go-gemini/tofu.go

170 lines
4.1 KiB
Go
Raw Normal View History

2020-10-24 13:15:32 -06:00
package gemini
2020-09-25 16:53:20 -06:00
import (
"bufio"
"crypto/sha512"
"fmt"
"io"
2020-09-25 21:06:54 -06:00
"os"
2020-11-05 20:30:13 -07:00
"strconv"
2020-09-25 16:53:20 -06:00
"strings"
2020-12-17 15:07:00 -07:00
"sync"
2020-11-09 10:04:53 -07:00
"time"
2020-09-25 16:53:20 -06:00
)
// Trust represents the trustworthiness of a certificate.
type Trust int
const (
TrustNone Trust = iota // The certificate is not trusted.
TrustOnce // The certificate is trusted once.
TrustAlways // The certificate is trusted always.
)
2020-11-25 12:16:51 -07:00
// KnownHosts maps hosts to fingerprints.
type KnownHosts map[string]Fingerprint
// KnownHostsFile represents a list of known hosts optionally loaded from a file.
// The zero value for KnownHostsFile represents an empty list ready to use.
//
// KnownHostsFile is safe for concurrent use by multiple goroutines.
type KnownHostsFile struct {
KnownHosts
out io.Writer
2020-12-17 15:08:45 -07:00
mu sync.RWMutex
2020-11-09 10:26:08 -07:00
}
// SetOutput sets the output to which new known hosts will be written to.
func (k *KnownHostsFile) SetOutput(w io.Writer) {
k.mu.Lock()
defer k.mu.Unlock()
2020-11-09 10:26:08 -07:00
k.out = w
2020-09-25 21:06:54 -06:00
}
2020-11-09 11:57:30 -07:00
// Add adds a known host to the list of known hosts.
func (k *KnownHostsFile) Add(hostname string, fingerprint Fingerprint) {
k.mu.Lock()
defer k.mu.Unlock()
if k.KnownHosts == nil {
k.KnownHosts = KnownHosts{}
2020-11-09 10:04:53 -07:00
}
k.KnownHosts[hostname] = fingerprint
2020-11-09 10:04:53 -07:00
}
// Lookup returns the fingerprint of the certificate corresponding to
// the given hostname.
func (k *KnownHostsFile) Lookup(hostname string) (Fingerprint, bool) {
k.mu.RLock()
defer k.mu.RUnlock()
c, ok := k.KnownHosts[hostname]
2020-11-09 10:04:53 -07:00
return c, ok
}
2020-11-09 10:26:08 -07:00
// Write writes a known hosts entry to the configured output.
func (k *KnownHostsFile) Write(hostname string, fingerprint Fingerprint) {
k.mu.RLock()
defer k.mu.RUnlock()
2020-11-09 10:26:08 -07:00
if k.out != nil {
k.writeKnownHost(k.out, hostname, fingerprint)
2020-11-09 10:04:53 -07:00
}
}
// WriteAll writes all of the known hosts to the provided io.Writer.
func (k *KnownHostsFile) WriteAll(w io.Writer) error {
k.mu.RLock()
defer k.mu.RUnlock()
for h, c := range k.KnownHosts {
2020-11-09 10:04:53 -07:00
if _, err := k.writeKnownHost(w, h, c); err != nil {
return err
}
}
return nil
}
2020-11-09 10:26:08 -07:00
// writeKnownHost writes a known host to the provided io.Writer.
func (k *KnownHostsFile) writeKnownHost(w io.Writer, hostname string, f Fingerprint) (int, error) {
return fmt.Fprintf(w, "%s %s %s %d\n", hostname, f.Algorithm, f.Hex, f.Expires.Unix())
2020-11-09 10:04:53 -07:00
}
// Load loads the known hosts from the provided path.
2020-11-09 11:57:30 -07:00
// It creates the file if it does not exist.
// New known hosts will be appended to the file.
func (k *KnownHostsFile) Load(path string) error {
k.mu.Lock()
defer k.mu.Unlock()
2020-09-25 21:06:54 -06:00
f, err := os.OpenFile(path, os.O_CREATE|os.O_RDONLY, 0644)
if err != nil {
return err
2020-09-25 21:06:54 -06:00
}
k.Parse(f)
f.Close()
// Open the file for append-only use
f, err = os.OpenFile(path, os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0644)
if err != nil {
return err
2020-09-25 21:06:54 -06:00
}
2020-11-09 10:26:08 -07:00
k.out = f
return nil
2020-09-25 21:06:54 -06:00
}
// Parse parses the provided reader and adds the parsed known hosts to the list.
2020-11-09 10:26:08 -07:00
// Invalid entries are ignored.
func (k *KnownHostsFile) Parse(r io.Reader) {
k.mu.Lock()
defer k.mu.Unlock()
if k.KnownHosts == nil {
k.KnownHosts = map[string]Fingerprint{}
}
2020-09-25 16:53:20 -06:00
scanner := bufio.NewScanner(r)
for scanner.Scan() {
text := scanner.Text()
parts := strings.Split(text, " ")
2020-11-05 20:30:13 -07:00
if len(parts) < 4 {
2020-09-25 18:55:37 -06:00
continue
2020-09-25 16:53:20 -06:00
}
hostname := parts[0]
algorithm := parts[1]
if algorithm != "SHA-512" {
continue
}
hex := parts[2]
2020-09-25 16:53:20 -06:00
2020-11-25 12:16:51 -07:00
unix, err := strconv.ParseInt(parts[3], 10, 0)
2020-11-05 20:30:13 -07:00
if err != nil {
continue
}
2020-11-25 12:16:51 -07:00
expires := time.Unix(unix, 0)
2020-11-05 20:30:13 -07:00
k.KnownHosts[hostname] = Fingerprint{
2020-11-05 13:27:12 -07:00
Algorithm: algorithm,
Hex: hex,
2020-11-05 20:30:13 -07:00
Expires: expires,
}
2020-09-25 16:53:20 -06:00
}
2020-09-25 18:55:37 -06:00
}
2020-09-25 16:53:20 -06:00
2020-11-05 13:27:12 -07:00
// Fingerprint represents a fingerprint using a certain algorithm.
type Fingerprint struct {
2020-11-25 12:16:51 -07:00
Algorithm string // fingerprint algorithm e.g. SHA-512
Hex string // fingerprint in hexadecimal, with ':' between each octet
2020-11-25 12:16:51 -07:00
Expires time.Time // unix time of the fingerprint expiration date
}
2020-11-09 10:04:53 -07:00
// NewFingerprint returns the SHA-512 fingerprint of the provided raw data.
func NewFingerprint(raw []byte, expires time.Time) Fingerprint {
sum512 := sha512.Sum512(raw)
var b strings.Builder
for i, f := range sum512 {
if i > 0 {
b.WriteByte(':')
}
fmt.Fprintf(&b, "%02X", f)
}
2020-11-05 13:27:12 -07:00
return Fingerprint{
Algorithm: "SHA-512",
Hex: b.String(),
2020-11-25 12:16:51 -07:00
Expires: expires,
2020-11-05 13:27:12 -07:00
}
2020-09-25 16:53:20 -06:00
}