Merge #42: tlsrestrict: Fix various golint issues.

a0f4fa7 tlsrestrict: Fix various golint issues. (JeremyRand) d128f51 Remove underscore in tlsrestrict_chromium folder name. (JeremyRand) Pull request description: Tree-SHA512: 1b27c5820a84c5bd6c0a33592c6c19910a1a5c93a4d5061b92ec2f05173688377eba2cb08860558d6883586136e3720162dccfb9e3681535c758cd3ae5a5a98e
7 years ago · d6f4a5528e
parent 191f3899c1 a0f4fa7f3f
commit d6f4a5528e
3 changed files with 25 additions and 14 deletions
--- a/tlsrestrict_chromium/chromium.go
+++ b/tlsrestrict_chromium/chromium.go
@ -1,4 +1,4 @@
-package tlsrestrict_chromium
+package tlsrestrictchromium

 import (
 	"encoding/base64"
@ -10,7 +10,10 @@ import (
 	"crypto/sha256"
 )

-func DnsHash(fqdn string) (string, error) {
+// DNSHash converts an FQDN to DNS wire format, takes the SHA256 of it, and
+// then returns the result as a base64-encoded string.  This happens to be how
+// Chromium's HSTS/HPKP database internally stores domain names.
+func DNSHash(fqdn string) (string, error) {
 	domainNamePacked := make([]byte, 256)
 	offset, err := dns.PackDomainName(fqdn, domainNamePacked, 0, nil, false)
 	if err != nil {
@ -23,8 +26,13 @@ func DnsHash(fqdn string) (string, error) {
 	return domainNameHashB64String, nil
 }

+// BlockAllCAs returns an HSTS/HPKP rule (serializable to Chromium JSON format)
+// that blacklists all built-in CA's from signing certs for subdomains of the
+// given domain name.  It doesn't include the domain name.  It has only been
+// tested with TLD's; it is unclear whether the rule will have any undesired
+// effects if applied to a 2nd-level (or higher level) domain name.
 func BlockAllCAs() (map[string]interface{}, error) {
-	ruleJson := `{
+	ruleJSON := `{
 		"dynamic_spki_hashes": [ "" ],
 		"dynamic_spki_hashes_expiry": 99999999999.9999,
 		"expiry": 99999999999.9999,
@ -38,7 +46,7 @@ func BlockAllCAs() (map[string]interface{}, error) {

 	var rule map[string]interface{}

-	err := json.Unmarshal([]byte(ruleJson), &rule)
+	err := json.Unmarshal([]byte(ruleJSON), &rule)
 	if err != nil {
 		return nil, fmt.Errorf("Error parsing BlockAllCAs rule: %s", err)
 	}
@ -52,9 +60,12 @@ func BlockAllCAs() (map[string]interface{}, error) {
 	return rule, nil
 }

-// Calculates floor(2**256/pi), and encodes the result as base64.
-// Intended to be used as a SHA256 hash where I don't have a preimage up my sleeve.
-// Python2 version originally by Ryan Castellucci.  Go port, pi sourcing, and base64 output by Jeremy Rand.
+// Sleeve256 calculates floor(2**256/pi), and encodes the result as base64.  It
+// is intended to be used as a SHA256 hash where I don't have a preimage up my
+// sleeve.
+//
+// Python2 version originally by Ryan Castellucci.  Go port, pi sourcing, and
+// base64 output by Jeremy Rand.
 func Sleeve256() (string, error) {
 	var pi big.Float
 	var exp256Float big.Float
--- a/tlsrestrict_chromium/chromium_test.go
+++ b/tlsrestrict_chromium/chromium_test.go
@ -1,12 +1,12 @@
-package tlsrestrict_chromium_test
+package tlsrestrictchromium_test

 import (
 	"testing"
-	"github.com/namecoin/ncdns/tlsrestrict_chromium"
+	"github.com/namecoin/ncdns/tlsrestrictchromium"
 )

 func TestDnsHash(t *testing.T) {
-	bitHash, err := tlsrestrict_chromium.DnsHash("bit.")
+	bitHash, err := tlsrestrictchromium.DNSHash("bit.")
 	if err != nil {
 		t.Error(err)
 	}
@ -19,7 +19,7 @@ func TestDnsHash(t *testing.T) {
 }

 func TestSleeve256(t *testing.T) {
-	sleeve, err := tlsrestrict_chromium.Sleeve256()
+	sleeve, err := tlsrestrictchromium.Sleeve256()
 	if err != nil {
 		t.Error(err)
 	}
--- a/tlsrestrict_chromium/tlsrestrict_chromium_tool/main.go
+++ b/tlsrestrict_chromium/tlsrestrict_chromium_tool/main.go
@ -6,7 +6,7 @@ import (
 	"io/ioutil"
 	"encoding/json"
 	"log"
-	"github.com/namecoin/ncdns/tlsrestrict_chromium"
+	"github.com/namecoin/ncdns/tlsrestrictchromium"
 )

 var (
@ -44,12 +44,12 @@ func main() {
 	}

 	// Chromium's TransportSecurity database uses keys of the form base64(sha256(dnsPack(fqdn)))
-	domainDnsHashB64String, err := tlsrestrict_chromium.DnsHash(domain)
+	domainDNSHashB64String, err := tlsrestrictchromium.DNSHash(domain)
 	if err != nil {
 		log.Fatalf("Couldn't hash domain name %s: %s", domain, err)
 	}

-	data[domainDnsHashB64String], err = tlsrestrict_chromium.BlockAllCAs()
+	data[domainDNSHashB64String], err = tlsrestrictchromium.BlockAllCAs()
 	if err != nil {
 		log.Fatalf("Couldn't assign BlockAllCAs: %s", err)
 	}