TOFU certificate validation

author: tjp <tjp@ctrl-c.club> 2024-01-05 12:19:40 -0700
committer: tjp <tjp@ctrl-c.club> 2024-01-05 12:24:46 -0700
commit: 230933ee0e4bce6ddf25e0816fff0bd30e3c8864 (patch)
tree: b5e4818d05fa770c6316b41cf57cffb8eb952627 /files.go
parent: 65218373fdc7e32ef175425c25ba9e90ac31fac6 (diff)
1 files changed, 47 insertions, 0 deletions
diff --git a/files.go b/files.go
index e0c822c..e602fca 100644
--- a/files.go
+++ b/files.go
@@ -189,6 +189,53 @@ func toursFilePath() (string, error) {
 	return dataFilePath("tours")
 }
 
+func getTofuStore() error {
+	tofuFilePath, err := dataFilePath("tofu")
+	if err != nil {
+		return err
+	}
+
+	tofuStore = map[string]string{}
+
+	f, err := os.Open(tofuFilePath)
+	if err != nil {
+		return err
+	}
+	defer func() { _ = f.Close() }()
+
+	rdr := bufio.NewScanner(f)
+	for rdr.Scan() {
+		domain, certhash, _ := strings.Cut(rdr.Text(), ":")
+		tofuStore[domain] = certhash
+	}
+	if err := rdr.Err(); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func saveTofuStore(store map[string]string) error {
+	tofuFilePath, err := dataFilePath("tofu")
+	if err != nil {
+		return err
+	}
+
+	f, err := os.OpenFile(tofuFilePath, os.O_WRONLY|os.O_TRUNC, 0o600)
+	if err != nil {
+		return err
+	}
+	defer func() { _ = f.Close() }()
+
+	for domain, certhash := range store {
+		if _, err := fmt.Fprintf(f, "%s:%s\n", domain, certhash); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
 func dataFilePath(filename string) (string, error) {
 	home := os.Getenv("HOME")
 	path := os.Getenv("XDG_DATA_HOME")
author	tjp <tjp@ctrl-c.club>	2024-01-05 12:19:40 -0700
committer	tjp <tjp@ctrl-c.club>	2024-01-05 12:24:46 -0700
commit	230933ee0e4bce6ddf25e0816fff0bd30e3c8864 (patch)
tree	b5e4818d05fa770c6316b41cf57cffb8eb952627 /files.go
parent	65218373fdc7e32ef175425c25ba9e90ac31fac6 (diff)