// DialRouter connects anonymously to a remote Tao-delegated mixnet router.
func (p *ProxyContext) DialRouter(network, addr string) (*Conn, error) {
c, err := tao.Dial(network, addr, p.domain.Guard, p.domain.Keys.VerifyingKey, nil, nil)
if err != nil {
return nil, err
}
return &Conn{c, p.nextID(), p.timeout}, nil
}
func doRequest(guard tao.Guard, domain *tao.Domain, keys *tao.Keys) bool {
fmt.Printf("client: connecting to %s using %s authentication.\n", serverAddr, *demoAuth)
var conn net.Conn
var err error
network := "tcp"
switch *demoAuth {
case "tcp":
conn, err = net.Dial(network, serverAddr)
case "tls":
conn, err = tao.DialTLSWithKeys(network, serverAddr, keys)
case "tao":
conn, err = tao.Dial(network, serverAddr, guard, domain.Keys.VerifyingKey, keys)
}
if err != nil {
fmt.Fprintf(os.Stderr, "client: error connecting to %s: %s\n", serverAddr, err.Error())
return false
}
defer conn.Close()
_, err = fmt.Fprintf(conn, "Hello\n")
if err != nil {
fmt.Fprintf(os.Stderr, "client: can't write: %s\n", err.Error())
return false
}
msg, err := bufio.NewReader(conn).ReadString('\n')
if err != nil {
fmt.Fprintf(os.Stderr, "client: can't read: %s\n", err.Error())
return false
}
msg = strings.TrimSpace(msg)
fmt.Printf("client: got reply: %s\n", msg)
return true
}
// Connect establishes a connection to a netlog server, if necessary. This will
// be called automatically by Log() and Entries().
func (srv *Server) Connect() error {
if srv.Conn != nil {
return nil
}
keys, err := tao.NewTemporaryTaoDelegatedKeys(tao.Signing, nil, tao.Parent())
if err != nil {
return err
}
conn, err := tao.Dial("tcp", srv.Addr, srv.Guard, srv.DomainKey, keys, nil)
if err != nil {
return err
}
srv.Conn = conn
return nil
}
// Connect opens a connection to the server, if not already connected. If keys
// are provided, they will be used to connect. Otherwise, if running under a
// Tao, new Tao-delegated keys will be created to authenticate to the rendezvous
// server.
func (s *Server) Connect(keys *tao.Keys) error {
if s.conn != nil {
return nil
}
var err error
if keys == nil && tao.Parent() != nil {
keys, err = tao.NewTemporaryTaoDelegatedKeys(tao.Signing, nil, tao.Parent())
if err != nil {
return err
}
}
addr := net.JoinHostPort(s.Host, s.Port)
conn, err := tao.Dial("tcp", addr, nil /* guard */, nil /* verifier */, keys, nil)
if err != nil {
return err
}
s.conn = conn
return nil
}
// Submit sends a CSR to a certificate authority server. The keys are used to
// authenticate to the server.
func (server *Server) Submit(keys *tao.Keys, csr *CSR) ([]*x509.Certificate, error) {
addr := net.JoinHostPort(server.Host, server.Port)
conn, err := tao.Dial("tcp", addr, nil /* guard */, nil /* verifier */, keys, nil)
if err != nil {
return nil, err
}
defer conn.Close()
ms := util.NewMessageStream(conn)
req := &Request{CSR: csr}
_, err = ms.WriteMessage(req)
if err != nil {
return nil, err
}
var resp Response
if err := ms.ReadMessage(&resp); err != nil {
return nil, err
}
if *resp.Status != ResponseStatus_TAOCA_OK {
detail := "unknown error"
if resp.ErrorDetail != nil {
detail = *resp.ErrorDetail
}
return nil, fmt.Errorf("%s: %s", resp.Status, detail)
}
if len(resp.Cert) == 0 {
return nil, fmt.Errorf("no certificates in CA response")
}
certs := make([]*x509.Certificate, len(resp.Cert))
for i, c := range resp.Cert {
cert, err := x509.ParseCertificate(c.X509Cert)
if err != nil {
return nil, err
}
certs[i] = cert
}
return certs, nil
}
