[PD2] Made cert checks in cryptoutils

2024-05-30 15:48:28 +01:00 · 2024-05-30 15:48:28 +01:00 · 62962a13c7
commit 62962a13c7
parent 69559f41ca
9 changed files with 160 additions and 133 deletions
--- a/Projs/PD2/internal/gateway/gateway.go
+++ b/Projs/PD2/internal/gateway/gateway.go
@ -1,8 +1,8 @@
 package gateway

 import (
-	"PD1/internal/protocol"
-	"PD1/internal/utils/cryptoUtils"
+	"PD2/internal/protocol"
+	"PD2/internal/utils/cryptoUtils"
 	"crypto/x509"
 	"fmt"
 	"log"
@ -32,30 +32,30 @@ func HandleRegister(c *gin.Context, dataStore DataStore, keyStore cryptoUtils.Ke
 	var postRegister protocol.PostRegister
 	err := c.Bind(postRegister)
 	if err != nil {
-        c.JSON(http.StatusBadRequest,gin.H{"error": "Request body is not a PostRegister"})
-        return
+		c.JSON(http.StatusBadRequest, gin.H{"error": "Request body is not a PostRegister"})
+		return
 	}

 	//Check if the certificate pseudonym matches the uid in postRegister
 	//And if it's signed by the CA
 	userCert, err := x509.ParseCertificate(postRegister.Certificate)
 	if err != nil {
-        c.JSON(http.StatusBadRequest,gin.H{"error": "User certificate is invalid"})
-        return
+		c.JSON(http.StatusBadRequest, gin.H{"error": "User certificate is invalid"})
+		return
 	}

 	oidMap := cryptoUtils.ExtractAllOIDValues(userCert)
 	//Check if certificate usage is MSG SERVICE
 	usage := oidMap["2.5.4.11"]
 	if usage != "MSG SERVICE" {
-        c.JSON(http.StatusBadRequest,gin.H{"error": "Certificate usage is not \"MSG SERVICE\""})
-        return
+		c.JSON(http.StatusBadRequest, gin.H{"error": "Certificate usage is not \"MSG SERVICE\""})
+		return
 	}

-	err = keyStore.CheckCert(userCert, postRegister.UID)
+	err = keyStore.CheckCert(userCert, postRegister.UID, "MSG SERVICE")
 	if err != nil {
-        c.JSON(http.StatusBadRequest,gin.H{"error": "User certificate is invalid, not trusted or belongs to another user"})
-        return
+		c.JSON(http.StatusBadRequest, gin.H{"error": "User certificate is invalid, not trusted, belongs to another user or has incorrect usage field"})
+		return
 	}

 	hashedPassword, err := HashPassword(postRegister.Password)
@ -65,10 +65,10 @@ func HandleRegister(c *gin.Context, dataStore DataStore, keyStore cryptoUtils.Ke

 	err = dataStore.InsertUser(postRegister.UID, hashedPassword)
 	if err != nil {
-        log.Fatalln("Could not insert user into DB")
+		log.Fatalln("Could not insert user into DB")
 	}

-    //TODO: Send the certificate to the server
+	//TODO: Send the certificate to the server

 	c.JSON(http.StatusOK, gin.H{})

@ -91,31 +91,30 @@ func HandleLogin(c *gin.Context, dataStore DataStore, keyStore cryptoUtils.KeySt
 		c.JSON(http.StatusBadRequest, gin.H{"error": "Invalid user id or password"})
 		return
 	}
-    jwToken, err := GenerateJWT(postLogin.UID)
+	jwToken, err := GenerateJWT(postLogin.UID)

-    if err != nil {
+	if err != nil {
 		c.JSON(http.StatusBadRequest, gin.H{"error": "Failed to create token"})
-    }
-    //Send token to user
-    c.JSON(http.StatusOK, gin.H{"token":jwToken})
+	}
+	//Send token to user
+	c.JSON(http.StatusOK, gin.H{"token": jwToken})
 }

-
 func AuthMiddleware(c *gin.Context) {
 	fmt.Println("Authentication Middleware")
-    tokenList := c.Request.Header["Token"]
-    if tokenList == nil {
-        c.JSON(http.StatusUnauthorized,gin.H{"error": "No authentication token provided"})
-    }
-    // We only care about the first entry
-    token := tokenList[0]
-    
-    uid, err := ValidateJWT(token)
-    if err!= nil {
-        c.JSON(http.StatusUnauthorized,gin.H{"error": "Token is invalid or has expired"})
-    }
-    c.Set("uid", uid)
-    c.Next()
+	tokenList := c.Request.Header["Token"]
+	if tokenList == nil {
+		c.JSON(http.StatusUnauthorized, gin.H{"error": "No authentication token provided"})
+	}
+	// We only care about the first entry
+	token := tokenList[0]
+
+	uid, err := ValidateJWT(token)
+	if err != nil {
+		c.JSON(http.StatusUnauthorized, gin.H{"error": "Token is invalid or has expired"})
+	}
+	c.Set("uid", uid)
+	c.Next()
 }

 func Run() {
@ -164,10 +163,10 @@ func Run() {
 	server := http.Server{
 		Addr:      "0.0.0.0:8080",
 		Handler:   router,
-		TLSConfig: serverKeyStore.GetServerTLSConfig(),
+		TLSConfig: keyStore.GetGatewayIncomingTLSConfig(),
 	}

-	err := server.ListenAndServeTLS("", "")
+	err = server.ListenAndServeTLS("", "")
 	if err != nil {
 		log.Fatal(err.Error())
 	}