konbata/hosts.go

package main

import (
	"bufio"
	"crypto/sha256"
	"crypto/x509"
	"encoding/hex"
	"errors"
	"os"
	"path/filepath"
	"strconv"
	"strings"
	"time"
)

var hosts map[string]Host

type Host struct {
	// string since why convert it to bytes and handle errors when you can just not
	Fingerprint string
	NotAfter    time.Time
}

func populateHosts() error {
	file, err := os.OpenFile(filepath.Join(xdgDataHome(), "konbata", "known_hosts_2"), os.O_RDONLY|os.O_CREATE, 0600)
	if err != nil {
		return err
	}
	defer file.Close()
	scanner := bufio.NewScanner(file)
	hosts = make(map[string]Host)
	for scanner.Scan() {
		if scanner.Text() == "" {
			continue
		}
		values := strings.Split(scanner.Text(), " ")
		if len(values) != 3 {
			return errors.New("malformed host line encountered")
		}
		hostname := values[0]
		fingerprint := values[1]
		timeInt, err := strconv.ParseInt(values[2], 10, 0)
		if err != nil {
			return err
		}
		hosts[hostname] = Host{
			Fingerprint: fingerprint,
			NotAfter:    time.UnixMicro(timeInt),
		}
	}
	return nil
}

func saveHostsTmp(filename string) error {
	file, err := os.OpenFile(filename, os.O_WRONLY|os.O_CREATE, 0600)
	if err != nil {
		return err
	}
	defer file.Close()
	err = file.Truncate(0)
	if err != nil {
		return err
	}
	writer := bufio.NewWriter(file)
	for hostname, host := range hosts {
		_, err = writer.WriteString(hostname)
		if err != nil {
			return err
		}
		_, err = writer.WriteRune(' ')
		if err != nil {
			return err
		}
		_, err = writer.WriteString(host.Fingerprint)
		if err != nil {
			return err
		}
		_, err = writer.WriteRune(' ')
		if err != nil {
			return err
		}
		_, err = writer.WriteString(strconv.FormatInt(host.NotAfter.UnixMicro(), 10))
		if err != nil {
			return err
		}
		_, err = writer.WriteRune('\n')
		if err != nil {
			return err
		}
	}
	return writer.Flush()
}

func saveHosts() error {
	filename := filepath.Join(xdgDataHome(), "konbata", "known_hosts_2")
	tmpFilename := filepath.Join(xdgDataHome(), "konbata", "known_hosts_2.tmp")
	err := saveHostsTmp(tmpFilename)
	if err != nil {
		return err
	}
	return os.Rename(tmpFilename, filename)
}

func TrustCertificate(hostname string, cert *x509.Certificate) error {
	hash := sha256.New()
	hash.Write(cert.Raw)
	fingerprint := hex.EncodeToString(hash.Sum(nil))
	currentTime := time.Now()

	host, ok := hosts[hostname]
	if !ok || currentTime.After(host.NotAfter) {
		if currentTime.Before(cert.NotBefore) {
			return errors.New("cert is used before its not before value")
		}
		hosts[hostname] = Host{
			Fingerprint: fingerprint,
			NotAfter:    cert.NotAfter,
		}
		return saveHosts()
	} else if host.Fingerprint != fingerprint {
		return errors.New("fingerprint does not match!")
	}
	return nil
}
Rewrite fingerprint checking 2023-01-01 17:11:02 +00:00			`package main`

			`import (`
			`"bufio"`
			`"crypto/sha256"`
			`"crypto/x509"`
			`"encoding/hex"`
			`"errors"`
			`"os"`
			`"path/filepath"`
			`"strconv"`
			`"strings"`
			`"time"`
			`)`

			`var hosts map[string]Host`

			`type Host struct {`
			`// string since why convert it to bytes and handle errors when you can just not`
			`Fingerprint string`
			`NotAfter time.Time`
			`}`

			`func populateHosts() error {`
			`file, err := os.OpenFile(filepath.Join(xdgDataHome(), "konbata", "known_hosts_2"), os.O_RDONLY\|os.O_CREATE, 0600)`
			`if err != nil {`
			`return err`
			`}`
			`defer file.Close()`
			`scanner := bufio.NewScanner(file)`
			`hosts = make(map[string]Host)`
			`for scanner.Scan() {`
			`if scanner.Text() == "" {`
			`continue`
			`}`
			`values := strings.Split(scanner.Text(), " ")`
			`if len(values) != 3 {`
			`return errors.New("malformed host line encountered")`
			`}`
			`hostname := values[0]`
			`fingerprint := values[1]`
			`timeInt, err := strconv.ParseInt(values[2], 10, 0)`
			`if err != nil {`
			`return err`
			`}`
			`hosts[hostname] = Host{`
			`Fingerprint: fingerprint,`
			`NotAfter: time.UnixMicro(timeInt),`
			`}`
			`}`
			`return nil`
			`}`

			`func saveHostsTmp(filename string) error {`
			`file, err := os.OpenFile(filename, os.O_WRONLY\|os.O_CREATE, 0600)`
			`if err != nil {`
			`return err`
			`}`
			`defer file.Close()`
			`err = file.Truncate(0)`
			`if err != nil {`
			`return err`
			`}`
			`writer := bufio.NewWriter(file)`
			`for hostname, host := range hosts {`
			`_, err = writer.WriteString(hostname)`
			`if err != nil {`
			`return err`
			`}`
			`_, err = writer.WriteRune(' ')`
			`if err != nil {`
			`return err`
			`}`
			`_, err = writer.WriteString(host.Fingerprint)`
			`if err != nil {`
			`return err`
			`}`
			`_, err = writer.WriteRune(' ')`
			`if err != nil {`
			`return err`
			`}`
			`_, err = writer.WriteString(strconv.FormatInt(host.NotAfter.UnixMicro(), 10))`
			`if err != nil {`
			`return err`
			`}`
			`_, err = writer.WriteRune('\n')`
			`if err != nil {`
			`return err`
			`}`
			`}`
			`return writer.Flush()`
			`}`

			`func saveHosts() error {`
			`filename := filepath.Join(xdgDataHome(), "konbata", "known_hosts_2")`
			`tmpFilename := filepath.Join(xdgDataHome(), "konbata", "known_hosts_2.tmp")`
			`err := saveHostsTmp(tmpFilename)`
			`if err != nil {`
			`return err`
			`}`
			`return os.Rename(tmpFilename, filename)`
			`}`

			`func TrustCertificate(hostname string, cert *x509.Certificate) error {`
			`hash := sha256.New()`
			`hash.Write(cert.Raw)`
			`fingerprint := hex.EncodeToString(hash.Sum(nil))`
			`currentTime := time.Now()`

			`host, ok := hosts[hostname]`
			`if !ok \|\| currentTime.After(host.NotAfter) {`
			`if currentTime.Before(cert.NotBefore) {`
			`return errors.New("cert is used before its not before value")`
			`}`
			`hosts[hostname] = Host{`
			`Fingerprint: fingerprint,`
			`NotAfter: cert.NotAfter,`
			`}`
			`return saveHosts()`
			`} else if host.Fingerprint != fingerprint {`
			`return errors.New("fingerprint does not match!")`
			`}`
			`return nil`
			`}`