p12 files can now be provided to the bot to authenticate as a registered user

2016-07-10 20:41:51 -07:00 · 2016-07-10 20:41:51 -07:00 · 32167c1294
parent 5434077d73
commit 32167c1294
8 changed files with 89 additions and 23 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,6 +1,9 @@
 MumbleDJ Changelog
 ==================

+### July 10, 2016 -- `v3.1.0`
+* File path for user `p12` certificate can now be provided for authenticating as a registered user via the `--p12` commandline flag or the `connection.user_p12` configuration value.
+
 ### July 1, 2016 -- `v3.0.11`
 * Potential fix for an issue with IP SANs on PEM certs.

--- a/README.md
+++ b/README.md
@ -116,23 +116,24 @@ USAGE:
   mumbledj [global options] command [command options] [arguments...]
   
 VERSION:
-   3.0.0-alpha
+   v3.1.0
   
 COMMANDS:
 GLOBAL OPTIONS:
-   --config value, -c value        location of MumbleDJ configuration file (default: "$HOME/.config/mumbledj/mumbledj.yaml")
-   --server value, -s value        address of Mumble server to connect to (default: "127.0.0.1")
-   --port value, -o value          port of Mumble server to connect to (default: "64738")
-   --username value, -u value      username for the bot (default: "MumbleDJ")
-   --password value, -p value      password for the Mumble server
-   --channel value, -n value       channel the bot enters after connecting to the Mumble server
-   --cert value, -e value          path to PEM certificate
-   --key value, -k value           path to PEM key
-   --accesstokens value, -a value  list of access tokens separated by spaces
-   --insecure, -i                  if present, the bot will not check Mumble certs for consistency
-   --debug, -d                     if present, all debug messages will be shown
-   --help, -h                      show help
-   --version, -v                   print the version
+   --config value, -c value		location of MumbleDJ configuration file (default: "/home/matthieu/.config/mumbledj/config.yaml")
+   --server value, -s value		address of Mumble server to connect to (default: "127.0.0.1")
+   --port value, -o value		port of Mumble server to connect to (default: "64738")
+   --username value, -u value		username for the bot (default: "MumbleDJ")
+   --password value, -p value		password for the Mumble server
+   --channel value, -n value		channel the bot enters after connecting to the Mumble server
+   --p12 value				path to user p12 file for authenticating as a registered user
+   --cert value, -e value		path to PEM certificate
+   --key value, -k value		path to PEM key
+   --accesstokens value, -a value	list of access tokens separated by spaces
+   --insecure, -i			if present, the bot will not check Mumble certs for consistency
+   --debug, -d				if present, all debug messages will be shown
+   --help, -h				show help
+   --version, -v			print the version

 ```

--- a/bindata.go
+++ b/bindata.go
--- a/bot/config.go
+++ b/bot/config.go
@ -40,6 +40,7 @@ func SetDefaultConfig() {
 	viper.SetDefault("connection.port", 64738)
 	viper.SetDefault("connection.password", "")
 	viper.SetDefault("connection.username", "MumbleDJ")
+	viper.SetDefault("connection.user_p12", "")
 	viper.SetDefault("connection.insecure", false)
 	viper.SetDefault("connection.cert", "")
 	viper.SetDefault("connection.key", "")
--- a/bot/mumbledj.go
+++ b/bot/mumbledj.go
@ -11,7 +11,10 @@ import (
 	"crypto/tls"
 	"errors"
 	"fmt"
+	"io/ioutil"
 	"net"
+	"os"
+	"os/exec"
 	"strings"
 	"time"

@ -193,15 +196,48 @@ func (dj *MumbleDJ) Connect() error {
 	// Initialize key pair if needed.
 	if viper.GetBool("connection.insecure") {
 		dj.TLSConfig.InsecureSkipVerify = true
-	}
-	dj.TLSConfig.ServerName = viper.GetString("connection.address")
+	} else {
+		dj.TLSConfig.ServerName = viper.GetString("connection.address")

-	if viper.GetString("connection.cert") != "" {
-		if viper.GetString("connection.key") == "" {
-			viper.Set("connection.key", viper.GetString("connection.cert"))
+		if viper.GetString("connection.cert") != "" {
+			if viper.GetString("connection.key") == "" {
+				viper.Set("connection.key", viper.GetString("connection.cert"))
+			}
+
+			if certificate, err := tls.LoadX509KeyPair(viper.GetString("connection.cert"), viper.GetString("connection.key")); err == nil {
+				dj.TLSConfig.Certificates = append(dj.TLSConfig.Certificates, certificate)
+			} else {
+				return err
+			}
+		}
+	}
+
+	// Add user p12 cert if needed.
+	if viper.GetString("connection.user_p12") != "" {
+		if _, err := os.Stat(viper.GetString("connection.user_p12")); os.IsNotExist(err) {
+			return err
 		}

-		if certificate, err := tls.LoadX509KeyPair(viper.GetString("connection.cert"), viper.GetString("connection.key")); err == nil {
+		// Create temporary directory for converted p12 file.
+		dir, err := ioutil.TempDir("", "mumbledj")
+		if err != nil {
+			return err
+		}
+		defer os.RemoveAll(dir)
+
+		// Create temporary mumbledj.crt.pem from p12 file.
+		command := exec.Command("openssl", "pkcs12", "-password", "pass:", "-in", viper.GetString("connection.user_p12"), "-out", dir+"/mumbledj.crt.pem", "-clcerts", "-nokeys")
+		if err := command.Run(); err != nil {
+			return err
+		}
+
+		// Create temporary mumbledj.key.pem from p12 file.
+		command = exec.Command("openssl", "pkcs12", "-password", "pass:", "-in", viper.GetString("connection.user_p12"), "-out", dir+"/mumbledj.key.pem", "-nocerts", "-nodes")
+		if err := command.Run(); err != nil {
+			return err
+		}
+
+		if certificate, err := tls.LoadX509KeyPair(dir+"/mumbledj.crt.pem", dir+"/mumbledj.key.pem"); err == nil {
 			dj.TLSConfig.Certificates = append(dj.TLSConfig.Certificates, certificate)
 		} else {
 			return err
--- a/bot/startup.go
+++ b/bot/startup.go
@ -58,6 +58,10 @@ func PerformStartupChecks() {
 	if err := checkAria2Installation(); err != nil {
 		logrus.Warnln("aria2 is not installed or is not discoverable in $PATH. The bot will still partially work, but some services will not work properly.")
 	}
+
+	if err := checkOpenSSLInstallation(); err != nil {
+		logrus.Warnln("openssl is not installed or is not discoverable in $PATH. p12 certificate files will not work.")
+	}
 }

 func checkYouTubeDLInstallation() error {
@ -95,3 +99,12 @@ func checkAria2Installation() error {
 	}
 	return nil
 }
+
+func checkOpenSSLInstallation() error {
+	logrus.Infoln("Checking openssl installation...")
+	command := exec.Command("openssl", "version")
+	if err := command.Run(); err != nil {
+		return errors.New("openssl is not properly installed")
+	}
+	return nil
+}
--- a/config.yaml
+++ b/config.yaml
@ -63,6 +63,10 @@ connection:
    # Username for MumbleDJ.
    username: "MumbleDJ"

+    # Filepath to user p12 file for authenticating as a registered user.
+    # NOTE: If no p12 file is needed, set to empty string ("").
+    user_p12: ""
+
    # Should the bot attempt an insecure connection?
    # An insecure connection does not verify the certificate of the server for
    # consistency. It is best to leave this on, but disable it if you are having
--- a/main.go
+++ b/main.go
@ -32,7 +32,7 @@ func init() {
 	services.DJ = DJ
 	bot.DJ = DJ

-	DJ.Version = "v3.0.11"
+	DJ.Version = "v3.1.0"

 	logrus.SetLevel(logrus.WarnLevel)
 }
@ -73,6 +73,11 @@ func main() {
 			Value: "",
 			Usage: "channel the bot enters after connecting to the Mumble server",
 		},
+		cli.StringFlag{
+			Name:  "p12",
+			Value: "",
+			Usage: "path to user p12 file for authenticating as a registered user",
+		},
 		cli.StringFlag{
 			Name:  "cert, e",
 			Value: "",
@ -156,6 +161,9 @@ func main() {
 		if c.GlobalIsSet("channel") {
 			viper.Set("defaults.channel", c.String("channel"))
 		}
+		if c.GlobalIsSet("p12") {
+			viper.Set("connection.user_p12", c.String("p12"))
+		}
 		if c.GlobalIsSet("cert") {
 			viper.Set("connection.cert", c.String("cert"))
 		}