From 230933ee0e4bce6ddf25e0816fff0bd30e3c8864 Mon Sep 17 00:00:00 2001
From: tjp <tjp@ctrl-c.club>
Date: Fri, 5 Jan 2024 12:19:40 -0700
Subject: TOFU certificate validation

---
 files.go | 47 +++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 47 insertions(+)

(limited to 'files.go')

diff --git a/files.go b/files.go
index e0c822c..e602fca 100644
--- a/files.go
+++ b/files.go
@@ -189,6 +189,53 @@ func toursFilePath() (string, error) {
 	return dataFilePath("tours")
 }
 
+func getTofuStore() error {
+	tofuFilePath, err := dataFilePath("tofu")
+	if err != nil {
+		return err
+	}
+
+	tofuStore = map[string]string{}
+
+	f, err := os.Open(tofuFilePath)
+	if err != nil {
+		return err
+	}
+	defer func() { _ = f.Close() }()
+
+	rdr := bufio.NewScanner(f)
+	for rdr.Scan() {
+		domain, certhash, _ := strings.Cut(rdr.Text(), ":")
+		tofuStore[domain] = certhash
+	}
+	if err := rdr.Err(); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func saveTofuStore(store map[string]string) error {
+	tofuFilePath, err := dataFilePath("tofu")
+	if err != nil {
+		return err
+	}
+
+	f, err := os.OpenFile(tofuFilePath, os.O_WRONLY|os.O_TRUNC, 0o600)
+	if err != nil {
+		return err
+	}
+	defer func() { _ = f.Close() }()
+
+	for domain, certhash := range store {
+		if _, err := fmt.Fprintf(f, "%s:%s\n", domain, certhash); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
 func dataFilePath(filename string) (string, error) {
 	home := os.Getenv("HOME")
 	path := os.Getenv("XDG_DATA_HOME")
-- 
cgit v1.2.3