verify the reseed is signed by a valid key

2020-05-23 12:26:36 -04:00
parent 8329ba322e
commit 68d98710e9
5 changed files with 403 additions and 330 deletions
--- a/3
+++ b/3
@ -9,7 +9,8 @@ fmt: clean
 	gofmt -w -s *.go

 setup: fmt
-	rsync -rav ~/i2p/certificates/ certificates
+	rsync -rav ~/i2p/certificates/ssl/ ssl/
+	rsync -rav ~/i2p/certificates/reseed/ reseed/

 build: fmt
 	go build -o reseed-monitor/reseed-monitor ./reseed-monitor
--- a/index.html
+++ b/index.html
--- a/page.go
+++ b/page.go
@ -1,13 +1,17 @@
 package monitor

 import (
+	"crypto/x509"
+	"encoding/pem"
 	"fmt"
-	"github.com/yosssi/gohtml"
 	"io/ioutil"
 	"log"
 	"os"
 	"path/filepath"
 	"strings"
+
+	"github.com/eyedeekay/i2p-tools-1/su3"
+	"github.com/yosssi/gohtml"
 )

 var headline = `<!DOCTYPE html>
@ -15,8 +19,8 @@ var headline = `<!DOCTYPE html>
    <head>
      <meta charset="utf-8">
      <title> I2P Reseed Monitoring </title>
-      <link rel="stylesheet" href="/styles.css">
-	  <script src="/script.js"></script>
+      <link rel="stylesheet" href="style.css">
+	  <script src="script.js"></script>
    </head>
    <body>
 `
@ -44,9 +48,9 @@ func GeneratePage() (string, error) {
 			}
 			if strings.HasSuffix(info.Name(), ".json") {
 				if info.Name() != "config.json" {
-					ret += "\n" + `  <div class="` + TrimDir(path) + `" id="` + TrimDir(path) + `">` + "\n"
+					ret += "\n" + `  <div class="` + TrimDir(path) + ` Reseed" id="` + TrimDir(path) + `">` + "\n"
 					ret += "\n" + `    <h4><a href="#` + TrimDir(path) + `">` + filepath.Dir(path) + "</a></h4>\n"
-					menu += "\n" + `  <h3><a class="` + TrimDir(path) + `" href="#` + TrimDir(path) + `">` + filepath.Dir(path) + "</a></h3>\n"
+					menu += "\n" + `  <h3> + <a class="` + TrimDir(path) + `" href="#` + TrimDir(path) + `">` + filepath.Dir(path) + "</a></h3>\n"
 					f, e := ioutil.ReadFile(path)
 					if e == nil {
 						pre := string(f)
@ -62,10 +66,23 @@ func GeneratePage() (string, error) {
 								ret += "\n      </span>\n"
 								ret += "\n" + `      <span class="` + TrimDir(path) + " " + ky + ` value">` + vy + "\n"
 								ret += "\n      </span>\n"
+								ret += `    </div>`
+							}
+						}
+						su3bytes, e := ioutil.ReadFile(filepath.Join(filepath.Dir(path), "i2pseeds.su3"))
+						if e == nil {
+							su3file := su3.New()
+							err = su3file.UnmarshalBinary(su3bytes)
+							if err != nil {
+								return err
+							}
+							Valid, Errored := CheckKeys(su3file, "./reseed")
+							if Errored != nil {
+								ret += `<div id="` + TrimDir(path) + ` Invalid">` + Errored.Error() + `</div>`
+							} else {
+								ret += `<div id="` + TrimDir(path) + ` Valid">` + Valid + `</div>`
 							}
-							ret += `    </div>`
 						}
-
 					} else {
 						ret = e.Error()
 					}
@ -81,6 +98,30 @@ func GeneratePage() (string, error) {
 	return gohtml.Format(headline + menu + ret + footline), nil
 }

+func CheckKeys(su3file *su3.File, dir string) (string, error) {
+	files, err := ioutil.ReadDir(dir)
+	if err != nil {
+		return "", err
+	}
+	for _, v := range files {
+		file, err := ioutil.ReadFile(filepath.Join(dir, v.Name()))
+		if err != nil {
+			return "", err
+		}
+		pemfile, _ := pem.Decode(file)
+		crt, err := x509.ParseCertificate(pemfile.Bytes)
+		if err == nil {
+			err = su3file.VerifySignature(crt)
+			if err == nil {
+				return "Reseed verified by certificate" + v.Name(), nil
+			}
+		} else {
+			return "", err
+		}
+	}
+	return "", fmt.Errorf("No reseed certs were found")
+}
+
 func TrimDir(path string) string {
 	return strings.Replace(strings.Replace(strings.Split(filepath.Dir(path), ":")[0], ".", "", -1), "/", "", -1)
 }
--- a/script.js
+++ b/script.js
--- a/style.css
+++ b/style.css
@ -0,0 +1,3 @@
+.Reseed {
+	border: 1px solid black;
+}