|
|
@@ -1,80 +0,0 @@
|
|
1
|
|
-package tlstypes
|
|
2
|
|
-
|
|
3
|
|
-import (
|
|
4
|
|
- "container/ring"
|
|
5
|
|
- "context"
|
|
6
|
|
- "crypto/tls"
|
|
7
|
|
- "crypto/x509"
|
|
8
|
|
- "errors"
|
|
9
|
|
- "fmt"
|
|
10
|
|
- "net"
|
|
11
|
|
- "strconv"
|
|
12
|
|
- "time"
|
|
13
|
|
-
|
|
14
|
|
- "go.uber.org/zap"
|
|
15
|
|
-
|
|
16
|
|
- "github.com/9seconds/mtg/config"
|
|
17
|
|
-)
|
|
18
|
|
-
|
|
19
|
|
-const (
|
|
20
|
|
- connectionServerKeepCertificates = 5
|
|
21
|
|
- connectionServerUpdateEvery = 10 * time.Minute
|
|
22
|
|
-)
|
|
23
|
|
-
|
|
24
|
|
-type connectionServer struct {
|
|
25
|
|
- nextWriteItem *ring.Ring
|
|
26
|
|
- nextReadItem *ring.Ring
|
|
27
|
|
-
|
|
28
|
|
- ctx context.Context
|
|
29
|
|
- channelGet chan chan<- *x509.Certificate
|
|
30
|
|
-}
|
|
31
|
|
-
|
|
32
|
|
-func (c *connectionServer) fetch() (*x509.Certificate, error) {
|
|
33
|
|
- addr := net.JoinHostPort(config.C.CloakHost, strconv.Itoa(config.C.CloakPort))
|
|
34
|
|
- conn, err := tls.Dial("tcp", addr, &tls.Config{InsecureSkipVerify: true}) // nolint: gosec
|
|
35
|
|
-
|
|
36
|
|
- if err != nil {
|
|
37
|
|
- return nil, fmt.Errorf("cannot connect to the masked host: %w", err)
|
|
38
|
|
- }
|
|
39
|
|
-
|
|
40
|
|
- defer conn.Close()
|
|
41
|
|
-
|
|
42
|
|
- if err = conn.Handshake(); err != nil {
|
|
43
|
|
- return nil, fmt.Errorf("cannot perform tls handshake: %w", err)
|
|
44
|
|
- }
|
|
45
|
|
-
|
|
46
|
|
- certificates := conn.ConnectionState().PeerCertificates
|
|
47
|
|
- if len(certificates) == 0 {
|
|
48
|
|
- return nil, errors.New("no certificates is found")
|
|
49
|
|
- }
|
|
50
|
|
-
|
|
51
|
|
- return certificates[0], nil
|
|
52
|
|
-}
|
|
53
|
|
-
|
|
54
|
|
-func (c *connectionServer) run() {
|
|
55
|
|
- logger := zap.S().Named("tls-connection-server")
|
|
56
|
|
-
|
|
57
|
|
- ticker := time.NewTicker(connectionServerUpdateEvery)
|
|
58
|
|
- defer ticker.Stop()
|
|
59
|
|
-
|
|
60
|
|
- for {
|
|
61
|
|
- select {
|
|
62
|
|
- case <-c.ctx.Done():
|
|
63
|
|
- return
|
|
64
|
|
- case resp := <-c.channelGet:
|
|
65
|
|
- resp <- c.nextReadItem.Value.(*x509.Certificate)
|
|
66
|
|
- close(resp)
|
|
67
|
|
-
|
|
68
|
|
- c.nextReadItem = c.nextReadItem.Next()
|
|
69
|
|
- case <-ticker.C:
|
|
70
|
|
- cert, err := c.fetch()
|
|
71
|
|
- switch err {
|
|
72
|
|
- case nil:
|
|
73
|
|
- c.nextWriteItem.Value = cert
|
|
74
|
|
- c.nextWriteItem = c.nextWriteItem.Next()
|
|
75
|
|
- default:
|
|
76
|
|
- logger.Warnw("cannot fetch certificates", "error", err)
|
|
77
|
|
- }
|
|
78
|
|
- }
|
|
79
|
|
- }
|
|
80
|
|
-}
|
9seconds
6 лет назад