Uni/CSI-ES-2324
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

[PD1] Added verification that server returns the correct client cert

Browse source
This commit is contained in:
Afonso Franco 2024-04-24 17:49:36 +01:00
parent 4f9312958d
commit 1d64590f33
Signed by: afonso
SSH key fingerprint: SHA256:aiLbdlPwXKJS5wMnghdtod0SPy8imZjlVvCyUX9DJNk
4 changed files with 47 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

15
Projs/PD1/internal/client/client.go
View file

@ -39,7 +39,7 @@ func Run() {
cl := networking.NewClient[protocol.Packet](&clientKeyStore)
defer cl.Connection.Conn.Close()
receiverCert := getUserCert(cl, uid)
receiverCert := getUserCert(cl, clientKeyStore, uid)
if receiverCert == nil {
return
}
@ -102,7 +102,7 @@ func Run() {
return
}
answerGetMsg := protocol.UnmarshalAnswerGetMsg(receivedMsgPacket.Body)
senderCert := getUserCert(cl, answerGetMsg.FromUID)
senderCert := getUserCert(cl, clientKeyStore, answerGetMsg.FromUID)
decSubjectBytes := clientKeyStore.DecryptMessageContent(senderCert, answerGetMsg.Subject)
decBodyBytes := clientKeyStore.DecryptMessageContent(senderCert, answerGetMsg.Body)
subject := Unmarshal(decSubjectBytes)
@ -119,7 +119,7 @@ func Run() {
}
func getUserCert(cl networking.Client[protocol.Packet], uid string) *x509.Certificate {
func getUserCert(cl networking.Client[protocol.Packet], keyStore cryptoUtils.KeyStore, uid string) *x509.Certificate {
getUserCertPacket := protocol.NewGetUserCertPacket(uid)
if !cl.Connection.Send(getUserCertPacket) {
return nil
@ -139,10 +139,13 @@ func getUserCert(cl networking.Client[protocol.Packet], uid string) *x509.Certif
if err != nil {
return nil
}
if !keyStore.CheckCert(userCert, uid){
return nil
}
return userCert
}
func getManyMessagesInfo(cl networking.Client[protocol.Packet]) (protocol.AnswerGetUnreadMsgsInfo, map[string]*x509.Certificate) {
func getManyMessagesInfo(cl networking.Client[protocol.Packet], keyStore cryptoUtils.KeyStore) (protocol.AnswerGetUnreadMsgsInfo, map[string]*x509.Certificate) {
answerGetUnreadMsgsInfoPacket, active := cl.Connection.Receive()
if !active {
return protocol.NewAnswerGetUnreadMsgsInfo(0, 0, nil), nil
@ -162,7 +165,7 @@ func getManyMessagesInfo(cl networking.Client[protocol.Packet]) (protocol.Answer
certificatesMap := map[string]*x509.Certificate{}
//Get senders' certificates
for senderUID := range senderSet {
senderCert := getUserCert(cl, senderUID)
senderCert := getUserCert(cl, keyStore, senderUID)
certificatesMap[senderUID] = senderCert
}
return answerGetUnreadMsgsInfo, certificatesMap
@ -173,7 +176,7 @@ func askQueue(cl networking.Client[protocol.Packet], clientKeyStore cryptoUtils.
if !cl.Connection.Send(requestUnreadMsgsQueuePacket) {
return
}
unreadMsgsInfo, certificates := getManyMessagesInfo(cl)
unreadMsgsInfo, certificates := getManyMessagesInfo(cl, clientKeyStore)
var clientMessages []ClientMessageInfo
for _, message := range unreadMsgsInfo.MessagesInfo {
senderCert, ok := certificates[message.FromUID]