Commit 5d65d89e authored by Kali Kaneko's avatar Kali Kaneko Committed by meskio

[feat] add vendorize script to generate config

parent 2160bb23
......@@ -8,6 +8,9 @@ get:
go get -tags $(TAGS) ./...
go get -tags "$(TAGS) bitmaskd" ./...
generate:
go generate cmd/bitmask-vpn/main.go
build: $(foreach path,$(wildcard cmd/*),build_$(patsubst cmd/%,%,$(path)))
build_%:
......
#!/usr/bin/env python3
import re
import sys
import urllib.request
SCRIPT_NAME = 'check-ca-crt.py'
USAGE = '''Check that the stored provider CA matches the one announced online.
Usage: {name} <provider> <uri>
Example: {name} riseup black.riseup.net'''.format(name=SCRIPT_NAME)
def getLocalCert(provider):
sanitized = re.sub(r'[^\w\s-]', '', provider).strip().lower()
with open('config/{provider}-ca.crt'.format(provider=sanitized)) as crt:
return crt.read().strip()
def getRemoteCert(uri):
fp = urllib.request.urlopen('https://' + uri + '/ca.crt')
remote_cert = fp.read().decode('utf-8').strip()
fp.close()
return remote_cert
if __name__ == '__main__':
if len(sys.argv) != 3:
print('[!] Not enough arguments')
print(USAGE)
sys.exit(1)
provider = sys.argv[1]
uri = sys.argv[2]
local = getLocalCert(provider)
remote = getRemoteCert(uri)
try:
assert local == remote
except AssertionError:
print('[!] ERROR: remote and local CA certs do not match')
sys.exit(1)
else:
print('OK')
/*
DO NOT EDIT --------------------------------------------------
This file has been automatically generated by `go generate`.
Any changes will be overriden.
DO NOT EDIT --------------------------------------------------
*/
package config
/* All these constants are defined in the vendor.conf file
*/
const (
Provider = "$providerURL"
ApplicationName = "$applicationName"
BinaryName = "$binaryName"
DonateURL = "$donateURL"
HelpURL = "$helpURL"
TosURL = "$tosURL"
APIURL = "$apiURL"
GeolocationAPI = "$geolocationAPI"
)
/*
CaCert : a string containing a representation of the provider CA, used to
sign the webapp and openvpn certificates. should be placed in
config/[provider]-ca.crt
*/
var CaCert = []byte(`$caCertString`)
-----BEGIN CERTIFICATE-----
MIIFjTCCA3WgAwIBAgIBATANBgkqhkiG9w0BAQ0FADBZMRgwFgYDVQQKDA9SaXNl
dXAgTmV0d29ya3MxGzAZBgNVBAsMEmh0dHBzOi8vcmlzZXVwLm5ldDEgMB4GA1UE
AwwXUmlzZXVwIE5ldHdvcmtzIFJvb3QgQ0EwHhcNMTQwNDI4MDAwMDAwWhcNMjQw
NDI4MDAwMDAwWjBZMRgwFgYDVQQKDA9SaXNldXAgTmV0d29ya3MxGzAZBgNVBAsM
Emh0dHBzOi8vcmlzZXVwLm5ldDEgMB4GA1UEAwwXUmlzZXVwIE5ldHdvcmtzIFJv
b3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC76J4ciMJ8Sg0m
TP7DF2DT9zNe0Csk4myoMFC57rfJeqsAlJCv1XMzBmXrw8wq/9z7XHv6n/0sWU7a
7cF2hLR33ktjwODlx7vorU39/lXLndo492ZBhXQtG1INMShyv+nlmzO6GT7ESfNE
LliFitEzwIegpMqxCIHXFuobGSCWF4N0qLHkq/SYUMoOJ96O3hmPSl1kFDRMtWXY
iw1SEKjUvpyDJpVs3NGxeLCaA7bAWhDY5s5Yb2fA1o8ICAqhowurowJpW7n5ZuLK
5VNTlNy6nZpkjt1QycYvNycffyPOFm/Q/RKDlvnorJIrihPkyniV3YY5cGgP+Qkx
HUOT0uLA6LHtzfiyaOqkXwc4b0ZcQD5Vbf6Prd20Ppt6ei0zazkUPwxld3hgyw58
m/4UIjG3PInWTNf293GngK2Bnz8Qx9e/6TueMSAn/3JBLem56E0WtmbLVjvko+LF
PM5xA+m0BmuSJtrD1MUCXMhqYTtiOvgLBlUm5zkNxALzG+cXB28k6XikXt6MRG7q
hzIPG38zwkooM55yy5i1YfcIi5NjMH6A+t4IJxxwb67MSb6UFOwg5kFokdONZcwj
shczHdG9gLKSBIvrKa03Nd3W2dF9hMbRu//STcQxOailDBQCnXXfAATj9pYzdY4k
ha8VCAREGAKTDAex9oXf1yRuktES4QIDAQABo2AwXjAdBgNVHQ4EFgQUC4tdmLVu
f9hwfK4AGliaet5KkcgwDgYDVR0PAQH/BAQDAgIEMAwGA1UdEwQFMAMBAf8wHwYD
VR0jBBgwFoAUC4tdmLVuf9hwfK4AGliaet5KkcgwDQYJKoZIhvcNAQENBQADggIB
AGzL+GRnYu99zFoy0bXJKOGCF5XUXP/3gIXPRDqQf5g7Cu/jYMID9dB3No4Zmf7v
qHjiSXiS8jx1j/6/Luk6PpFbT7QYm4QLs1f4BlfZOti2KE8r7KRDPIecUsUXW6P/
3GJAVYH/+7OjA39za9AieM7+H5BELGccGrM5wfl7JeEz8in+V2ZWDzHQO4hMkiTQ
4ZckuaL201F68YpiItBNnJ9N5nHr1MRiGyApHmLXY/wvlrOpclh95qn+lG6/2jk7
3AmihLOKYMlPwPakJg4PYczm3icFLgTpjV5sq2md9bRyAg3oPGfAuWHmKj2Ikqch
Td5CHKGxEEWbGUWEMP0s1A/JHWiCbDigc4Cfxhy56CWG4q0tYtnc2GMw8OAUO6Wf
Xu5pYKNkzKSEtT/MrNJt44tTZWbKV/Pi/N2Fx36my7TgTUj7g3xcE9eF4JV2H/sg
tsK3pwE0FEqGnT4qMFbixQmc8bGyuakr23wjMvfO7eZUxBuWYR2SkcP26sozF9PF
tGhbZHQVGZUTVPyvwahMUEhbPGVerOW0IYpxkm0x/eaWdTc4vPpf/rIlgbAjarnJ
UN9SaWRlWKSdP4haujnzCoJbM7dU9bjvlGZNyXEekgeT0W2qFeGGp+yyUWw8tNsp
0BuC1b7uW/bBn/xKm319wXVDvBgZgcktMolak39V7DVO
-----END CERTIFICATE-----
[default]
provider = riseup
[riseup]
name = Riseup
applicationName = RiseupVPN
binaryName = riseup-vpn
providerURL = riseup.net
tosURL = https://riseup.net/tos
helpURL = https://riseup.net/support
donateURL = https://riseup.net/donate
apiURL = https://api.black.riseup.net/
geolocationAPI = https://api.black.riseup.net:9001/json
[calyx]
name = Calyx
applicationName = CalyxVPN
binaryName = calyx-vpn
apiURL = https://calyx.org
#!/usr/bin/env python3
import os
import sys
from string import Template
import configparser
OUTFILE = 'config.go'
INFILE = 'config.go.tmpl'
CONFIGFILE = 'config/vendor.conf'
SCRIPT_NAME = 'vendorize'
def getProviderData(config):
default = config['default']['provider']
print("[+] Configured provider:", default)
c = config[default]
d = dict()
keys = ('name', 'applicationName', 'binaryName',
'providerURL', 'tosURL', 'helpURL',
'donateURL', 'apiURL', 'geolocationAPI', 'caCertString')
for value in keys:
d[value] = c.get(value)
return d
def addCaData(data, configfile):
provider = data.get('name').lower()
folder, f = os.path.split(configfile)
caFile = os.path.join(folder, provider + '-ca.crt')
if not os.path.isfile(caFile):
bail('[!] Cannot find CA file in {path}'.format(path=caFile))
with open(caFile) as ca:
data['caCertString'] = ca.read().strip()
def writeOutput(data, infile, outfile):
with open(infile) as infile:
s = Template(infile.read())
with open(outfile, 'w') as outf:
outf.write(s.substitute(data))
def bail(msg=None):
if not msg:
print('Usage: {scriptname}.py <template> <config> <output>'.format(
scriptname=SCRIPT_NAME))
else:
print(msg)
sys.exit(1)
if __name__ == "__main__":
infile = outfile = ""
if len(sys.argv) > 4:
bail()
elif len(sys.argv) == 1:
infile = INFILE
outfile = OUTFILE
configfile = CONFIGFILE
else:
try:
infile = sys.argv[1]
configfile = sys.argv[2]
outfile = sys.argv[3]
except IndexError:
bail()
if not os.path.isfile(infile):
bail('[!] Cannot find template in {path}'.format(
path=os.path.abspath(infile)))
elif not os.path.isfile(configfile):
bail('[!] Cannot find config in {path}'.format(
path=os.path.abspath(configfile)))
else:
print('[+] Using {path} as template'.format(
path=os.path.abspath(infile)))
print('[+] Using {path} as config'.format(
path=os.path.abspath(configfile)))
config = configparser.ConfigParser()
config.read(configfile)
data = getProviderData(config)
addCaData(data, configfile)
writeOutput(data, infile, outfile)
print('[+] Wrote configuration for {provider} to {outf}'.format(
provider=data.get('name'),
outf=os.path.abspath(outfile)))
......@@ -15,6 +15,8 @@
package main
//go:generate ../../branding/vendorize.py ../../branding/config.go.tmpl ../../branding/config/vendor.conf ../../pkg/config/config.go
import (
"flag"
"fmt"
......
/*
DO NOT EDIT --------------------------------------------------
This file has been automatically generated by `go generate`.
Any changes will be overriden.
DO NOT EDIT --------------------------------------------------
*/
package config
/* All these constants are defined in the vendor.conf file
*/
const (
Provider = "riseup.net"
ApplicationName = "RiseupVPN"
BinaryName = "riseup-vpn"
Provider = "riseup.net"
DonateURL = "https://riseup.net/vpn/donate"
HelpURL = "https://riseup.net/vpn/support"
DonateURL = "https://riseup.net/donate"
HelpURL = "https://riseup.net/support"
TosURL = "https://riseup.net/tos"
APIURL = "https://api.black.riseup.net/"
GeolocationAPI = "https://api.black.riseup.net:9001/json"
)
/*
CaCert : a string containing a representation of the provider CA, used to
sign the webapp and openvpn certificates. should be placed in
config/[provider]/ca.crt
*/
var CaCert = []byte(`-----BEGIN CERTIFICATE-----
MIIFjTCCA3WgAwIBAgIBATANBgkqhkiG9w0BAQ0FADBZMRgwFgYDVQQKDA9SaXNl
dXAgTmV0d29ya3MxGzAZBgNVBAsMEmh0dHBzOi8vcmlzZXVwLm5ldDEgMB4GA1UE
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment