status-go/server/client.go

package server

import (
	"bytes"
	"crypto/ecdsa"
	"crypto/tls"
	"crypto/x509"
	"encoding/json"
	"encoding/pem"
	"fmt"
	"io/ioutil"
	"net/http"
	"net/http/cookiejar"
	"net/url"

	"github.com/btcsuite/btcutil/base58"

	"github.com/status-im/status-go/logutils"
	"github.com/status-im/status-go/multiaccounts"
	"github.com/status-im/status-go/signal"
)

type PairingClient struct {
	*http.Client
	PayloadManager

	baseAddress     *url.URL
	certPEM         []byte
	serverPK        *ecdsa.PublicKey
	serverMode      Mode
	serverCert      *x509.Certificate
	serverChallenge []byte
}

func NewPairingClient(c *ConnectionParams, config *PairingPayloadManagerConfig) (*PairingClient, error) {
	u, err := c.URL()
	if err != nil {
		return nil, err
	}

	serverCert, err := getServerCert(u)
	if err != nil {
		return nil, err
	}
	err = verifyCert(serverCert, c.publicKey)
	if err != nil {
		return nil, err
	}
	certPem := pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: serverCert.Raw})

	rootCAs, err := x509.SystemCertPool()
	if err != nil {
		return nil, err
	}
	if ok := rootCAs.AppendCertsFromPEM(certPem); !ok {
		return nil, fmt.Errorf("failed to append certPem to rootCAs")
	}

	tr := &http.Transport{
		TLSClientConfig: &tls.Config{
			MinVersion:         tls.VersionTLS12,
			InsecureSkipVerify: false, // MUST BE FALSE
			RootCAs:            rootCAs,
		},
	}

	cj, err := cookiejar.New(nil)
	if err != nil {
		return nil, err
	}

	pm, err := NewPairingPayloadManager(c.aesKey, config, logutils.ZapLogger().Named("PairingClient"))
	if err != nil {
		return nil, err
	}

	return &PairingClient{
		Client:         &http.Client{Transport: tr, Jar: cj},
		baseAddress:    u,
		certPEM:        certPem,
		serverCert:     serverCert,
		serverPK:       c.publicKey,
		serverMode:     c.serverMode,
		PayloadManager: pm,
	}, nil
}

func (c *PairingClient) PairAccount() error {
	switch c.serverMode {
	case Receiving:
		return c.sendAccountData()
	case Sending:
		err := c.getChallenge()
		if err != nil {
			return err
		}
		return c.receiveAccountData()
	default:
		return fmt.Errorf("unrecognised server mode '%d'", c.serverMode)
	}
}

func (c *PairingClient) sendAccountData() error {
	err := c.Mount()
	if err != nil {
		return err
	}

	c.baseAddress.Path = pairingReceive
	resp, err := c.Post(c.baseAddress.String(), "application/octet-stream", bytes.NewBuffer(c.PayloadManager.ToSend()))
	if err != nil {
		signal.SendLocalPairingEvent(Event{Type: EventTransferError, Error: err.Error()})
		return err
	}

	if resp.StatusCode != http.StatusOK {
		signal.SendLocalPairingEvent(Event{Type: EventTransferError, Error: err.Error()})
		return fmt.Errorf("status not ok, received '%s'", resp.Status)
	}

	signal.SendLocalPairingEvent(Event{Type: EventTransferSuccess})

	c.PayloadManager.LockPayload()
	return nil
}

func (c *PairingClient) receiveAccountData() error {
	c.baseAddress.Path = pairingSend
	req, err := http.NewRequest(http.MethodGet, c.baseAddress.String(), nil)
	if err != nil {
		return err
	}

	if c.serverChallenge != nil {
		ec, err := c.PayloadManager.EncryptPlain(c.serverChallenge)
		if err != nil {
			return err
		}

		req.Header.Set(sessionChallenge, base58.Encode(ec))
	}

	resp, err := c.Do(req)
	if err != nil {
		signal.SendLocalPairingEvent(Event{Type: EventTransferError, Error: err.Error()})
		return err
	}

	if resp.StatusCode != http.StatusOK {
		err = fmt.Errorf("status not ok, received '%s'", resp.Status)
		signal.SendLocalPairingEvent(Event{Type: EventTransferError, Error: err.Error()})
		return err
	}

	payload, err := ioutil.ReadAll(resp.Body)
	if err != nil {
		signal.SendLocalPairingEvent(Event{Type: EventTransferError, Error: err.Error()})
		return err
	}
	signal.SendLocalPairingEvent(Event{Type: EventTransferSuccess})

	err = c.PayloadManager.Receive(payload)
	if err != nil {
		signal.SendLocalPairingEvent(Event{Type: EventProcessError, Error: err.Error()})
		return err
	}
	signal.SendLocalPairingEvent(Event{Type: EventProcessSuccess})
	return nil
}

func (c *PairingClient) getChallenge() error {
	c.baseAddress.Path = pairingChallenge
	resp, err := c.Get(c.baseAddress.String())
	if err != nil {
		return err
	}

	if resp.StatusCode != http.StatusOK {
		return fmt.Errorf("status not ok, received '%s'", resp.Status)
	}

	c.serverChallenge, err = ioutil.ReadAll(resp.Body)
	return err
}

func StartUpPairingClient(db *multiaccounts.Database, cs, configJSON string) error {
	var conf PairingPayloadSourceConfig
	err := json.Unmarshal([]byte(configJSON), &conf)
	if err != nil {
		return err
	}

	ccp := new(ConnectionParams)
	err = ccp.FromString(cs)
	if err != nil {
		return err
	}

	c, err := NewPairingClient(ccp, &PairingPayloadManagerConfig{db, conf})
	if err != nil {
		return err
	}

	return c.PairAccount()
}
Added basic client functionality 2022-05-03 14:50:40 +00:00			`package server`

			`import (`
Added PayloadManager and outbound pairing tests 2022-06-10 15:32:15 +00:00			`"bytes"`
Fix cycle import and added private key to Client 2022-05-10 09:34:53 +00:00			`"crypto/ecdsa"`
Added basic client functionality 2022-05-03 14:50:40 +00:00			`"crypto/tls"`
			`"crypto/x509"`
Added StartUpPairingClient and refactored client endpoints 2022-08-31 14:01:45 +00:00			`"encoding/json"`
Integrated server side only tls, public key and aes key connection string 2022-08-07 22:14:33 +00:00			`"encoding/pem"`
Added basic client functionality 2022-05-03 14:50:40 +00:00			`"fmt"`
Added PayloadManager and outbound pairing tests 2022-06-10 15:32:15 +00:00			`"io/ioutil"`
Added basic client functionality 2022-05-03 14:50:40 +00:00			`"net/http"`
Added challenge middleware 2022-08-19 12:45:50 +00:00			`"net/http/cookiejar"`
Added basic client functionality 2022-05-03 14:50:40 +00:00			`"net/url"`
Added challenge middleware 2022-08-19 12:45:50 +00:00
			`"github.com/btcsuite/btcutil/base58"`
Added StartUpPairingClient and refactored client endpoints 2022-08-31 14:01:45 +00:00
Added comprehensive logging 2022-10-21 12:15:39 +00:00			`"github.com/status-im/status-go/logutils"`
Added StartUpPairingClient and refactored client endpoints 2022-08-31 14:01:45 +00:00			`"github.com/status-im/status-go/multiaccounts"`
Refactor and tie in of signal events 2022-08-31 14:31:28 +00:00			`"github.com/status-im/status-go/signal"`
Added basic client functionality 2022-05-03 14:50:40 +00:00			`)`

Added PayloadManager and outbound pairing tests 2022-06-10 15:32:15 +00:00			`type PairingClient struct {`
Added basic client functionality 2022-05-03 14:50:40 +00:00			`*http.Client`
Added payload reset on PayloadManager level 2022-07-05 05:40:43 +00:00			`PayloadManager`
Added basic client functionality 2022-05-03 14:50:40 +00:00
Added challenge middleware 2022-08-19 12:45:50 +00:00			`baseAddress *url.URL`
			`certPEM []byte`
			`serverPK *ecdsa.PublicKey`
			`serverMode Mode`
			`serverCert *x509.Certificate`
			`serverChallenge []byte`
Added basic client functionality 2022-05-03 14:50:40 +00:00			`}`

More refactor to increase testability 2022-07-01 15:37:53 +00:00			`func NewPairingClient(c ConnectionParams, config PairingPayloadManagerConfig) (*PairingClient, error) {`
Integrated server side only tls, public key and aes key connection string 2022-08-07 22:14:33 +00:00			`u, err := c.URL()`
Added basic client functionality 2022-05-03 14:50:40 +00:00			`if err != nil {`
			`return nil, err`
			`}`

Integrated server side only tls, public key and aes key connection string 2022-08-07 22:14:33 +00:00			`serverCert, err := getServerCert(u)`
			`if err != nil {`
			`return nil, err`
			`}`
			`err = verifyCert(serverCert, c.publicKey)`
Added basic client functionality 2022-05-03 14:50:40 +00:00			`if err != nil {`
			`return nil, err`
			`}`
Integrated server side only tls, public key and aes key connection string 2022-08-07 22:14:33 +00:00			`certPem := pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: serverCert.Raw})`
Added basic client functionality 2022-05-03 14:50:40 +00:00
Integrated server side only tls, public key and aes key connection string 2022-08-07 22:14:33 +00:00			`rootCAs, err := x509.SystemCertPool()`
			`if err != nil {`
			`return nil, err`
			`}`
Added basic client functionality 2022-05-03 14:50:40 +00:00			`if ok := rootCAs.AppendCertsFromPEM(certPem); !ok {`
			`return nil, fmt.Errorf("failed to append certPem to rootCAs")`
			`}`

			`tr := &http.Transport{`
			`TLSClientConfig: &tls.Config{`
			`MinVersion: tls.VersionTLS12,`
			`InsecureSkipVerify: false, // MUST BE FALSE`
			`RootCAs: rootCAs,`
			`},`
			`}`

Added challenge middleware 2022-08-19 12:45:50 +00:00			`cj, err := cookiejar.New(nil)`
			`if err != nil {`
			`return nil, err`
			`}`

Added comprehensive logging 2022-10-21 12:15:39 +00:00			`pm, err := NewPairingPayloadManager(c.aesKey, config, logutils.ZapLogger().Named("PairingClient"))`
Added PayloadManager and outbound pairing tests 2022-06-10 15:32:15 +00:00			`if err != nil {`
			`return nil, err`
			`}`

			`return &PairingClient{`
Added challenge middleware 2022-08-19 12:45:50 +00:00			`Client: &http.Client{Transport: tr, Jar: cj},`
More refactor to increase testability 2022-07-01 15:37:53 +00:00			`baseAddress: u,`
			`certPEM: certPem,`
Integrated server side only tls, public key and aes key connection string 2022-08-07 22:14:33 +00:00			`serverCert: serverCert,`
			`serverPK: c.publicKey,`
More refactor to increase testability 2022-07-01 15:37:53 +00:00			`serverMode: c.serverMode,`
			`PayloadManager: pm,`
Added basic client functionality 2022-05-03 14:50:40 +00:00			`}, nil`
			`}`
Added PayloadManager and outbound pairing tests 2022-06-10 15:32:15 +00:00
			`func (c *PairingClient) PairAccount() error {`
			`switch c.serverMode {`
			`case Receiving:`
			`return c.sendAccountData()`
			`case Sending:`
Added challenge middleware 2022-08-19 12:45:50 +00:00			`err := c.getChallenge()`
			`if err != nil {`
			`return err`
			`}`
Added PayloadManager and outbound pairing tests 2022-06-10 15:32:15 +00:00			`return c.receiveAccountData()`
			`default:`
			`return fmt.Errorf("unrecognised server mode '%d'", c.serverMode)`
			`}`
			`}`

			`func (c *PairingClient) sendAccountData() error {`
Added and integrated StartUpPairingServer Also moved Mount() calls into the respective Server/Client send() funcs 2022-08-31 12:47:16 +00:00			`err := c.Mount()`
			`if err != nil {`
			`return err`
			`}`

Added PayloadManager and outbound pairing tests 2022-06-10 15:32:15 +00:00			`c.baseAddress.Path = pairingReceive`
Added challenge middleware 2022-08-19 12:45:50 +00:00			`resp, err := c.Post(c.baseAddress.String(), "application/octet-stream", bytes.NewBuffer(c.PayloadManager.ToSend()))`
Added PayloadManager and outbound pairing tests 2022-06-10 15:32:15 +00:00			`if err != nil {`
Added comprehensive logging 2022-10-21 12:15:39 +00:00			`signal.SendLocalPairingEvent(Event{Type: EventTransferError, Error: err.Error()})`
Added PayloadManager and outbound pairing tests 2022-06-10 15:32:15 +00:00			`return err`
			`}`

Added challenge middleware 2022-08-19 12:45:50 +00:00			`if resp.StatusCode != http.StatusOK {`
Added comprehensive logging 2022-10-21 12:15:39 +00:00			`signal.SendLocalPairingEvent(Event{Type: EventTransferError, Error: err.Error()})`
Added challenge middleware 2022-08-19 12:45:50 +00:00			`return fmt.Errorf("status not ok, received '%s'", resp.Status)`
			`}`

Refactor and tie in of signal events 2022-08-31 14:31:28 +00:00			`signal.SendLocalPairingEvent(Event{Type: EventTransferSuccess})`
Added payload locking to prevent multiple requests for the pairing data Signed-off-by: Samuel Hawksby-Robinson <samuel@samyoul.com> 2022-10-28 10:30:18 +00:00
			`c.PayloadManager.LockPayload()`
Added PayloadManager and outbound pairing tests 2022-06-10 15:32:15 +00:00			`return nil`
			`}`

			`func (c *PairingClient) receiveAccountData() error {`
			`c.baseAddress.Path = pairingSend`
Added challenge middleware 2022-08-19 12:45:50 +00:00			`req, err := http.NewRequest(http.MethodGet, c.baseAddress.String(), nil)`
			`if err != nil {`
			`return err`
			`}`

			`if c.serverChallenge != nil {`
			`ec, err := c.PayloadManager.EncryptPlain(c.serverChallenge)`
			`if err != nil {`
			`return err`
			`}`

			`req.Header.Set(sessionChallenge, base58.Encode(ec))`
			`}`

			`resp, err := c.Do(req)`
Added PayloadManager and outbound pairing tests 2022-06-10 15:32:15 +00:00			`if err != nil {`
Added comprehensive logging 2022-10-21 12:15:39 +00:00			`signal.SendLocalPairingEvent(Event{Type: EventTransferError, Error: err.Error()})`
Added PayloadManager and outbound pairing tests 2022-06-10 15:32:15 +00:00			`return err`
			`}`

Added challenge middleware 2022-08-19 12:45:50 +00:00			`if resp.StatusCode != http.StatusOK {`
Added comprehensive logging 2022-10-21 12:15:39 +00:00			`err = fmt.Errorf("status not ok, received '%s'", resp.Status)`
			`signal.SendLocalPairingEvent(Event{Type: EventTransferError, Error: err.Error()})`
			`return err`
Added challenge middleware 2022-08-19 12:45:50 +00:00			`}`

Added encrytion and dectription via PayloadManager 2022-06-10 23:03:16 +00:00			`payload, err := ioutil.ReadAll(resp.Body)`
			`if err != nil {`
Added comprehensive logging 2022-10-21 12:15:39 +00:00			`signal.SendLocalPairingEvent(Event{Type: EventTransferError, Error: err.Error()})`
Added encrytion and dectription via PayloadManager 2022-06-10 23:03:16 +00:00			`return err`
			`}`
Refactor and tie in of signal events 2022-08-31 14:31:28 +00:00			`signal.SendLocalPairingEvent(Event{Type: EventTransferSuccess})`
Added PayloadManager and outbound pairing tests 2022-06-10 15:32:15 +00:00
Refactor and tie in of signal events 2022-08-31 14:31:28 +00:00			`err = c.PayloadManager.Receive(payload)`
			`if err != nil {`
Added comprehensive logging 2022-10-21 12:15:39 +00:00			`signal.SendLocalPairingEvent(Event{Type: EventProcessError, Error: err.Error()})`
Refactor and tie in of signal events 2022-08-31 14:31:28 +00:00			`return err`
			`}`
			`signal.SendLocalPairingEvent(Event{Type: EventProcessSuccess})`
			`return nil`
Added PayloadManager and outbound pairing tests 2022-06-10 15:32:15 +00:00			`}`
Added challenge middleware 2022-08-19 12:45:50 +00:00
			`func (c *PairingClient) getChallenge() error {`
			`c.baseAddress.Path = pairingChallenge`
			`resp, err := c.Get(c.baseAddress.String())`
			`if err != nil {`
			`return err`
			`}`

			`if resp.StatusCode != http.StatusOK {`
			`return fmt.Errorf("status not ok, received '%s'", resp.Status)`
			`}`

			`c.serverChallenge, err = ioutil.ReadAll(resp.Body)`
			`return err`
			`}`
Added StartUpPairingClient and refactored client endpoints 2022-08-31 14:01:45 +00:00
			`func StartUpPairingClient(db *multiaccounts.Database, cs, configJSON string) error {`
			`var conf PairingPayloadSourceConfig`
			`err := json.Unmarshal([]byte(configJSON), &conf)`
			`if err != nil {`
			`return err`
			`}`

			`ccp := new(ConnectionParams)`
			`err = ccp.FromString(cs)`
Refactor and tie in of signal events 2022-08-31 14:31:28 +00:00			`if err != nil {`
			`return err`
			`}`
Added StartUpPairingClient and refactored client endpoints 2022-08-31 14:01:45 +00:00
			`c, err := NewPairingClient(ccp, &PairingPayloadManagerConfig{db, conf})`
			`if err != nil {`
			`return err`
			`}`

			`return c.PairAccount()`
			`}`