examples/inspectls/main.go


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96

package main

import (
	"bytes"
	"context"
	"crypto/sha256"
	"crypto/tls"
	"crypto/x509"
	"encoding/hex"
	"fmt"
	"log"
	"os"
	"strings"

	"github.com/go-kit/log/level"
	sr "tildegit.org/tjp/sliderule"
	"tildegit.org/tjp/sliderule/gemini"
	"tildegit.org/tjp/sliderule/logging"
)

func main() {
	// Get TLS files from the environment
	certfile, keyfile := envConfig()

	// build a TLS configuration suitable for gemini
	tlsconf, err := gemini.FileTLS(certfile, keyfile)
	if err != nil {
		log.Fatal(err)
	}

	baseLog := logging.Base()

	// add stdout logging to the request handler
	handler := logging.LogRequests(level.Info(baseLog))(inspectHandler)

	// run the server
	server, err := gemini.NewServer(context.Background(), "localhost", "tcp4", ":1965", handler, baseLog, tlsconf)
	if err != nil {
		log.Fatal(err)
	}
	server.Serve()
}

func envConfig() (string, string) {
	certfile, ok := os.LookupEnv("SERVER_CERTIFICATE")
	if !ok {
		log.Fatal("missing SERVER_CERTIFICATE environment variable")
	}

	keyfile, ok := os.LookupEnv("SERVER_PRIVATEKEY")
	if !ok {
		log.Fatal("missing SERVER_PRIVATEKEY environment variable")
	}

	return certfile, keyfile
}

var inspectHandler = sr.HandlerFunc(func(ctx context.Context, req *sr.Request) *sr.Response {
	// build and return a ```-wrapped description of the connection TLS state
	body := "```\n" + displayTLSState(req.TLSState) + "\n```"
	return gemini.Success("text/gemini", bytes.NewBufferString(body))
})

func displayTLSState(state *tls.ConnectionState) string {
	builder := &strings.Builder{}

	builder.WriteString("Version:             ")
	builder.WriteString(map[uint16]string{
		tls.VersionTLS10: "TLSv1.0",
		tls.VersionTLS11: "TLSv1.1",
		tls.VersionTLS12: "TLSv1.2",
		tls.VersionTLS13: "TLSv1.3",
		tls.VersionSSL30: "SSLv3",
	}[state.Version])
	builder.WriteString("\n")

	builder.WriteString(fmt.Sprintf("Handshake complete:  %t\n", state.HandshakeComplete))
	builder.WriteString(fmt.Sprintf("Did resume:          %t\n", state.DidResume))
	builder.WriteString(fmt.Sprintf("Cipher suite:        %x\n", state.CipherSuite))
	builder.WriteString(fmt.Sprintf("Negotiated protocol: %q\n", state.NegotiatedProtocol))
	builder.WriteString(fmt.Sprintf("Server name:         %s\n", state.ServerName))

	builder.WriteString(fmt.Sprintf("Certificates (%d)\n", len(state.PeerCertificates)))
	for i, cert := range state.PeerCertificates {
		builder.WriteString(fmt.Sprintf("  #%d:                %s\n", i+1, fingerprint(cert)))
	}

	return builder.String()
}

func fingerprint(cert *x509.Certificate) []byte {
	raw := sha256.Sum256(cert.Raw)
	dst := make([]byte, hex.EncodedLen(len(raw)))
	hex.Encode(dst, raw[:])
	return dst
}