added missing functionality

bindings/ndf.go

+package bindings
+
+import "gitlab.com/elixxir/client/api"
+
+// DownloadAndVerifySignedNdfWithUrl retrieves the NDF from a specified URL.
+// The NDF is processed into a protobuf containing a signature which
+// is verified using the cert string passed in. The NDF is returned as marshaled
+// byte data which may be used to start a client.
+func DownloadAndVerifySignedNdfWithUrl(url, cert string) ([]byte, error) {
+	return api.DownloadAndVerifySignedNdfWithUrl(url, cert)
+}

bindings/ndf_test.go

+package bindings
+
+import (
+	"fmt"
+	"gitlab.com/elixxir/comms/testkeys"
+	"gitlab.com/xx_network/primitives/ndf"
+	"gitlab.com/xx_network/primitives/utils"
+	"strings"
+	"testing"
+)
+
+var testCert = `-----BEGIN CERTIFICATE-----
+MIIF4DCCA8igAwIBAgIUegUvihtQooWNIzsNqj6lucXn6g8wDQYJKoZIhvcNAQEL
+BQAwgYwxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTESMBAGA1UEBwwJQ2xhcmVt
+b250MRAwDgYDVQQKDAdFbGl4eGlyMRQwEgYDVQQLDAtEZXZlbG9wbWVudDETMBEG
+A1UEAwwKZWxpeHhpci5pbzEfMB0GCSqGSIb3DQEJARYQYWRtaW5AZWxpeHhpci5p
+bzAeFw0yMTExMzAxODMwMTdaFw0zMTExMjgxODMwMTdaMIGMMQswCQYDVQQGEwJV
+UzELMAkGA1UECAwCQ0ExEjAQBgNVBAcMCUNsYXJlbW9udDEQMA4GA1UECgwHRWxp
+eHhpcjEUMBIGA1UECwwLRGV2ZWxvcG1lbnQxEzARBgNVBAMMCmVsaXh4aXIuaW8x
+HzAdBgkqhkiG9w0BCQEWEGFkbWluQGVsaXh4aXIuaW8wggIiMA0GCSqGSIb3DQEB
+AQUAA4ICDwAwggIKAoICAQCckGabzUitkySleveyD9Yrxrpj50FiGkOvwkmgN1jF
+9r5StN3otiU5tebderkjD82mVqB781czRA9vPqAggbw1ZdAyQPTvDPTj7rmzkByq
+QIkdZBMshV/zX1z8oXoNB9bzZlUFVF4HTY3dEytAJONJRkGGAw4FTa/wCkWsITiT
+mKvkP3ciKgz7s8uMyZzZpj9ElBphK9Nbwt83v/IOgTqDmn5qDBnHtoLw4roKJkC8
+00GF4ZUhlVSQC3oFWOCu6tvSUVCBCTUzVKYJLmCnoilmiE/8nCOU0VOivtsx88f5
+9RSPfePUk8u5CRmgThwOpxb0CAO0gd+sY1YJrn+FaW+dSR8OkM3bFuTq7fz9CEkS
+XFfUwbJL+HzT0ZuSA3FupTIExyDmM/5dF8lC0RB3j4FNQF+H+j5Kso86e83xnXPI
+e+IKKIYa/LVdW24kYRuBDpoONN5KS/F+F/5PzOzH9Swdt07J9b7z1dzWcLnKGtkN
+WVsZ7Ue6cuI2zOEWqF1OEr9FladgORcdVBoF/WlsA63C2c1J0tjXqqcl/27GmqGW
+gvhaA8Jkm20qLCEhxQ2JzrBdk/X/lCZdP/7A5TxnLqSBq8xxMuLJlZZbUG8U/BT9
+sHF5mXZyiucMjTEU7qHMR2UGNFot8TQ7ZXntIApa2NlB/qX2qI5D13PoXI9Hnyxa
+8wIDAQABozgwNjAVBgNVHREEDjAMggplbGl4eGlyLmlvMB0GA1UdDgQWBBQimFud
+gCzDVFD3Xz68zOAebDN6YDANBgkqhkiG9w0BAQsFAAOCAgEAccsH9JIyFZdytGxC
+/6qjSHPgV23ZGmW7alg+GyEATBIAN187Du4Lj6cLbox5nqLdZgYzizVop32JQAHv
+N1QPKjViOOkLaJprSUuRULa5kJ5fe+XfMoyhISI4mtJXXbMwl/PbOaDSdeDjl0ZO
+auQggWslyv8ZOkfcbC6goEtAxljNZ01zY1ofSKUj+fBw9Lmomql6GAt7NuubANs4
+9mSjXwD27EZf3Aqaaju7gX1APW2O03/q4hDqhrGW14sN0gFt751ddPuPr5COGzCS
+c3Xg2HqMpXx//FU4qHrZYzwv8SuGSshlCxGJpWku9LVwci1Kxi4LyZgTm6/xY4kB
+5fsZf6C2yAZnkIJ8bEYr0Up4KzG1lNskU69uMv+d7W2+4Ie3Evf3HdYad/WeUskG
+tc6LKY6B2NX3RMVkQt0ftsDaWsktnR8VBXVZSBVYVEQu318rKvYRdOwZJn339obI
+jyMZC/3D721e5Anj/EqHpc3I9Yn3jRKw1xc8kpNLg/JIAibub8JYyDvT1gO4xjBO
++6EWOBFgDAsf7bSP2xQn1pQFWcA/sY1MnRsWeENmKNrkLXffP+8l1tEcijN+KCSF
+ek1mr+qBwSaNV9TA+RXVhvqd3DEKPPJ1WhfxP1K81RdUESvHOV/4kdwnSahDyao0
+EnretBzQkeKeBwoB2u6NTiOmUjk=
+-----END CERTIFICATE-----
+`
+
+// Unit Test: Call DownloadAndVerifySignedNdfWithUrl with a specified URL.
+// Ensure validity by unmarshalling NDF and checking the scheduling's cert.
+func TestDownloadSignedNdfWithUrl(t *testing.T) {
+	// Download and verify the cert with the specified URL
+	content, err := DownloadAndVerifySignedNdfWithUrl(
+		"https://elixxir-bins.s3.us-west-1.amazonaws.com/ndf/default.json",
+		testCert)
+	if err != nil {
+		t.Errorf("Failed to download signed NDF: %v", err)
+	}
+	fmt.Printf("content: %s\n", string(content))
+
+	// Check that it is a marshallable NDF
+	downloadedNdf, err := ndf.Unmarshal(content)
+	if err != nil {
+		t.Fatalf("Failed to unmarshal downloaded NDF: %v", err)
+	}
+
+	// Check validity of NDF
+	if strings.Compare(downloadedNdf.Registration.TlsCertificate, testCert) != 0 {
+		t.Fatalf("Unexpected NDF downloaded, has the spec changed?")
+	}
+}
+
+// Error case: Pass in the incorrect cert forcing a verification failure.
+func TestDownloadSignedNdfWithUrl_BadCert(t *testing.T) {
+	// Load an unintended cert
+	badCert, err := utils.ReadFile(testkeys.GetGatewayCertPath())
+	if err != nil {
+		t.Fatalf("Failed to read test certificate: %v", err)
+	}
+
+	// Download and attempt to verify with unintended cert
+	_, err = DownloadAndVerifySignedNdfWithUrl("https://elixxir-bins.s3.us-west-1.amazonaws.com/ndf/default.json",
+		string(badCert))
+	if err == nil {
+		t.Fatalf("Expected failure, should not be able to verify with " +
+			"bad certificate")
+	}
+}

bindings/secrets.go

+package bindings
+
+import (
+	jww "github.com/spf13/jwalterweatherman"
+	"gitlab.com/xx_network/crypto/csprng"
+)
+
+// GenerateSecret creates a secret password using a system-based
+// pseudorandom number generator. It takes 1 parameter, `numBytes`,
+// which should be set to 32, but can be set higher in certain cases.
+func GenerateSecret(numBytes int) []byte {
+	if numBytes < 32 {
+		jww.FATAL.Panicf("Secrets must have at least 32 bytes " +
+			"(256 bits) of entropy.")
+	}
+
+	out := make([]byte, numBytes)
+	rng := csprng.NewSystemRNG()
+	numRead, err := rng.Read(out)
+	if err != nil {
+		jww.FATAL.Panicf("%+v", err)
+	}
+	if numRead != numBytes {
+		jww.FATAL.Panicf("Unable to read %d bytes", numBytes)
+	}
+	return out
+}

bindings/secrets_test.go

+package bindings
+
+import (
+	"bytes"
+	"testing"
+)
+
+func TestGenerateSecret(t *testing.T) {
+	secret1 := GenerateSecret(32)
+	secret2 := GenerateSecret(32)
+
+	if bytes.Compare(secret1, secret2) == 0 {
+		t.Errorf("GenerateSecret: Not generating entropy")
+	}
+
+	// This runs after the test function and errors out if no panic was
+	// raised.
+	defer func() {
+		if r := recover(); r == nil {
+			t.Errorf("GenerateSecret: Low entropy was permitted")
+		}
+	}()
+	GenerateSecret(31)
+}