Skip to content
Snippets Groups Projects
Select Git revision
  • c183df54f770c49c7f3f5c710b74c06a2c0c6b15
  • release default protected
  • 11-22-implement-kv-interface-defined-in-collectiveversionedkvgo
  • hotfix/TestHostPool_UpdateNdf_AddFilter
  • XX-4719/announcementChannels
  • xx-4717/logLevel
  • jonah/noob-channel
  • master protected
  • XX-4707/tagDiskJson
  • xx-4698/notification-retry
  • hotfix/notifylockup
  • syncNodes
  • hotfix/localCB
  • XX-4677/NewChanManagerMobile
  • XX-4689/DmSync
  • duplicatePrefix
  • XX-4601/HavenInvites
  • finalizedUICallbacks
  • XX-4673/AdminKeySync
  • debugNotifID
  • anne/test
  • v4.7.5
  • v4.7.4
  • v4.7.3
  • v4.7.2
  • v4.7.1
  • v4.6.3
  • v4.6.1
  • v4.5.0
  • v4.4.4
  • v4.3.11
  • v4.3.8
  • v4.3.7
  • v4.3.6
  • v4.3.5
  • v4.2.0
  • v4.3.0
  • v4.3.4
  • v4.3.3
  • v4.3.2
  • v4.3.1
41 results

ndf.go

Blame
    • ndf.go 2.94 KiB 
    ///////////////////////////////////////////////////////////////////////////////
// Copyright © 2020 xx network SEZC                                          //
//                                                                           //
// Use of this source code is governed by a license that can be found in the //
// LICENSE file                                                              //
///////////////////////////////////////////////////////////////////////////////

package api

import (
	"encoding/base64"
	"github.com/pkg/errors"
	pb "gitlab.com/elixxir/comms/mixmessages"
	"gitlab.com/xx_network/comms/signature"
	"gitlab.com/xx_network/crypto/tls"
	"google.golang.org/protobuf/proto"
	"io/ioutil"
	"net/http"
)

// DownloadAndVerifySignedNdfWithUrl retrieves the NDF from a specified URL.
// The NDF is processed into a protobuf containing a signature which
// is verified using the cert string passed in. The NDF is returned as marshaled
// byte data which may be used to start a client.
func DownloadAndVerifySignedNdfWithUrl(url, cert string) ([]byte, error) {
	// Build a request for the file
	resp, err := http.Get(url)
	if err != nil {
		return nil, errors.WithMessagef(err, "Failed to retrieve "+
			"NDF from %s", url)
	}
	defer resp.Body.Close()

	// Download contents of the file
	signedNdfEncoded, err := ioutil.ReadAll(resp.Body)
	if err != nil {
		return nil, errors.WithMessage(err, "Failed to read signed "+
			"NDF response request")
	}

	// Process the download NDF and return the marshaled NDF
	return processAndVerifySignedNdf(signedNdfEncoded, cert)
}

// processAndVerifySignedNdf is a helper function which parses the downloaded NDF
// into a protobuf containing a signature. The signature is verified using the
// passed in cert. Upon successful parsing and verification, the NDF is
// returned as byte data.
func processAndVerifySignedNdf(signedNdfEncoded []byte, cert string) ([]byte, error) {
	// Base64 decode the signed NDF
	signedNdfMarshaled, err := base64.StdEncoding.DecodeString(
		string(signedNdfEncoded))
	if err != nil {
		return nil, errors.WithMessage(err, "Failed to decode signed NDF")
	}

	// Unmarshal the signed NDF
	signedNdfMsg := &pb.NDF{}
	err = proto.Unmarshal(signedNdfMarshaled, signedNdfMsg)
	if err != nil {
		return nil, errors.WithMessage(err, "Failed to unmarshal "+
			"signed NDF into protobuf")
	}

	// Load the certificate from it's PEM contents
	schedulingCert, err := tls.LoadCertificate(cert)
	if err != nil {
		return nil, errors.WithMessagef(err, "Failed to parse scheduling cert (%s)", cert)
	}

    	// Extract the public key from the cert
	schedulingPubKey, err := tls.ExtractPublicKey(schedulingCert)
	if err != nil {
		return nil, errors.WithMessage(err, "Failed to extract public key from cert")
	}

	// Verify signed NDF message
	err = signature.VerifyRsa(signedNdfMsg, schedulingPubKey)
	if err != nil {
		return nil, errors.WithMessage(err, "Failed to verify signed NDF message")
	}

	return signedNdfMsg.Ndf, nil
}