diff --git a/api/client.go b/api/client.go index 40c45875eb79c7809ee9fa9621622dd4881704e5..dc175773feeac321480a7f07672d7f76063aeeb9 100644 --- a/api/client.go +++ b/api/client.go @@ -31,8 +31,10 @@ import ( "gitlab.com/elixxir/crypto/large" "gitlab.com/elixxir/crypto/registration" "gitlab.com/elixxir/crypto/signature" + "gitlab.com/elixxir/crypto/signature/rsa" "gitlab.com/elixxir/primitives/format" "gitlab.com/elixxir/primitives/id" + "gitlab.com/elixxir/primitives/ndf" "gitlab.com/elixxir/primitives/switchboard" "google.golang.org/grpc/credentials" goio "io" @@ -40,11 +42,10 @@ import ( ) type Client struct { - storage globals.Storage - sess user.Session - comm io.Communications - gwAddresses []io.ConnAddr - regAddress io.ConnAddr + storage globals.Storage + sess user.Session + comm io.Communications + ndf *ndf.NetworkDefinition } // Populates a text message and returns its wire representation @@ -59,11 +60,38 @@ func FormatTextMessage(message string) []byte { return wireRepresentation } +// VerifyNDF verifies the signature of the network definition file (NDF) and +// returns the structure. +func VerifyNDF(ndfString, ndfPub string) *ndf.NetworkDefinition { + // Decode NDF string to a NetworkDefinition and its signature + ndfJSON, ndfSignature, err := ndf.DecodeNDF(ndfString) + if err != nil { + globals.Log.FATAL.Panicf("Could not decode NDF: %+v", err) + } + + // Get public key + pubKey, err := rsa.LoadPublicKeyFromPem([]byte(ndfPub)) + + // Hash NDF JSON + opts := rsa.NewDefaultOptions() + rsaHash := opts.Hash.New() + rsaHash.Write(ndfJSON.Serialize()) + + // Verify signature + err = rsa.Verify(pubKey, opts.Hash, rsaHash.Sum(nil), ndfSignature, nil) + + if err != nil { + globals.Log.FATAL.Panicf("Could not verify NDF: %+v", err) + } + + return ndfJSON +} + // Creates a new Client using the storage mechanism provided. // If none is provided, a default storage using OS file access // is created // returns a new Client object, and an error if it fails -func NewClient(s globals.Storage, loc string) (*Client, error) { +func NewClient(s globals.Storage, loc string, ndfJSON *ndf.NetworkDefinition) (*Client, error) { var store globals.Storage if s == nil { globals.Log.INFO.Printf("No storage provided," + @@ -84,21 +112,21 @@ func NewClient(s globals.Storage, loc string) (*Client, error) { cl := new(Client) cl.storage = store cl.comm = io.NewMessenger() - cl.gwAddresses = make([]io.ConnAddr, 0) + cl.ndf = ndfJSON + return cl, nil } // Connects to gateways and registration server (if needed) // using TLS filepaths to create credential information // for connection establishment -func (cl *Client) Connect(gwAddresses []string, gwCertPath, - regAddr, regCertPath string) error { - if len(gwAddresses) < 1 { +func (cl *Client) Connect() error { + if len(cl.ndf.Gateways) < 1 { globals.Log.ERROR.Printf("Connect: Invalid number of nodes") return errors.New("could not connect due to invalid number of nodes") } - var gwCreds credentials.TransportCredentials = nil + var gwCreds credentials.TransportCredentials if gwCertPath != "" { gwCreds = connect.NewCredentialsFromFile(gwCertPath, "") } @@ -110,7 +138,7 @@ func (cl *Client) Connect(gwAddresses []string, gwCertPath, } if regAddr != "" { - var regCreds credentials.TransportCredentials = nil + var regCreds credentials.TransportCredentials if regCertPath != "" { regCreds = connect.NewCredentialsFromFile(regCertPath, "") } diff --git a/cmd/root.go b/cmd/root.go index fecac877ff26a91d884837296ca9a0c3aacc52f6..73672eeb741668fe9ed99afa17390ef3af2207ff 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -52,6 +52,20 @@ var userEmail string var end2end bool var keyParams []string var client *api.Client +var ndfPubKey = `-----BEGIN PUBLIC KEY----- +MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA1dn7rREgAU1PDHqczJAe +kQX1eJhrREnOAlKGu+bgpIxHOyzECtnFFnbX+XfZZATjPLuBKHPzlkxQvE6j8aAr +fOh7DZl56i492zDY/I+JmrSxpNw2NkB7KdRlWIeUNSdFrc/U3A3ot4FmPxIgy7Hi +5uW9L3RsY7vmTliD9hwGDWXrOCOWp+LhJjuT5hJwxMHj95vo12o2VPHXk6G3lomF +g0hy+3YN9vzaKFUV+38iGk/ytpDiYa0JD5TfWV/vFyLdNtajd/8llcTUnSIpCROG +NO9lUX4OViW7+9mylT6XQjOwb58qVaLGPXuEQBqj/m8t6c08X6apbgeRP1D5CL2o +dMgqB68SmxOFgmSroMGZBpb9F7XniwJc0+rgrzc31nu+l2dCTcU84QENFg96yRen +1CD+kJ8jtcazQQ79f72R32TDbXvgB2sQD8aBzOfGVlTHFh6IUkD8X9vOxbNRh48H +YF58Qhjc7TC3d9FLaDi3KhM/1NrCOtNVM9n+W8DTLN0ptmc442dKLMFEQ8Uw2pkM +VDWW3zrZeD6+Vsn1D9v57+0v+X01gqjUPgZBeeRUAsomeiL2Dn7/GA+/xuweX45m +NrzFlgTDOrJ0TLWPPstFBhyX4+6tY6/FGP/5Gwjt29Kr1EN72HcUuDCecSn6MUsS +/EiMyA55AI68m/Wx+kHnJN0CAwEAAQ== +-----END PUBLIC KEY-----` // Execute adds all child commands to the root command and sets flags // appropriately. This is called by main.main(). It only needs to diff --git a/glide.yaml b/glide.yaml index 049ea320ff65c1816adcb4eedd1110e692d8fd8e..bc097df752dac42748c4763afb8c93e6eb59f51a 100644 --- a/glide.yaml +++ b/glide.yaml @@ -12,7 +12,7 @@ import: repo: git@gitlab.com:elixxir/comms vcs: git - package: gitlab.com/elixxir/primitives - version: master + version: newMessageFormat repo: git@gitlab.com:elixxir/primitives vcs: git - package: github.com/mitchellh/go-homedir