXAgTmV0d29ya3MxGzAZBgNVBAsM +Emh0dHBzOi8vcmlzZXVwLm5ldDEgMB4GA1UEAwwXUmlzZXVwIE5ldHdvcmtzIFJv +b3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC76J4ciMJ8Sg0m +TP7DF2DT9zNe0Csk4myoMFC57rfJeqsAlJCv1XMzBmXrw8wq/9z7XHv6n/0sWU7a +7cF2hLR33ktjwODlx7vorU39/lXLndo492ZBhXQtG1INMShyv+nlmzO6GT7ESfNE +LliFitEzwIegpMqxCIHXFuobGSCWF4N0qLHkq/SYUMoOJ96O3hmPSl1kFDRMtWXY +iw1SEKjUvpyDJpVs3NGxeLCaA7bAWhDY5s5Yb2fA1o8ICAqhowurowJpW7n5ZuLK +5VNTlNy6nZpkjt1QycYvNycffyPOFm/Q/RKDlvnorJIrihPkyniV3YY5cGgP+Qkx +HUOT0uLA6LHtzfiyaOqkXwc4b0ZcQD5Vbf6Prd20Ppt6ei0zazkUPwxld3hgyw58 +m/4UIjG3PInWTNf293GngK2Bnz8Qx9e/6TueMSAn/3JBLem56E0WtmbLVjvko+LF +PM5xA+m0BmuSJtrD1MUCXMhqYTtiOvgLBlUm5zkNxALzG+cXB28k6XikXt6MRG7q +hzIPG38zwkooM55yy5i1YfcIi5NjMH6A+t4IJxxwb67MSb6UFOwg5kFokdONZcwj +shczHdG9gLKSBIvrKa03Nd3W2dF9hMbRu//STcQxOailDBQCnXXfAATj9pYzdY4k +ha8VCAREGAKTDAex9oXf1yRuktES4QIDAQABo2AwXjAdBgNVHQ4EFgQUC4tdmLVu +f9hwfK4AGliaet5KkcgwDgYDVR0PAQH/BAQDAgIEMAwGA1UdEwQFMAMBAf8wHwYD +VR0jBBgwFoAUC4tdmLVuf9hwfK4AGliaet5KkcgwDQYJKoZIhvcNAQENBQADggIB +AGzL+GRnYu99zFoy0bXJKOGCF5XUXP/3gIXPRDqQf5g7Cu/jYMID9dB3No4Zmf7v +qHjiSXiS8jx1j/6/Luk6PpFbT7QYm4QLs1f4BlfZOti2KE8r7KRDPIecUsUXW6P/ +3GJAVYH/+7OjA39za9AieM7+H5BELGccGrM5wfl7JeEz8in+V2ZWDzHQO4hMkiTQ +4ZckuaL201F68YpiItBNnJ9N5nHr1MRiGyApHmLXY/wvlrOpclh95qn+lG6/2jk7 +3AmihLOKYMlPwPakJg4PYczm3icFLgTpjV5sq2md9bRyAg3oPGfAuWHmKj2Ikqch +Td5CHKGxEEWbGUWEMP0s1A/JHWiCbDigc4Cfxhy56CWG4q0tYtnc2GMw8OAUO6Wf +Xu5pYKNkzKSEtT/MrNJt44tTZWbKV/Pi/N2Fx36my7TgTUj7g3xcE9eF4JV2H/sg +tsK3pwE0FEqGnT4qMFbixQmc8bGyuakr23wjMvfO7eZUxBuWYR2SkcP26sozF9PF +tGhbZHQVGZUTVPyvwahMUEhbPGVerOW0IYpxkm0x/eaWdTc4vPpf/rIlgbAjarnJ +UN9SaWRlWKSdP4haujnzCoJbM7dU9bjvlGZNyXEekgeT0W2qFeGGp+yyUWw8tNsp +0BuC1b7uW/bBn/xKm319wXVDvBgZgcktMolak39V7DVO +-----END CERTIFICATE-----`) +) + +type bonafide struct { + client *http.Client + eip *eipService + defaultGateway string +} + +type eipService struct { + Gateways []gateway + Locations map[string]struct { + CountryCode string + Hemisphere string + Name string + Timezone string + } + OpenvpnConfiguration map[string]interface{} `json:"openvpn_configuration"` +} + +type gateway struct { + Capabilities struct { + Ports []string + Protocols []string + } + Host string + IPAddress string `json:"ip_address"` + Location string +} + +func newBonafide() *bonafide { + certs := x509.NewCertPool() + certs.AppendCertsFromPEM(caCert) + client := &http.Client{ + Transport: &http.Transport{ + TLSClientConfig: &tls.Config{ + RootCAs: certs, + }, + }, + } + + return &bonafide{client, nil, ""} +} + +func (b *bonafide) getCertPem() ([]byte, error) { + resp, err := b.client.Post(certAPI, "", nil) + if err != nil { + return nil, err + } + defer resp.Body.Close() + if resp.StatusCode != 200 { + return nil, fmt.Errorf("get vpn cert has failed with status: %s", resp.Status) + } + + return ioutil.ReadAll(resp.Body) +} + +func (b *bonafide) getGateways() ([]gateway, error) { + if b.eip == nil { + err := b.fetchEipJSON() + if err != nil { + return nil, err + } + } + + return b.eip.Gateways, nil +} + +func (b *bonafide) setDefaultGateway(name string) { + b.defaultGateway = name + b.sortGateways() +} + +func (b *bonafide) getOpenvpnArgs() ([]string, error) { + if b.eip == nil { + err := b.fetchEipJSON() + if err != nil { + return nil, err + } + } + + args := []string{} + for arg, value := range b.eip.OpenvpnConfiguration { + switch v := value.(type) { + case string: + args = append(args, "--"+arg) + args = append(args, strings.Split(v, " ")...) + case bool: + if v { + args = append(args, "--"+arg) + } + default: + log.Printf("Uknwon openvpn argument type: %s - %v", arg, value) + } + } + return args, nil +} + +func (b *bonafide) fetchEipJSON() error { + resp, err := b.client.Post(eipAPI, "", nil) + if err != nil { + return err + } + defer resp.Body.Close() + if resp.StatusCode != 200 { + return fmt.Errorf("get vpn cert has failed with status: %s", resp.Status) + } + + var eip eipService + decoder := json.NewDecoder(resp.Body) + err = decoder.Decode(&eip) + if err != nil { + return err + } + + b.eip = &eip + b.sortGateways() + return nil +} + +func (b *bonafide) sortGateways() { + type gatewayDistance struct { + gateway gateway + distance int + } + + gws := []gatewayDistance{} + _, tzOffset := time.Now().Zone() + for _, gw := range b.eip.Gateways { + distance := 13 + if gw.Location == b.defaultGateway { + distance = -1 + } else { + gwOffset, err := strconv.Atoi(b.eip.Locations[gw.Location].Timezone) + if err != nil { + log.Printf("Error sorting gateways: %v", err) + } else { + distance = tzDistance(tzOffset, gwOffset) + } + } + gws = append(gws, gatewayDistance{gw, distance}) + } + + sort.Slice(gws, func(i, j int) bool { return gws[i].distance > gws[j].distance }) + for i, gw := range gws { + b.eip.Gateways[i] = gw.gateway + } +} + +func tzDistance(offset1, offset2 int) int { + abs := func(x int) int { + if x < 0 { + return -x + } else { + return x + } + } + distance := abs(offset1 - offset2) + if distance > 12 { + distance = 24 - distance + } + return distance +} |