github.com/vchain-us/vcn@v0.9.11-0.20210921212052-a2484d23c0b3/pkg/api/signature.go

github.com/vchain-us/vcn@v0.9.11-0.20210921212052-a2484d23c0b3/pkg/api/signature.go (about)

     1  package api
     2  
     3  import (
     4  	"context"
     5  	"errors"
     6  	"fmt"
     7  	"github.com/fatih/color"
     8  	"github.com/vchain-us/vcn/pkg/meta"
     9  	"github.com/vchain-us/vcn/pkg/signature"
    10  	"google.golang.org/grpc/status"
    11  )
    12  
    13  // CheckConnectionPublicKey the aim of this method is to guarantee that the connection between vcn and a CNC server are verified by the first login auto trusted signature.
    14  // This method fetches an immudb state, checks if the public key provided to the immudb client match server signature and
    15  // saves locally such key.
    16  // In addition it checks if a previously trusted (local) key is the same to the current one used by client. This guarantee that the connection is established on a previously trusted server.
    17  // If enforceSignatureVerify is TRUE it requires an explicit fingerprint confirmation.
    18  // NOTE: if VCN_SIGNING_PUB_KEY_FILE or VCN_SIGNING_PUB_KEY environment flag or arguments are provided this method is not called.
    19  func (u *LcUser) CheckConnectionPublicKey(enforceSignatureVerify bool) error {
    20  	state, err := u.Client.CurrentState(context.Background())
    21  	if err != nil {
    22  		if st, ok := status.FromError(err); ok {
    23  			if st.Message() == "unable to verify signature: no signature found" {
    24  				// for security reason if is present a trusted public key we return an error also if enforceSignatureVerify = true. Client was using on a secure server so it's not secure anymore.
    25  				return fmt.Errorf("Codenotary Cloud server is not signing messages but a public key %s was found in HOME folder. In order to continue with a not signed connection please remove such key", meta.VcnSigningPubKeyFileName)
    26  			}
    27  			if st.Message() == "signature doesn't match provided public key" {
    28  				color.Set(meta.StyleWarning())
    29  				fmt.Printf("previously trusted Codenotary Cloud server changed its signature. In order to trust again the server please provide a new public key or remove %s stored in home folder.", meta.VcnSigningPubKeyFileName)
    30  				fmt.Println()
    31  				color.Unset()
    32  				return fmt.Errorf("operation aborted : %w", st.Err())
    33  			}
    34  		}
    35  		return err
    36  	}
    37  
    38  	if state.Signature == nil && enforceSignatureVerify {
    39  		return errors.New("Codenotary Cloud server is not signing messages. Operation aborted")
    40  	}
    41  
    42  	if state.Signature != nil && state.Signature.GetPublicKey() != nil {
    43  		ECDSAPk := signature.UnmarshalKey(state.Signature.GetPublicKey())
    44  		pk, err := signature.ConfirmFingerprint(ECDSAPk, enforceSignatureVerify)
    45  		if err != nil {
    46  			return err
    47  		}
    48  		if pk != nil {
    49  			u.Client.SetServerSigningPubKey(pk)
    50  		}
    51  	}
    52  	return nil
    53  }