// mmc -- Mattermost client
-// Copyright (C) 2023 Sergey Matveev <stargrave@stargrave.org>
+// Copyright (C) 2023-2024 Sergey Matveev <stargrave@stargrave.org>
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as
package mmc
import (
+ "crypto/sha256"
+ "crypto/x509"
+ "encoding/hex"
+ "errors"
"os"
"strings"
"time"
if _, err = w.WriteFields(fields...); err != nil {
return err
}
- lines := strings.Split(post.P.Message, "\n")
- for i, line := range lines {
- if strings.HasSuffix(line, "\\") {
- lines[i] += " "
- }
- }
- _, err = w.WriteFieldMultiline("Text", lines)
+ _, err = w.WriteFieldMultiline("Text", strings.Split(post.P.Message, "\n"))
return err
}
func GetEntrypoint() string {
s := os.Getenv("MMC_ENTRYPOINT")
if s == "" {
- return "mm.invalid"
+ return "http://mm.invalid"
+ }
+ return s
+}
+
+func GetSPKIHash() string {
+ s := os.Getenv("MMC_SPKI")
+ if s == "" {
+ return "deadbeef"
}
return s
}
+
+func NewVerifyPeerCertificate(hashExpected string) func(
+ rawCerts [][]byte, verifiedChains [][]*x509.Certificate,
+) error {
+ return func(
+ rawCerts [][]byte, verifiedChains [][]*x509.Certificate,
+ ) error {
+ cer, err := x509.ParseCertificate(rawCerts[0])
+ if err != nil {
+ return err
+ }
+ spki := cer.RawSubjectPublicKeyInfo
+ hsh := sha256.Sum256(spki)
+ if hashExpected != hex.EncodeToString(hsh[:]) {
+ return errors.New("server certificate's SPKI hash mismatch")
+ }
+ return nil
+ }
+}