Resolve some TODOs

slackhq · Oct 8, 2024 · e988135 · e988135
1 parent 6daeaa6
commit e988135
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 17 deletions.
diff --git a/cert/cert.go b/cert/cert.go
@@ -51,7 +51,7 @@ type Certificate interface {
 
 	// Issuer is the fingerprint of the CA that signed this certificate.
 	// If IsCA is true then this will be empty.
-	Issuer() string //TODO: string or bytes?
+	Issuer() string
 
 	// PublicKey is the raw bytes to be used in asymmetric cryptographic operations.
 	PublicKey() []byte
@@ -61,7 +61,7 @@ type Certificate interface {
 
 	// Signature is the cryptographic seal for all the details of this certificate.
 	// CheckSignature can be used to verify that the details of this certificate are valid.
-	Signature() []byte //TODO: string or bytes?
+	Signature() []byte
 
 	// CheckSignature will check that the certificate Signature() matches the
 	// computed signature. A true result means this certificate has not been tampered with.

diff --git a/cert/cert_test.go b/cert/cert_test.go
@@ -28,12 +28,8 @@ func TestMarshalingNebulaCertificate(t *testing.T) {
 			Ips: []netip.Prefix{
 				mustParsePrefixUnmapped("10.1.1.1/24"),
 				mustParsePrefixUnmapped("10.1.1.2/16"),
-				//TODO: netip cant represent this netmask
-				//{IP: net.ParseIP("10.1.1.3"), Mask: net.IPMask(net.ParseIP("255.0.255.0"))},
 			},
 			Subnets: []netip.Prefix{
-				//TODO: netip cant represent this netmask
-				//{IP: net.ParseIP("9.1.1.1"), Mask: net.IPMask(net.ParseIP("255.0.255.0"))},
 				mustParsePrefixUnmapped("9.1.1.2/24"),
 				mustParsePrefixUnmapped("9.1.1.3/16"),
 			},
@@ -174,12 +170,8 @@ func TestNebulaCertificate_MarshalJSON(t *testing.T) {
 			Ips: []netip.Prefix{
 				mustParsePrefixUnmapped("10.1.1.1/24"),
 				mustParsePrefixUnmapped("10.1.1.2/16"),
-				//TODO: netip bad
-				//{IP: net.ParseIP("10.1.1.3"), Mask: net.IPMask(net.ParseIP("255.0.255.0"))},
 			},
 			Subnets: []netip.Prefix{
-				//TODO: netip bad
-				//{IP: net.ParseIP("9.1.1.1"), Mask: net.IPMask(net.ParseIP("255.0.255.0"))},
 				mustParsePrefixUnmapped("9.1.1.2/24"),
 				mustParsePrefixUnmapped("9.1.1.3/16"),
 			},
@@ -632,15 +624,11 @@ func newTestCert(ca Certificate, key []byte, before, after time.Time, ips, subne
 		ips = []netip.Prefix{
 			mustParsePrefixUnmapped("10.1.1.1/24"),
 			mustParsePrefixUnmapped("10.1.1.2/16"),
-			//TODO: netip bad
-			//{IP: net.ParseIP("10.1.1.3").To4(), Mask: net.IPMask(net.ParseIP("255.0.255.0").To4())},
 		}
 	}
 
 	if len(subnets) == 0 {
 		subnets = []netip.Prefix{
-			//TODO: netip bad
-			//{IP: net.ParseIP("9.1.1.1").To4(), Mask: net.IPMask(net.ParseIP("255.0.255.0").To4())},
 			mustParsePrefixUnmapped("9.1.1.2/24"),
 			mustParsePrefixUnmapped("9.1.1.3/16"),
 		}

diff --git a/control.go b/control.go
@@ -130,16 +130,15 @@ func (c *Control) ListHostmapIndexes(pendingMap bool) []ControlHostInfo {
 }
 
 // GetCertByVpnIp returns the authenticated certificate of the given vpn IP, or nil if not found
-// TODO: this should copy!
 func (c *Control) GetCertByVpnIp(vpnIp netip.Addr) cert.Certificate {
 	if c.f.myVpnNet.Addr() == vpnIp {
-		return c.f.pki.GetCertState().Certificate
+		return c.f.pki.GetCertState().Certificate.Copy()
 	}
 	hi := c.f.hostMap.QueryVpnIp(vpnIp)
 	if hi == nil {
 		return nil
 	}
-	return hi.GetCert().Certificate
+	return hi.GetCert().Certificate.Copy()
 }
 
 // CreateTunnel creates a new tunnel to the given vpn ip.