diff options
Diffstat (limited to 'examples/inspectls/main.go')
-rw-r--r-- | examples/inspectls/main.go | 95 |
1 files changed, 95 insertions, 0 deletions
diff --git a/examples/inspectls/main.go b/examples/inspectls/main.go new file mode 100644 index 0000000..a315e40 --- /dev/null +++ b/examples/inspectls/main.go @@ -0,0 +1,95 @@ +package main + +import ( + "bytes" + "context" + "crypto/md5" + "crypto/tls" + "crypto/x509" + "encoding/hex" + "fmt" + "log" + "net" + "os" + "strings" + + "tildegit.org/tjp/gus/gemini" + guslog "tildegit.org/tjp/gus/contrib/log" +) + +func main() { + // Get TLS files from the environment + certfile, keyfile := envConfig() + + // build a TLS configuration suitable for gemini + tlsconf, err := gemini.FileTLS(certfile, keyfile) + if err != nil { + log.Fatal(err) + } + + // set up the network listener + listener, err := net.Listen("tcp4", ":1965") + if err != nil { + log.Fatal(err) + } + + // add stdout logging to the request handler + handler := guslog.Requests(os.Stdout, nil)(inspectHandler) + + // run the server + gemini.NewServer(context.Background(), tlsconf, listener, handler).Serve() +} + +func envConfig() (string, string) { + certfile, ok := os.LookupEnv("SERVER_CERTIFICATE") + if !ok { + log.Fatal("missing SERVER_CERTIFICATE environment variable") + } + + keyfile, ok := os.LookupEnv("SERVER_PRIVATEKEY") + if !ok { + log.Fatal("missing SERVER_PRIVATEKEY environment variable") + } + + return certfile, keyfile +} + +func inspectHandler(ctx context.Context, req *gemini.Request) *gemini.Response { + // build and return a ```-wrapped description of the connection TLS state + body := "```\n" + displayTLSState(req.TLSState) + "\n```" + return gemini.Success("text/gemini", bytes.NewBufferString(body)) +} + +func displayTLSState(state *tls.ConnectionState) string { + builder := &strings.Builder{} + + builder.WriteString("Version: ") + builder.WriteString(map[uint16]string{ + tls.VersionTLS10: "TLSv1.0", + tls.VersionTLS11: "TLSv1.1", + tls.VersionTLS12: "TLSv1.2", + tls.VersionTLS13: "TLSv1.3", + tls.VersionSSL30: "SSLv3", + }[state.Version]) + builder.WriteString("\n") + + builder.WriteString(fmt.Sprintf("Handshake complete: %t\n", state.HandshakeComplete)) + builder.WriteString(fmt.Sprintf("Did resume: %t\n", state.DidResume)) + builder.WriteString(fmt.Sprintf("Cipher suite: %x\n", state.CipherSuite)) + builder.WriteString(fmt.Sprintf("Negotiated protocol: %q\n", state.NegotiatedProtocol)) + builder.WriteString(fmt.Sprintf("Server name: %s\n", state.ServerName)) + + builder.WriteString(fmt.Sprintf("Certificates (%d)\n", len(state.PeerCertificates))) + for i, cert := range state.PeerCertificates { + builder.WriteString(fmt.Sprintf(" #%d: %s\n", i+1, fingerprint(cert))) + } + + return builder.String() +} + +func fingerprint(cert *x509.Certificate) []byte { + raw := md5.Sum(cert.Raw) + dst := make([]byte, hex.EncodedLen(len(raw))) + hex.Encode(dst, raw[:]) + return dst +} |