Adds v3 support to config validation

Since both v2 and v3 are supported, check v3 first, but if validation fails, continue validation by trying matches for v2. If both return invalid, then fail validation.
freedomofpress · Dec 19, 2019 · 5267415 · 5267415
1 parent 353f85c
commit 5267415
Showing 1 changed file with 25 additions and 2 deletions.
diff --git a/scripts/validate-config b/scripts/validate-config
@@ -11,6 +11,8 @@ import os
 TOR_V2_HOSTNAME_REGEX = r'^[a-z2-7]{16}\.onion$'
 TOR_V2_AUTH_COOKIE_REGEX = r'^[a-zA-z0-9+/]{22}$'
 
+TOR_V3_HOSTNAME_REGEX = r'^[a-z2-7]{56}\.onion$'
+TOR_V3_AUTH_REGEX = r'^[A-Z2-7]{52}$'
 
 # CONFIG_FILEPATH = "/srv/salt/sd/config.json"
 CONFIG_FILEPATH = "config.json"
@@ -25,8 +27,7 @@ class SDWConfigValidator(object):
         self.config_filepath = CONFIG_FILEPATH
         self.confirm_config_file_exists()
         self.config = self.read_config_file()
-        self.confirm_onion_v2_url()
-        self.confirm_onion_v2_auth()
+        self.confirm_onion_config_valid()
         self.confirm_usb_export_device()
         self.confirm_submission_privkey_file()
         self.confirm_submission_privkey_fingerprint()
@@ -39,6 +40,28 @@ class SDWConfigValidator(object):
             msg += "Create from config.json.example"
             raise AssertionError(msg)
 
+    def confirm_onion_config_valid(self):
+        """
+        We support both v2 and v3 Onion Services, so if the values
+        in config file match either format, good enough.
+        """
+        try:
+            self.confirm_onion_v3_url()
+            self.confirm_onion_v3_auth()
+        except AssertionError:
+            self.confirm_onion_v2_url()
+            self.confirm_onion_v2_auth()
+
+    def confirm_onion_v3_url(self):
+        assert "hidserv" in self.config
+        assert "hostname" in self.config["hidserv"]
+        assert re.match(TOR_V3_HOSTNAME_REGEX, self.config["hidserv"]["hostname"])
+
+    def confirm_onion_v3_auth(self):
+        assert "hidserv" in self.config
+        assert "key" in self.config["hidserv"]
+        assert re.match(TOR_V3_AUTH_REGEX, self.config["hidserv"]["key"])
+
     def confirm_onion_v2_url(self):
         assert "hidserv" in self.config
         assert "hostname" in self.config["hidserv"]