Skip to content
Snippets Groups Projects
Select Git revision
  • d65c4208bf7999c966a08b908241c8f868f1fcab
  • release default
  • 11-22-implement-kv-interface-defined-in-collectiveversionedkvgo
  • master protected
  • XX-4688/DbEncoding
  • hotfix/update
  • @XX-4682/Files
  • hotfix/XX-4655
  • dev protected
  • project/HavenNotifications
  • XX-4602/SilentMessageType
  • jono/npmTest
  • wasmTest2
  • XX-4461/FileUpload
  • XX-4505/blockuser
  • XX-4441
  • Jakub/Emoji-CI-Test
  • testing/websockets
  • fastReg
  • fast-registration
  • NewHostPool
  • v0.3.22
  • v0.3.21
  • v0.3.20
  • v0.3.18
  • v0.3.17
  • v0.3.16
  • v0.3.15
  • v0.3.14
  • v0.3.13
  • v0.3.12
  • v0.3.11
  • v0.3.10
  • v0.3.9
  • v0.3.8
  • v0.3.7
  • v0.3.6
  • v0.3.5
  • v0.3.4
  • 812b395df518ce096d01d5292596ca26f8fe92d9c4487ddfa515e190a51aa1a1
  • 76ba08e2dfa1798412a265404fa271840b52c035869111fce8e8cdb23a036a5a
41 results

fileTransfer_test.go

Blame
    • ndf.go 2.94 KiB 
    ///////////////////////////////////////////////////////////////////////////////
// Copyright © 2020 xx network SEZC                                          //
//                                                                           //
// Use of this source code is governed by a license that can be found in the //
// LICENSE file                                                              //
///////////////////////////////////////////////////////////////////////////////

package api

import (
	"encoding/base64"
	"github.com/pkg/errors"
	pb "gitlab.com/elixxir/comms/mixmessages"
	"gitlab.com/xx_network/comms/signature"
	"gitlab.com/xx_network/crypto/tls"
	"google.golang.org/protobuf/proto"
	"io/ioutil"
	"net/http"
)

// DownloadAndVerifySignedNdfWithUrl retrieves the NDF from a specified URL.
// The NDF is processed into a protobuf containing a signature which
// is verified using the cert string passed in. The NDF is returned as marshaled
// byte data which may be used to start a client.
func DownloadAndVerifySignedNdfWithUrl(url, cert string) ([]byte, error) {
	// Build a request for the file
	resp, err := http.Get(url)
	if err != nil {
		return nil, errors.WithMessagef(err, "Failed to retrieve "+
			"NDF from %s", url)
	}
	defer resp.Body.Close()

	// Download contents of the file
	signedNdfEncoded, err := ioutil.ReadAll(resp.Body)
	if err != nil {
		return nil, errors.WithMessage(err, "Failed to read signed "+
			"NDF response request")
	}

	// Process the download NDF and return the marshaled NDF
	return processAndVerifySignedNdf(signedNdfEncoded, cert)
}

// processAndVerifySignedNdf is a helper function which parses the downloaded NDF
// into a protobuf containing a signature. The signature is verified using the
// passed in cert. Upon successful parsing and verification, the NDF is
// returned as byte data.
func processAndVerifySignedNdf(signedNdfEncoded []byte, cert string) ([]byte, error) {
	// Base64 decode the signed NDF
	signedNdfMarshaled, err := base64.StdEncoding.DecodeString(
		string(signedNdfEncoded))
	if err != nil {
		return nil, errors.WithMessage(err, "Failed to decode signed NDF")
	}

	// Unmarshal the signed NDF
	signedNdfMsg := &pb.NDF{}
	err = proto.Unmarshal(signedNdfMarshaled, signedNdfMsg)
	if err != nil {
		return nil, errors.WithMessage(err, "Failed to unmarshal "+
			"signed NDF into protobuf")
	}

	// Load the certificate from it's PEM contents
	schedulingCert, err := tls.LoadCertificate(cert)
	if err != nil {
		return nil, errors.WithMessagef(err, "Failed to parse scheduling cert (%s)", cert)
	}

    	// Extract the public key from the cert
	schedulingPubKey, err := tls.ExtractPublicKey(schedulingCert)
	if err != nil {
		return nil, errors.WithMessage(err, "Failed to extract public key from cert")
	}

	// Verify signed NDF message
	err = signature.VerifyRsa(signedNdfMsg, schedulingPubKey)
	if err != nil {
		return nil, errors.WithMessage(err, "Failed to verify signed NDF message")
	}

	return signedNdfMsg.Ndf, nil
}