c89ecce3e0
We use an optional build tag to hide this configuration. When you choose this configuration, you need to provide the encrypted config as well as the corresponding decryption key. This is not the final design. This is an interim design to start working and experimenting with this functionality. The general idea here is to support psiphon in the binaries we build without committing the psiphon config to the repository itself. Part of https://github.com/ooni/probe/issues/985
35 lines
738 B
Go
35 lines
738 B
Go
// +build ooni_psiphon_config
|
|
|
|
package engine
|
|
|
|
import (
|
|
"bytes"
|
|
"context"
|
|
_ "embed"
|
|
"io/ioutil"
|
|
|
|
"filippo.io/age"
|
|
)
|
|
|
|
//go:embed psiphon-config.json.age
|
|
var psiphonConfigJSONAge []byte
|
|
|
|
//go:embed psiphon-config.key
|
|
var psiphonConfigSecretKey string
|
|
|
|
// FetchPsiphonConfig decrypts psiphonConfigJSONAge using
|
|
// filippo.io/age _and_ psiphonConfigSecretKey.
|
|
func (s *Session) FetchPsiphonConfig(ctx context.Context) ([]byte, error) {
|
|
key := "AGE-SECRET-KEY-1" + psiphonConfigSecretKey
|
|
identity, err := age.ParseX25519Identity(key)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
input := bytes.NewReader(psiphonConfigJSONAge)
|
|
output, err := age.Decrypt(input, identity)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return ioutil.ReadAll(output)
|
|
}
|