Remove certificate server

cli/proxy.go

@@ -76,7 +76,6 @@ func Proxy() error { // nolint: funlen
 	antireplay.Init()
 	telegram.Init()
 	hub.Init(ctx)
-	faketls.Init(ctx)
 
 	proxyListener, err := net.Listen("tcp", config.C.Bind.String())
 	if err != nil {

faketls/certificate_server.go

@@ -1,91 +0,0 @@
-package faketls
-
-import (
-	"bytes"
-	"container/ring"
-	"context"
-	"crypto/tls"
-	"errors"
-	"fmt"
-	"net"
-	"strconv"
-	"time"
-
-	"go.uber.org/zap"
-
-	"mtg/config"
-)
-
-type connectionServer struct {
-	nextWriteItem *ring.Ring
-	nextReadItem  *ring.Ring
-
-	ctx        context.Context
-	channelGet chan chan<- []byte
-}
-
-func (c *connectionServer) get() ([]byte, error) {
-	resp := make(chan []byte)
-	select {
-	case <-c.ctx.Done():
-		return nil, errors.New("context closed")
-	case c.channelGet <- resp:
-		return <-resp, nil
-	}
-}
-
-func (c *connectionServer) fetch() ([]byte, error) {
-	addr := net.JoinHostPort(config.C.CloakHost, strconv.Itoa(config.C.CloakPort))
-	conn, err := tls.Dial("tcp", addr, &tls.Config{InsecureSkipVerify: true}) // nolint: gosec
-
-	if err != nil {
-		return nil, fmt.Errorf("cannot connect to the masked host: %w", err)
-	}
-
-	defer conn.Close()
-
-	if err = conn.Handshake(); err != nil {
-		return nil, fmt.Errorf("cannot perform tls handshake: %w", err)
-	}
-
-	certificates := conn.ConnectionState().PeerCertificates
-	if len(certificates) == 0 {
-		return nil, errors.New("no certificates is found")
-	}
-
-	var buf bytes.Buffer
-
-	for _, v := range certificates {
-		buf.Write(v.Raw)
-	}
-
-	return buf.Bytes(), nil
-}
-
-func (c *connectionServer) run(tickEvery time.Duration) {
-	logger := zap.S().Named("tls-connection-server")
-
-	ticker := time.NewTicker(tickEvery)
-	defer ticker.Stop()
-
-	for {
-		select {
-		case <-c.ctx.Done():
-			return
-		case resp := <-c.channelGet:
-			resp <- c.nextReadItem.Value.([]byte)
-			close(resp)
-
-			c.nextReadItem = c.nextReadItem.Next()
-		case <-ticker.C:
-			cert, err := c.fetch()
-			switch err {
-			case nil:
-				c.nextWriteItem.Value = cert
-				c.nextWriteItem = c.nextWriteItem.Next()
-			default:
-				logger.Warnw("cannot fetch certificates", "error", err)
-			}
-		}
-	}
-}

faketls/client_protocol.go

@@ -90,14 +90,8 @@ func (c *ClientProtocol) tlsHandshake(conn io.ReadWriter) error {
 	}
 
 	antireplay.Cache.AddTLS(clientHello.Random[:])
-
-	hostCert, err := connectionServerInstance.get()
-	if err != nil {
-		return fmt.Errorf("cannot get host certificate: %w", err)
-	}
-
 	serverHello := tlstypes.NewServerHello(clientHello)
-	serverHelloPacket := serverHello.WelcomePacket(hostCert)
+	serverHelloPacket := serverHello.WelcomePacket()
 
 	if _, err := conn.Write(serverHelloPacket); err != nil {
 		return fmt.Errorf("cannot send welcome packet: %w", err)

faketls/init.go

@@ -1,50 +0,0 @@
-package faketls
-
-import (
-	"container/ring"
-	"context"
-	"sync"
-	"time"
-
-	"mtg/config"
-)
-
-var (
-	connectionServerInstance connectionServer
-	connectionServerInitOnce sync.Once
-)
-
-const (
-	connectionServerKeepCertificates = 5
-	connectionServerUpdateEvery      = 10 * time.Minute
-)
-
-func Init(ctx context.Context) {
-	connectionServerInitOnce.Do(func() {
-		if config.C.CloakHost == "" {
-			return
-		}
-
-		connectionServerInstance = connectionServer{
-			channelGet: make(chan chan<- []byte),
-			ctx:        ctx,
-		}
-
-		cert, err := connectionServerInstance.fetch()
-		if err != nil {
-			panic(err)
-		}
-
-		r := ring.New(connectionServerKeepCertificates)
-
-		for i := 0; i < connectionServerKeepCertificates; i++ {
-			r.Value = cert
-			r = r.Next()
-		}
-
-		connectionServerInstance.nextWriteItem = r
-		connectionServerInstance.nextReadItem = r
-
-		go connectionServerInstance.run(connectionServerUpdateEvery)
-	})
-}

stats/stats_statsd.go

@@ -57,7 +57,7 @@ type statsStatsdLogger struct {
 	log *zap.SugaredLogger
 }
 
-func (s *statsStatsdLogger) Printf(msg string, args ...interface{}) {
+func (s statsStatsdLogger) Printf(msg string, args ...interface{}) {
 	s.log.Debugw(fmt.Sprintf(msg, args...))
 }
 
@@ -177,7 +177,7 @@ func (s *statsStatsd) initGauge(metric, key string, tags []statsd.Tag) {
 
 func newStatsStatsd() Interface {
 	prefix := strings.TrimSuffix(config.C.StatsNamespace, ".") + "."
-	logger := &statsStatsdLogger{
+	logger := statsStatsdLogger{
 		log: zap.S().Named("stats").Named("statsd"),
 	}
 

tlstypes/server_hello.go

@@ -6,6 +6,7 @@ import (
 	"crypto/rand"
 	"crypto/sha256"
 	"io"
+	mrand "math/rand"
 
 	"golang.org/x/crypto/curve25519"
 
@@ -18,7 +19,7 @@ type ServerHello struct {
 	clientHello *ClientHello
 }
 
-func (s ServerHello) WelcomePacket(hostCert []byte) []byte {
+func (s ServerHello) WelcomePacket() []byte {
 	s.Random = [32]byte{}
 	rec := Record{
 		Type:    RecordTypeHandshake,
@@ -34,6 +35,9 @@ func (s ServerHello) WelcomePacket(hostCert []byte) []byte {
 	}
 	buf.Write(recChangeCipher.Bytes())
 
+	hostCert := make([]byte, 1024+mrand.Intn(3092))
+	rand.Read(hostCert) // nolint: errcheck
+
 	recData := Record{
 		Type:    RecordTypeApplicationData,
 		Version: Version12,