tokens: use adlin to transmit wg-adlin

token-validator/challenge.go

@@ -72,6 +72,17 @@ func sslOnly(_ *adlin.Student, r *http.Request) error {
 
 /* Challenges */
 
+func challengeOk(s *adlin.Student, t *givenToken, chid int) error {
+	pkey := s.GetPKey()
+	if expectedToken, err := GenerateToken(pkey, 0, []byte(t.Data[0])); err != nil {
+		return err
+	} else if !hmac.Equal(expectedToken, t.token) {
+		return errors.New("This is not the expected token.")
+	} else {
+		return nil
+	}
+}
+
 func challenge42(s *adlin.Student, t *givenToken, chid int) error {
 	pkey := s.GetPKey()
 	if expectedToken, err := GenerateToken(pkey, chid, []byte("42")); err != nil {
@@ -257,6 +268,12 @@ func init() {
 			Check:      challengeEMail,
 		},
 
+		/* wg step */
+		Challenge{
+			Accessible: []func(*adlin.Student, *http.Request) error{noAccessRestriction},
+			Check:      challengeOk,
+		},
+
 		/* Last : SSH key, see ssh.go:156 in NewKey function */
 		Challenge{
 			Accessible: []func(*adlin.Student, *http.Request) error{noAccess},
@@ -270,6 +287,7 @@ func init() {
 	router.POST("/toctoc", rawHandler(responseHandler(definedChallengeHandler(receiveToken, 6))))
 	router.POST("/echorequest", rawHandler(responseHandler(definedChallengeHandler(receiveToken, 7))))
 	router.POST("/testdisk", rawHandler(responseHandler(definedChallengeHandler(receiveToken, 8))))
+	router.POST("/wg-step", rawHandler(responseHandler(definedChallengeHandler(receiveToken, 10))))
 }
 
 type givenToken struct {