diff options
Diffstat (limited to 'branding')
-rwxr-xr-x | branding/check-ca-crt.py | 46 | ||||
-rw-r--r-- | branding/config.go.tmpl | 32 | ||||
-rw-r--r-- | branding/config/riseup-ca.crt | 32 | ||||
-rw-r--r-- | branding/config/vendor.conf | 24 | ||||
-rwxr-xr-x | branding/vendorize.py | 99 |
5 files changed, 233 insertions, 0 deletions
diff --git a/branding/check-ca-crt.py b/branding/check-ca-crt.py new file mode 100755 index 0000000..6462467 --- /dev/null +++ b/branding/check-ca-crt.py @@ -0,0 +1,46 @@ +#!/usr/bin/env python3 +import re +import sys +import urllib.request + +SCRIPT_NAME = 'check-ca-crt.py' + +USAGE = '''Check that the stored provider CA matches the one announced online. +Usage: {name} <provider> <uri> + +Example: {name} riseup black.riseup.net'''.format(name=SCRIPT_NAME) + + +def getLocalCert(provider): + sanitized = re.sub(r'[^\w\s-]', '', provider).strip().lower() + with open('config/{provider}-ca.crt'.format(provider=sanitized)) as crt: + return crt.read().strip() + + +def getRemoteCert(uri): + fp = urllib.request.urlopen('https://' + uri + '/ca.crt') + remote_cert = fp.read().decode('utf-8').strip() + fp.close() + return remote_cert + + +if __name__ == '__main__': + + if len(sys.argv) != 3: + print('[!] Not enough arguments') + print(USAGE) + sys.exit(1) + + provider = sys.argv[1] + uri = sys.argv[2] + + local = getLocalCert(provider) + remote = getRemoteCert(uri) + + try: + assert local == remote + except AssertionError: + print('[!] ERROR: remote and local CA certs do not match') + sys.exit(1) + else: + print('OK') diff --git a/branding/config.go.tmpl b/branding/config.go.tmpl new file mode 100644 index 0000000..c3a9a33 --- /dev/null +++ b/branding/config.go.tmpl @@ -0,0 +1,32 @@ +/* + DO NOT EDIT -------------------------------------------------- + + This file has been automatically generated by `go generate`. + Any changes will be overriden. + + DO NOT EDIT -------------------------------------------------- +*/ + +package config + +/* All these constants are defined in the vendor.conf file +*/ +const ( + Provider = "$providerURL" + ApplicationName = "$applicationName" + BinaryName = "$binaryName" + DonateURL = "$donateURL" + HelpURL = "$helpURL" + TosURL = "$tosURL" + APIURL = "$apiURL" + GeolocationAPI = "$geolocationAPI" +) + +/* + +CaCert : a string containing a representation of the provider CA, used to + sign the webapp and openvpn certificates. should be placed in + config/[provider]-ca.crt + +*/ +var CaCert = []byte(`$caCertString`) diff --git a/branding/config/riseup-ca.crt b/branding/config/riseup-ca.crt new file mode 100644 index 0000000..cbec39c --- /dev/null +++ b/branding/config/riseup-ca.crt @@ -0,0 +1,32 @@ +-----BEGIN CERTIFICATE----- +MIIFjTCCA3WgAwIBAgIBATANBgkqhkiG9w0BAQ0FADBZMRgwFgYDVQQKDA9SaXNl +dXAgTmV0d29ya3MxGzAZBgNVBAsMEmh0dHBzOi8vcmlzZXVwLm5ldDEgMB4GA1UE +AwwXUmlzZXVwIE5ldHdvcmtzIFJvb3QgQ0EwHhcNMTQwNDI4MDAwMDAwWhcNMjQw +NDI4MDAwMDAwWjBZMRgwFgYDVQQKDA9SaXNldXAgTmV0d29ya3MxGzAZBgNVBAsM +Emh0dHBzOi8vcmlzZXVwLm5ldDEgMB4GA1UEAwwXUmlzZXVwIE5ldHdvcmtzIFJv +b3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC76J4ciMJ8Sg0m +TP7DF2DT9zNe0Csk4myoMFC57rfJeqsAlJCv1XMzBmXrw8wq/9z7XHv6n/0sWU7a +7cF2hLR33ktjwODlx7vorU39/lXLndo492ZBhXQtG1INMShyv+nlmzO6GT7ESfNE +LliFitEzwIegpMqxCIHXFuobGSCWF4N0qLHkq/SYUMoOJ96O3hmPSl1kFDRMtWXY +iw1SEKjUvpyDJpVs3NGxeLCaA7bAWhDY5s5Yb2fA1o8ICAqhowurowJpW7n5ZuLK +5VNTlNy6nZpkjt1QycYvNycffyPOFm/Q/RKDlvnorJIrihPkyniV3YY5cGgP+Qkx +HUOT0uLA6LHtzfiyaOqkXwc4b0ZcQD5Vbf6Prd20Ppt6ei0zazkUPwxld3hgyw58 +m/4UIjG3PInWTNf293GngK2Bnz8Qx9e/6TueMSAn/3JBLem56E0WtmbLVjvko+LF +PM5xA+m0BmuSJtrD1MUCXMhqYTtiOvgLBlUm5zkNxALzG+cXB28k6XikXt6MRG7q +hzIPG38zwkooM55yy5i1YfcIi5NjMH6A+t4IJxxwb67MSb6UFOwg5kFokdONZcwj +shczHdG9gLKSBIvrKa03Nd3W2dF9hMbRu//STcQxOailDBQCnXXfAATj9pYzdY4k +ha8VCAREGAKTDAex9oXf1yRuktES4QIDAQABo2AwXjAdBgNVHQ4EFgQUC4tdmLVu +f9hwfK4AGliaet5KkcgwDgYDVR0PAQH/BAQDAgIEMAwGA1UdEwQFMAMBAf8wHwYD +VR0jBBgwFoAUC4tdmLVuf9hwfK4AGliaet5KkcgwDQYJKoZIhvcNAQENBQADggIB +AGzL+GRnYu99zFoy0bXJKOGCF5XUXP/3gIXPRDqQf5g7Cu/jYMID9dB3No4Zmf7v +qHjiSXiS8jx1j/6/Luk6PpFbT7QYm4QLs1f4BlfZOti2KE8r7KRDPIecUsUXW6P/ +3GJAVYH/+7OjA39za9AieM7+H5BELGccGrM5wfl7JeEz8in+V2ZWDzHQO4hMkiTQ +4ZckuaL201F68YpiItBNnJ9N5nHr1MRiGyApHmLXY/wvlrOpclh95qn+lG6/2jk7 +3AmihLOKYMlPwPakJg4PYczm3icFLgTpjV5sq2md9bRyAg3oPGfAuWHmKj2Ikqch +Td5CHKGxEEWbGUWEMP0s1A/JHWiCbDigc4Cfxhy56CWG4q0tYtnc2GMw8OAUO6Wf +Xu5pYKNkzKSEtT/MrNJt44tTZWbKV/Pi/N2Fx36my7TgTUj7g3xcE9eF4JV2H/sg +tsK3pwE0FEqGnT4qMFbixQmc8bGyuakr23wjMvfO7eZUxBuWYR2SkcP26sozF9PF +tGhbZHQVGZUTVPyvwahMUEhbPGVerOW0IYpxkm0x/eaWdTc4vPpf/rIlgbAjarnJ +UN9SaWRlWKSdP4haujnzCoJbM7dU9bjvlGZNyXEekgeT0W2qFeGGp+yyUWw8tNsp +0BuC1b7uW/bBn/xKm319wXVDvBgZgcktMolak39V7DVO +-----END CERTIFICATE----- diff --git a/branding/config/vendor.conf b/branding/config/vendor.conf new file mode 100644 index 0000000..ee5aa36 --- /dev/null +++ b/branding/config/vendor.conf @@ -0,0 +1,24 @@ +[default] + +provider = riseup + + +[riseup] + +name = Riseup +applicationName = RiseupVPN +binaryName = riseup-vpn +providerURL = riseup.net +tosURL = https://riseup.net/tos +helpURL = https://riseup.net/support +donateURL = https://riseup.net/donate +apiURL = https://api.black.riseup.net/ +geolocationAPI = https://api.black.riseup.net:9001/json + + +[calyx] + +name = Calyx +applicationName = CalyxVPN +binaryName = calyx-vpn +apiURL = https://calyx.org diff --git a/branding/vendorize.py b/branding/vendorize.py new file mode 100755 index 0000000..46cc1e6 --- /dev/null +++ b/branding/vendorize.py @@ -0,0 +1,99 @@ +#!/usr/bin/env python3 + +import os +import sys + +from string import Template +import configparser + +OUTFILE = 'config.go' +INFILE = 'config.go.tmpl' +CONFIGFILE = 'config/vendor.conf' +SCRIPT_NAME = 'vendorize' + + +def getProviderData(config): + default = config['default']['provider'] + print("[+] Configured provider:", default) + + c = config[default] + d = dict() + + keys = ('name', 'applicationName', 'binaryName', + 'providerURL', 'tosURL', 'helpURL', + 'donateURL', 'apiURL', 'geolocationAPI', 'caCertString') + + for value in keys: + d[value] = c.get(value) + + return d + + +def addCaData(data, configfile): + provider = data.get('name').lower() + folder, f = os.path.split(configfile) + caFile = os.path.join(folder, provider + '-ca.crt') + if not os.path.isfile(caFile): + bail('[!] Cannot find CA file in {path}'.format(path=caFile)) + with open(caFile) as ca: + data['caCertString'] = ca.read().strip() + + +def writeOutput(data, infile, outfile): + + with open(infile) as infile: + s = Template(infile.read()) + + with open(outfile, 'w') as outf: + outf.write(s.substitute(data)) + + +def bail(msg=None): + if not msg: + print('Usage: {scriptname}.py <template> <config> <output>'.format( + scriptname=SCRIPT_NAME)) + else: + print(msg) + sys.exit(1) + + +if __name__ == "__main__": + infile = outfile = "" + + if len(sys.argv) > 4: + bail() + + elif len(sys.argv) == 1: + infile = INFILE + outfile = OUTFILE + configfile = CONFIGFILE + else: + try: + infile = sys.argv[1] + configfile = sys.argv[2] + outfile = sys.argv[3] + except IndexError: + bail() + + if not os.path.isfile(infile): + bail('[!] Cannot find template in {path}'.format( + path=os.path.abspath(infile))) + elif not os.path.isfile(configfile): + bail('[!] Cannot find config in {path}'.format( + path=os.path.abspath(configfile))) + else: + print('[+] Using {path} as template'.format( + path=os.path.abspath(infile))) + print('[+] Using {path} as config'.format( + path=os.path.abspath(configfile))) + + config = configparser.ConfigParser() + config.read(configfile) + + data = getProviderData(config) + addCaData(data, configfile) + writeOutput(data, infile, outfile) + + print('[+] Wrote configuration for {provider} to {outf}'.format( + provider=data.get('name'), + outf=os.path.abspath(outfile))) |