diff --git a/cert/cert.go b/cert/cert.go index 8874745a8..02c88777c 100644 --- a/cert/cert.go +++ b/cert/cert.go @@ -51,7 +51,7 @@ type Certificate interface { // Issuer is the fingerprint of the CA that signed this certificate. // If IsCA is true then this will be empty. - Issuer() string //TODO: string or bytes? + Issuer() string // PublicKey is the raw bytes to be used in asymmetric cryptographic operations. PublicKey() []byte @@ -61,7 +61,7 @@ type Certificate interface { // Signature is the cryptographic seal for all the details of this certificate. // CheckSignature can be used to verify that the details of this certificate are valid. - Signature() []byte //TODO: string or bytes? + Signature() []byte // CheckSignature will check that the certificate Signature() matches the // computed signature. A true result means this certificate has not been tampered with. diff --git a/cert/cert_test.go b/cert/cert_test.go index a6427fd81..12bbd9700 100644 --- a/cert/cert_test.go +++ b/cert/cert_test.go @@ -28,12 +28,8 @@ func TestMarshalingNebulaCertificate(t *testing.T) { Ips: []netip.Prefix{ mustParsePrefixUnmapped("10.1.1.1/24"), mustParsePrefixUnmapped("10.1.1.2/16"), - //TODO: netip cant represent this netmask - //{IP: net.ParseIP("10.1.1.3"), Mask: net.IPMask(net.ParseIP("255.0.255.0"))}, }, Subnets: []netip.Prefix{ - //TODO: netip cant represent this netmask - //{IP: net.ParseIP("9.1.1.1"), Mask: net.IPMask(net.ParseIP("255.0.255.0"))}, mustParsePrefixUnmapped("9.1.1.2/24"), mustParsePrefixUnmapped("9.1.1.3/16"), }, @@ -174,12 +170,8 @@ func TestNebulaCertificate_MarshalJSON(t *testing.T) { Ips: []netip.Prefix{ mustParsePrefixUnmapped("10.1.1.1/24"), mustParsePrefixUnmapped("10.1.1.2/16"), - //TODO: netip bad - //{IP: net.ParseIP("10.1.1.3"), Mask: net.IPMask(net.ParseIP("255.0.255.0"))}, }, Subnets: []netip.Prefix{ - //TODO: netip bad - //{IP: net.ParseIP("9.1.1.1"), Mask: net.IPMask(net.ParseIP("255.0.255.0"))}, mustParsePrefixUnmapped("9.1.1.2/24"), mustParsePrefixUnmapped("9.1.1.3/16"), }, @@ -632,15 +624,11 @@ func newTestCert(ca Certificate, key []byte, before, after time.Time, ips, subne ips = []netip.Prefix{ mustParsePrefixUnmapped("10.1.1.1/24"), mustParsePrefixUnmapped("10.1.1.2/16"), - //TODO: netip bad - //{IP: net.ParseIP("10.1.1.3").To4(), Mask: net.IPMask(net.ParseIP("255.0.255.0").To4())}, } } if len(subnets) == 0 { subnets = []netip.Prefix{ - //TODO: netip bad - //{IP: net.ParseIP("9.1.1.1").To4(), Mask: net.IPMask(net.ParseIP("255.0.255.0").To4())}, mustParsePrefixUnmapped("9.1.1.2/24"), mustParsePrefixUnmapped("9.1.1.3/16"), } diff --git a/control.go b/control.go index 839c46f99..26159845c 100644 --- a/control.go +++ b/control.go @@ -130,16 +130,15 @@ func (c *Control) ListHostmapIndexes(pendingMap bool) []ControlHostInfo { } // GetCertByVpnIp returns the authenticated certificate of the given vpn IP, or nil if not found -// TODO: this should copy! func (c *Control) GetCertByVpnIp(vpnIp netip.Addr) cert.Certificate { if c.f.myVpnNet.Addr() == vpnIp { - return c.f.pki.GetCertState().Certificate + return c.f.pki.GetCertState().Certificate.Copy() } hi := c.f.hostMap.QueryVpnIp(vpnIp) if hi == nil { return nil } - return hi.GetCert().Certificate + return hi.GetCert().Certificate.Copy() } // CreateTunnel creates a new tunnel to the given vpn ip.