move tools models into main project model (#14)

Author: botsman

app/models/models.go

@@ -10,17 +10,17 @@ import (
 type Service string
 
 const (
-	AIS Service = "AISP"
-	PIS Service = "PISP"
+	AISP Service = "AISP"
+	PISP Service = "PISP"
 	// CBPII Service = "CBPII"
 )
 
 func serviceFromString(str string) (Service, error) {
 	switch str {
 	case "PS_080":
-		return AIS, nil
+		return AISP, nil
 	case "PS_070":
-		return PIS, nil
+		return PISP, nil
 	}
 	return "", fmt.Errorf("unknown service: %s", str)
 }
@@ -154,3 +154,40 @@ func (t *TPP) UnmarshalJSON(data []byte) error {
 	t.Registry = "EBA"
 	return nil
 }
+
+
+type Register string
+
+const (
+	EBA Register = "EBA"
+)
+
+type CertType string
+
+const (
+	QWAC   CertType = "QWAC"
+	QSealC CertType = "QSealC"
+)
+
+type Scope string
+
+const (
+	AIS Scope = "AIS"
+	PIS Scope = "PIS"
+)
+
+
+type ParsedCert struct {
+	Pem          string
+	SerialNumber string
+	Sha256       string
+	// Links        []string
+	Registers    []Register
+	NotBefore    time.Time
+	NotAfter     time.Time
+	Type         CertType // types?
+	Scopes       []Scope
+	Order        int
+	RootSha256   string
+	// CRLs		 []string ??
+}

app/verify/verify.go

@@ -356,10 +356,7 @@ func formatCertContent(content []byte) ([]byte, error) {
 	buffer.WriteString(certPrefix)
 	buffer.WriteString("\n")
 	for i := 0; i < len(contentString); i += pemLineLength {
-		end := i + pemLineLength
-		if end > len(contentString) {
-			end = len(contentString)
-		}
+		end := min(i+pemLineLength, len(contentString))
 		buffer.WriteString(contentString[i:end])
 		buffer.WriteString("\n")
 	}
@@ -543,9 +540,9 @@ func getCertServices(cert ParsedCert) []models.Service {
 	for _, scope := range cert.Scopes {
 		switch scope {
 		case PSP_PI:
-			services = append(services, models.PIS)
+			services = append(services, models.PISP)
 		case PSP_AI:
-			services = append(services, models.AIS)
+			services = append(services, models.AISP)
 		default:
 			log.Printf("Unknown scope in certificate: %s", scope)
 			continue

app/verify/verify_test.go

@@ -93,7 +93,7 @@ func (m *MockDb) GetTpp(ctx context.Context, id string) (*models.TPP, error) {
 			NameNative: "Teszt TPP",
 			Authority:  "Test Authority",
 			Services: map[string][]models.Service{
-				"FI": {models.AIS, models.PIS},
+				"FI": {models.AISP, models.PISP},
 			},
 			AuthorizedAt: time.Now(),
 			WithdrawnAt:  time.Time{},

server/db/mongo.go

@@ -17,20 +17,20 @@ type MongoClient struct {
 	Database *mongo.Database
 }
 
-func GetMongoDb() (*MongoClient, error) {
+func GetMongoDb(ctx context.Context) (*MongoClient, error) {
 	mongoURI := os.Getenv("MONGO_URL")
 	if mongoURI == "" {
 		return nil, errors.New("MONGO_URL is not set")
 	}
 	clientOptions := options.Client().ApplyURI(mongoURI)
 
-	mongoClient, err := mongo.Connect(nil, clientOptions)
+	mongoClient, err := mongo.Connect(ctx, clientOptions)
 	if err != nil {
 		log.Fatal(err)
 		return nil, err
 	}
 
-	err = mongoClient.Ping(nil, nil)
+	err = mongoClient.Ping(ctx, nil)
 	if err != nil {
 		log.Fatal(err)
 		return nil, err
@@ -45,7 +45,7 @@ func GetMongoDb() (*MongoClient, error) {
 }
 
 func (db *MongoClient) Disconnect(ctx context.Context) error {
-	return db.Disconnect(ctx)
+	return db.Database.Client().Disconnect(ctx)
 }
 
 
@@ -62,6 +62,29 @@ func (r *TppMongoRepository) GetTpp(ctx context.Context, id string) (*models.TPP
 	return tpp, nil
 }
 
+func (r *TppMongoRepository) GetRootCertificates(ctx context.Context) ([]string, error) {
+	// Get all certificates from the "certs" collection for now
+	cursor, err := r.db.Collection("certs").Find(ctx, bson.M{})
+	if err != nil {
+		return nil, err
+	}
+	defer cursor.Close(ctx)
+
+	var roots []string
+	for cursor.Next(ctx) {
+		// TODO: move models from the tools package to the app/models package
+		var tpp models.ParsedCert
+		if err := cursor.Decode(&tpp); err != nil {
+			return nil, err
+		}
+		roots = append(roots, tpp.Pem)
+	}
+	if err := cursor.Err(); err != nil {
+		return nil, err
+	}
+	return roots, nil
+}
+
 func NewTppMongoRepository(db *mongo.Database) *TppMongoRepository {
 	return &TppMongoRepository{db: db}
 }

server/run.go

@@ -2,6 +2,7 @@ package main
 
 import (
 	"context"
+	"crypto/x509"
 	"log"
 	"net/http"
 
@@ -11,7 +12,8 @@ import (
 )
 
 func main() {
-	client, err := db.GetMongoDb()
+	ctx := context.Background()
+	client, err := db.GetMongoDb(ctx)
 	if err != nil {
 		panic(err)
 	}
@@ -24,6 +26,18 @@ func main() {
 	httpClient := &http.Client{} // Assuming you want to use a default HTTP client
 	tppRepo := db.NewTppMongoRepository(client.Database)
 	vs := verify.NewVerifySvc(tppRepo, httpClient)
+	roots, err := tppRepo.GetRootCertificates(ctx)
+	if err != nil {
+		log.Fatalf("Failed to get root certificates: %v", err)
+	}
+	rootPool := x509.NewCertPool()
+	for _, root := range roots {
+		// TODO: check if roots are formatted correctly
+		if !rootPool.AppendCertsFromPEM([]byte(root)) {
+			log.Printf("Failed to append root certificate")
+		}
+	}
+	vs.SetRoots(rootPool)
 	r := app.SetupRouter(vs)
 	r.Run()
 }

tools/eba_certs/main.go

@@ -12,35 +12,18 @@ import (
 
 	"go.mongodb.org/mongo-driver/mongo"
 	"go.mongodb.org/mongo-driver/mongo/options"
+
+	"github.com/botsman/tppVerifier/app/models"
 )
 
 // Load XML files from EBA
 // Parse them
 // Insert results into the database
 
-type CertType string
-
-const (
-	QWAC   CertType = "QWAC"
-	QSealC CertType = "QSealC"
-)
-
-type Scope string
-
-const (
-	AIS Scope = "AIS"
-	PIS Scope = "PIS"
-)
-
-type Register string
-
-const (
-	EBA Register = "EBA"
-)
 
 type RawCert struct {
 	Pem  string
-	Type CertType
+	Type models.CertType
 }
 
 func getEEACountries() []string {
@@ -125,7 +108,7 @@ func parseXML(xmlData []byte) <-chan RawCert {
 					continue
 				}
 				serviceType := tspService.ServiceInformation.getType()
-				if serviceType != QSealC {
+				if serviceType != models.QSealC {
 					continue
 				}
 				cert := tspService.ServiceInformation.getPemCert()
@@ -163,8 +146,8 @@ func parseXMLs(xmlChan <-chan []byte) <-chan RawCert {
 	return certsChan
 }
 
-func parseCerts(certChan <-chan RawCert) <-chan ParsedCert {
-	parsedCertChan := make(chan ParsedCert)
+func parseCerts(certChan <-chan RawCert) <-chan models.ParsedCert {
+	parsedCertChan := make(chan models.ParsedCert)
 	go func() {
 		defer close(parsedCertChan)
 		for cert := range certChan {

tools/eba_certs/parseCert.go

@@ -6,46 +6,34 @@ import (
 	"encoding/hex"
 	"encoding/pem"
 	"fmt"
-	"time"
+
+	"github.com/botsman/tppVerifier/app/models"
 )
 
-type ParsedCert struct {
-	Pem          string
-	SerialNumber string
-	Sha256       string
-	// Links        []string
-	Registers    []Register
-	NotBefore    time.Time
-	NotAfter     time.Time
-	Type         CertType // types?
-	Scopes       []Scope
-	Order        int
-	RootSha256   string
-	// CRLs		 []string ??
-}
+
 
 const certPrefix = "-----BEGIN CERTIFICATE-----"
 const certSuffix = "-----END CERTIFICATE-----"
 
 
-func parseCert(cert RawCert) (ParsedCert, error) {
+func parseCert(cert RawCert) (models.ParsedCert, error) {
 	var certPem = cert.Pem
 	formattedCert := fmt.Sprintf("%s\n%s\n%s", certPrefix, certPem, certSuffix)
 	var block, _ = pem.Decode([]byte(formattedCert))
 	if block == nil {
-		return ParsedCert{}, fmt.Errorf("failed to parse certificate")
+		return models.ParsedCert{}, fmt.Errorf("failed to parse certificate")
 	}
 	x509Cert, err := x509.ParseCertificate([]byte(block.Bytes))
 	if err != nil {
-		return ParsedCert{}, err
+		return models.ParsedCert{}, err
 	}
 
-	return ParsedCert{
+	return models.ParsedCert{
 		Pem:          cert.Pem,
 		SerialNumber: x509Cert.SerialNumber.String(),
 		Sha256:       getSha256(x509Cert),
 		// Links:        x509Cert.IssuingCertificateURL,
-		Registers:    []Register{EBA},
+		Registers:    []models.Register{models.EBA},
 		NotBefore:    x509Cert.NotBefore,
 		NotAfter:     x509Cert.NotAfter,
 		Type:         cert.Type,

tools/eba_certs/xmlStructs.go

@@ -1,5 +1,9 @@
 package main
 
+import (
+	"github.com/botsman/tppVerifier/app/models"
+)
+
 type TrustServiceStatusList struct {
 	TrustServiceProviders []TrustServiceProvider `xml:"TrustServiceProviderList>TrustServiceProvider"`
 }
@@ -23,13 +27,13 @@ func (si ServiceInformation) isValidStatus() bool {
 	return si.ServiceStatus == "http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/granted"
 }
 
-func (si ServiceInformation) getType() CertType {
+func (si ServiceInformation) getType() models.CertType {
 	for _, ext := range si.ServiceInformationExtensions.Extensions {
 		if ext.AdditionalServiceInformation.URI == "http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/ForWebSiteAuthentication" {
-			return QWAC
+			return models.QWAC
 		}
 		if ext.AdditionalServiceInformation.URI == "http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/ForeSeals" {
-			return QSealC
+			return models.QSealC
 		}
 	}
 	return ""