forked from coyim/coyim
-
Notifications
You must be signed in to change notification settings - Fork 0
/
pins.go
105 lines (89 loc) · 2.66 KB
/
pins.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
package config
import (
"bytes"
"crypto/x509"
"encoding/hex"
"encoding/json"
"sort"
"github.com/twstrike/coyim/digests"
)
// CertificatePinForSerialization represents a certificate pin in its serialized form
type CertificatePinForSerialization struct {
Subject string `json:",omitempty"`
Issuer string `json:",omitempty"`
FingerprintHex string
FingerprintType string
}
// CertificatePin represents a known certificate hash to accept as a given
type CertificatePin struct {
Subject string
Issuer string
Fingerprint []byte
FingerprintType string
}
// MarshalJSON is used to create a JSON representation of this certificate pin
func (v *CertificatePin) MarshalJSON() ([]byte, error) {
return json.Marshal(CertificatePinForSerialization{
Subject: v.Subject,
Issuer: v.Issuer,
FingerprintHex: hex.EncodeToString(v.Fingerprint),
FingerprintType: v.FingerprintType,
})
}
// UnmarshalJSON is used to parse the JSON representation of a certificate pin
func (v *CertificatePin) UnmarshalJSON(data []byte) error {
vz := CertificatePinForSerialization{}
err := json.Unmarshal(data, &vz)
if err != nil {
return err
}
v.Fingerprint, err = hex.DecodeString(vz.FingerprintHex)
if err != nil {
return nil
}
v.Subject = vz.Subject
v.Issuer = vz.Issuer
v.FingerprintType = vz.FingerprintType
return nil
}
// CertificatePinsByNaturalOrder sorts certificate pins by the fingerprints
type CertificatePinsByNaturalOrder []*CertificatePin
func (s CertificatePinsByNaturalOrder) Len() int { return len(s) }
func (s CertificatePinsByNaturalOrder) Less(i, j int) bool {
return bytes.Compare(s[i].Fingerprint, s[j].Fingerprint) == -1
}
func (s CertificatePinsByNaturalOrder) Swap(i, j int) { s[i], s[j] = s[j], s[i] }
func (a *Account) updateCertificatePins() bool {
if len(a.LegacyServerCertificateSHA256) == 0 {
return false
}
certSHA256, err := hex.DecodeString(a.LegacyServerCertificateSHA256)
if err == nil && len(certSHA256) == 32 {
a.Certificates = append(a.Certificates, &CertificatePin{
Subject: "",
Issuer: "",
FingerprintType: "SHA256",
Fingerprint: certSHA256,
})
sort.Sort(CertificatePinsByNaturalOrder(a.Certificates))
a.LegacyServerCertificateSHA256 = ""
return true
}
return false
}
// Matches returns true if this pin matches the given certificate
func (v *CertificatePin) Matches(cert *x509.Certificate) bool {
r := cert.Raw
var dig []byte
switch v.FingerprintType {
case "SHA1":
dig = digests.Sha1(r)
case "SHA256":
dig = digests.Sha256(r)
case "SHA3-256":
dig = digests.Sha3_256(r)
default:
return false
}
return bytes.Equal(dig, v.Fingerprint)
}