Refactor: Support multiple profiles with multiple UUIDs

Author: jwijenbergh

cmd/geteduroam-notifcheck/main.go

@@ -23,6 +23,22 @@ const usage = `Usage of %s:
   Log file location: %s
 `
 
+func hasValidProfile(uuids []string) bool {
+	for _, uuid := range uuids {
+		con, err := nm.PreviousCon(uuid)
+		if err != nil {
+			slog.Error("no connection with uuid", "uuid", uuid, "error", err)
+			continue
+		}
+		if con == nil {
+			slog.Error("connection is nil")
+			continue
+		}
+		return true
+	}
+	return false
+}
+
 func main() {
 	program := "geteduroam-notifcheck"
 	lpath, err := log.Location(program)
@@ -37,20 +53,16 @@ func main() {
 		slog.Error("no previous state", "error", err)
 		return
 	}
-	con, err := nm.PreviousCon(cfg.UUID)
-	if err != nil {
-		slog.Error("no connection with uuid", "uuid", cfg.UUID, "error", err)
+	if cfg.Validity == nil {
+		slog.Info("validity is nil")
 		return
 	}
-	if con == nil {
-		slog.Error("connection is nil")
+	if !hasValidProfile(cfg.UUIDs) {
+		slog.Info("no valid profiles found")
 		return
-	}
 
-	if cfg.Validity == nil {
-		slog.Info("validity is nil")
-		return
 	}
+
 	valid := *cfg.Validity
 	now := time.Now()
 	diff := valid.Sub(now)

internal/config/config.go

@@ -14,6 +14,12 @@ import (
 
 // Config is the main structure for the configuration
 type Config struct {
+	UUIDs    []string   `json:"uuids"`
+	Validity *time.Time `json:"validity,omitempty"`
+}
+
+// V1 is the main structure for the old configuration where we only supported one SSID and profile
+type V1 struct {
 	UUID     string     `json:"uuid"`
 	Validity *time.Time `json:"validity,omitempty"`
 }
@@ -22,7 +28,8 @@ type Config struct {
 type Versioned struct {
 	// Config is the versioned configuration
 	// It is versioned so that we can change the version and migrate older configs in the future
-	Config Config `json:"v1"`
+	ConfigV1 *V1     `json:"v1,omitempty"`
+	Config   *Config `json:"v2,omitempty"`
 }
 
 // Directory returns the directory where the config files are stored
@@ -83,7 +90,16 @@ func Load() (*Config, error) {
 		return nil, err
 	}
 	utils.Verbosef("Reading config file %s", p)
-	return &v.Config, nil
+	// If a v1 config is found, migrate it to a v2 one if that is empty
+	hasV1 := v.ConfigV1 != nil && v.ConfigV1.UUID != ""
+	hasV2 := v.Config != nil && len(v.Config.UUIDs) > 0
+	if hasV1 && !hasV2 {
+		return &Config{
+			UUIDs:    []string{v.ConfigV1.UUID},
+			Validity: v.ConfigV1.Validity,
+		}, nil
+	}
+	return v.Config, nil
 }
 
 // Write writes the configuration to the state
@@ -92,7 +108,7 @@ func (c Config) Write() (err error) {
 	// This is so that we can in the future migrate configs if we drastically change the format
 	// marshal the config
 	v := &Versioned{
-		Config: c,
+		Config: &c,
 	}
 	b, err := json.Marshal(&v)
 	if err != nil {

internal/config/config_test.go

@@ -23,7 +23,7 @@ func TestWrite(t *testing.T) {
 	dir := t.TempDir()
 	mockDir(t, dir)
 	c := &Config{
-		UUID: "test",
+		UUIDs: []string{"test"},
 	}
 	err := c.Write()
 	if err != nil {
@@ -39,7 +39,7 @@ func TestWrite(t *testing.T) {
 		t.Fatalf("failed when reading config file: %v", err)
 	}
 	got := string(r)
-	want := `{"v1":{"uuid":"test"}}`
+	want := `{"v2":{"uuids":["test"]}}`
 	if got != want {
 		t.Fatalf("config not as expected, got: %v, want: %v", got, want)
 	}
@@ -57,10 +57,17 @@ func TestLoad(t *testing.T) {
 			wantc:    nil,
 			wanterr:  "json: cannot unmarshal string into Go value of type config.Versioned",
 		},
+		{
+			filename: "old.json",
+			wantc: &Config{
+				UUIDs: []string{"test"},
+			},
+			wanterr: "",
+		},
 		{
 			filename: "valid.json",
 			wantc: &Config{
-				UUID: "test",
+				UUIDs: []string{"test"},
 			},
 			wanterr: "",
 		},
@@ -70,12 +77,12 @@ func TestLoad(t *testing.T) {
 		// mock the config name
 		configName = curr.filename
 		gotc, goterr := Load()
+		if utils.ErrorString(goterr) != curr.wanterr {
+			t.Fatalf("expected config error not equal to want, got: %v, want: %v", goterr, curr.wanterr)
+		}
 		// to compare structs we can use deepequal
 		if !reflect.DeepEqual(gotc, curr.wantc) {
 			t.Fatalf("expected config not equal to want, got: %v, want: %v", gotc, curr.wantc)
 		}
-		if utils.ErrorString(goterr) != curr.wanterr {
-			t.Fatalf("expected config error not equal to want, got: %v, want: %v", goterr, curr.wanterr)
-		}
 	}
 }

internal/config/test_data/geteduroam/old.json

@@ -0,0 +1 @@
+{"v1": {"uuid": "test"}}

internal/config/test_data/geteduroam/valid.json

@@ -1 +1 @@
-{"v1": {"uuid": "test"}}
+{"v2": {"uuids": ["test"]}}

internal/eap/eap.go

@@ -269,20 +269,21 @@ func (am *AuthenticationMethod) preferredInnerAuthType() (inner.Type, error) {
 	return inner.None, errors.New("no viable inner authentication method found")
 }
 
-// SSIDSettings returns the first valid SSID and the MinRSNProto associated with it
-// It loops through the credential applicability list and gets the first valid candidate
+// SSIDSettings returns the all valid SSIDs and the MinRSNProto associated with it
+// It loops through the credential applicability list and gets all valid candidate
 // The candidate filtering was based on https://github.com/geteduroam/windows-app/blob/f11f00dee3eb71abd38537e18881463f83b180d3/EduroamConfigure/EapConfig.cs#L84
 // A candidate is valid if:
 //   - MinRSNProto is not empty, TODO: shouldn't we just default to CCMP?
 //   - The SSID is not empty
 //   - The MinRSNProto is NOT TKIP as that is insecure
-func (p *EAPIdentityProvider) SSIDSettings() (string, string, error) {
+func (p *EAPIdentityProvider) SSIDSettings() ([]network.SSID, error) {
 	if p.CredentialApplicability == nil {
-		return "", "", errors.New("no Credential Applicability found")
+		return nil, errors.New("no Credential Applicability found")
 	}
 	if len(p.CredentialApplicability.IEEE80211) < 1 {
-		return "", "", errors.New("no IEE80211 section found")
+		return nil, errors.New("no IEE80211 section found")
 	}
+	var ssids []network.SSID
 	for _, i := range p.CredentialApplicability.IEEE80211 {
 		if i == nil {
 			slog.Warn("Credential applicability IEEE80211 is nil")
@@ -307,10 +308,15 @@ func (p *EAPIdentityProvider) SSIDSettings() (string, string, error) {
 			slog.Warn("MinRSNProto is not TKIP", "minRSNProto", i.MinRSNProto)
 			continue
 		}
-
-		return i.SSID, i.MinRSNProto, nil
+		ssids = append(ssids, network.SSID{
+			Value:  i.SSID,
+			MinRSN: i.MinRSNProto,
+		})
+	}
+	if len(ssids) == 0 {
+		return nil, errors.New("no viable SSID entries found")
 	}
-	return "", "", errors.New("no viable SSID entry found")
+	return ssids, nil
 }
 
 // isValid returns whether or not a certificate is valid by checking if the encoding is base64 and the format is `format`
@@ -466,7 +472,7 @@ func (am *AuthenticationMethod) NonTLSNetwork(base network.Base) (network.Networ
 }
 
 // Network gets a network for an authentication method, the SSID and MinRSN are strings that are based to the network
-func (am *AuthenticationMethod) Network(ssid string, minrsn string, pinfo network.ProviderInfo) (network.Network, error) {
+func (am *AuthenticationMethod) Network(ssids []network.SSID, pinfo network.ProviderInfo) (network.Network, error) {
 	// We check if the eap method is valid
 	if am.EAPMethod == nil || !method.IsValid(am.EAPMethod.Type) {
 		return nil, errors.New("no EAP method")
@@ -490,8 +496,7 @@ func (am *AuthenticationMethod) Network(ssid string, minrsn string, pinfo networ
 	base := network.Base{
 		Certs:        *CA,
 		ProviderInfo: pinfo,
-		SSID:         ssid,
-		MinRSN:       minrsn,
+		SSIDs:        ssids,
 		ServerIDs:    sid,
 	}
 
@@ -590,14 +595,14 @@ func (eap *EAPIdentityProviderList) Network() (network.Network, error) {
 		slog.Debug("Error getting AuthMethods", "error", err)
 		return nil, err
 	}
-	ssid, minrsn, err := p.SSIDSettings()
+	ssids, err := p.SSIDSettings()
 	if err != nil {
 		slog.Debug("Error getting SSIDSettings", "error", err)
 		return nil, err
 	}
 	pinfo := p.PInfo()
 	for _, m := range methods {
-		n, err := m.Network(ssid, minrsn, pinfo)
+		n, err := m.Network(ssids, pinfo)
 		if err != nil {
 			slog.Error("Error getting ProviderInfo", "error", err)
 			continue

internal/eap/eap_test.go

@@ -44,18 +44,14 @@ func testProviderInfo(t *testing.T, eip *EAPIdentityProvider, pi network.Provide
 }
 
 type ssidSettingsTest struct {
-	SSID   string
-	MinRSN string
-	err    string
+	SSIDs []network.SSID
+	err   string
 }
 
 func testSSIDSettings(t *testing.T, eip *EAPIdentityProvider, settings ssidSettingsTest) {
-	gotSSID, gotRSN, gotErr := eip.SSIDSettings()
-	if gotSSID != settings.SSID {
-		t.Fatalf("SSID is not equal, got: %v, want: %v", gotSSID, settings.SSID)
-	}
-	if gotRSN != settings.MinRSN {
-		t.Fatalf("Min RSN is not equal, got: %v, want: %v", gotRSN, settings.MinRSN)
+	gotSSIDs, gotErr := eip.SSIDSettings()
+	if !reflect.DeepEqual(gotSSIDs, settings.SSIDs) {
+		t.Fatalf("SSIDs is not equal, got: %v, want: %v", gotSSIDs, settings.SSIDs)
 	}
 	gotErrS := utils.ErrorString(gotErr)
 	if gotErrS != settings.err {
@@ -111,18 +107,22 @@ func TestParse(t *testing.T) {
 				Description: "eVA",
 			},
 			ssidTest: ssidSettingsTest{
-				SSID:   "eduroam",
-				MinRSN: "CCMP",
-				err:    "",
+				SSIDs: []network.SSID{{
+					Value:  "eduroam",
+					MinRSN: "CCMP",
+				}},
+				err: "",
 			},
 			netTest: networkTest{
 				n: &network.NonTLS{
 					Base: network.Base{
 						AnonIdentity: "[email protected]",
 						Certs: mustParseCert(t,
 							"MIIDtzCCAp+gAwIBAgIUCVQbKTO9PsqghECzGPqq6Fiy8REwDQYJKoZIhvcNAQELBQAwazELMAkGA1UEBhMCTkwxEzARBgNVBAgMClNvbWUtU3RhdGUxEjAQBgNVBAcMCUFtc3RlcmRhbTEQMA4GA1UECgwHVGVzdGluZzENMAsGA1UECwwEVGVzdDESMBAGA1UEAwwJVGVzdCB0ZXN0MB4XDTIzMDUyNDEzNTUxMFoXDTMzMDUyMTEzNTUxMFowazELMAkGA1UEBhMCTkwxEzARBgNVBAgMClNvbWUtU3RhdGUxEjAQBgNVBAcMCUFtc3RlcmRhbTEQMA4GA1UECgwHVGVzdGluZzENMAsGA1UECwwEVGVzdDESMBAGA1UEAwwJVGVzdCB0ZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyLqG9yuMhbVC5y9zofPDLeCDIUVjgPbxXHtM6uveBUtqG4PxDkTczOlYN1IsYRh2iLNRYY4cqYZ1qtW+1CZaFVowhUMbTR7Y8Ik10CrCJQqoGq1CIICBd50wTFBLU2MZU3LQTwKYb5VQgbCMvRVHWdQOYg5GSlgdJRtIbzV1d+Q7+N5jiEBsT6psSu2gBduF1ueGICKe6Fk+ckOHDpwjVGeNIxnN2hJ5ft3WReDJ7fcHLMx7lNS+ZeY35LtpYiT6I8RGlMh2bu9hMTY1jXNbEqqZ2/5TmjVygS7BEMrVage9K2I5eM8++yX27OV3Di/SM3q/RVIcu1lNKaSj0IxXhwIDAQABo1MwUTAdBgNVHQ4EFgQU0M2QAnLWEDSFdFLCm5OxvVA9D1swHwYDVR0jBBgwFoAU0M2QAnLWEDSFdFLCm5OxvVA9D1swDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAHHdxGNUmyZa4ER9oqSalwVy9W5y1cNr4VpxBbxJe/fBPp+xdtnYRbz1/93LwcA+bTJlvT8ez2ijOJj5QODrgeVy5r4p5/1cABnJhsszk6ffJy/n5vIqo9jp8+7ZTFGxm1QQAOoZfJM+3ft8ZFf5e8Vjh090QV2OZvV69sey+TvfAlNMVotf/CaA2zA/j4z2bmWdrLAc5VVrb1Mil4z7LHhL62oOwXrS85zuoVBQVMbh5tnYgzMnbuy0hmMDg3ClkmSQTqzPyEi0SjhqKjgLgyVa47myhxvr1y77k0rZBRzkSEMsopu+ANYoVKRpw7gmjgMmXWzvdNlbD6RgpGlR4iA=="),
-						SSID:   "eduroam",
-						MinRSN: "CCMP",
+						SSIDs: []network.SSID{{
+							Value:  "eduroam",
+							MinRSN: "CCMP",
+						}},
 						ServerIDs: []string{
 							"edu.nl",
 						},
@@ -165,13 +165,11 @@ func TestParse(t *testing.T) {
 			},
 			providerInfoTest: network.ProviderInfo{},
 			ssidTest: ssidSettingsTest{
-				SSID:   "",
-				MinRSN: "",
-				err:    "no viable SSID entry found",
+				err: "no viable SSID entries found",
 			},
 			netTest: networkTest{
 				n:   nil,
-				err: "no viable SSID entry found",
+				err: "no viable SSID entries found",
 			},
 		},
 	}

internal/handler/handler.go

@@ -52,12 +52,12 @@ func (h Handlers) Configure(eap []byte) (*time.Time, error) {
 	if err != nil {
 		return nil, err
 	}
-	var uuid string
+	var uuids []string
 
 	// get the previous UUID if the config can be loaded
 	c, err := config.Load()
 	if err == nil {
-		uuid = c.UUID
+		uuids = c.UUIDs
 	}
 
 	var valid *time.Time
@@ -72,7 +72,7 @@ func (h Handlers) Configure(eap []byte) (*time.Time, error) {
 			t.Credentials.Username = username
 			t.Credentials.Password = password
 		}
-		uuid, err = nm.Install(*t, uuid)
+		uuids, err = nm.Install(*t, uuids)
 	case *network.TLS:
 		// if a PKCS12 file is uploaded by the user we expect it to be not base64 encoded
 		b64 := t.RawPKCS12 != ""
@@ -90,17 +90,20 @@ func (h Handlers) Configure(eap []byte) (*time.Time, error) {
 		}
 		v := t.Validity()
 		valid = &v
-		uuid, err = nm.InstallTLS(*t, uuid)
+		uuids, err = nm.InstallTLS(*t, uuids)
 	default:
 		panic("unsupported network")
 	}
 	if err != nil {
-		slog.Debug("Error installing network", "error", err)
-		return nil, err
+		if len(uuids) == 0 {
+			slog.Error("Error installing network", "error", err)
+			return nil, err
+		}
+		slog.Info("One of the networks failed to install", "error", err)
 	}
 	// save the config with the uuid
 	nc := config.Config{
-		UUID:     uuid,
+		UUIDs:    uuids,
 		Validity: valid,
 	}
 	err = nc.Write()

internal/network/network.go

@@ -40,14 +40,20 @@ type ProviderInfo struct {
 	Terms string
 }
 
+// SSID is the pair of value and min RSN proto
+type SSID struct {
+	// Value is the SSID
+	Value string
+	// MinRSN is the minimum RSN proto
+	MinRSN string
+}
+
 // Base is the definition that each network always has
 type Base struct {
 	// Certs is the list of CA certificates that are used
 	Certs cert.Certs
-	// SSID is the name of the network
-	SSID string
-	// MinRSN is the minimum RSN proto
-	MinRSN string
+	// SSIDs are the list of SSIDs
+	SSIDs []SSID
 	// ServerIDs is the list of server names
 	ServerIDs []string
 	// ProviderInfo is the ProviderInfo info