examples/inspectls/main.go


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95

package main

import (
	"bytes"
	"context"
	"crypto/md5"
	"crypto/tls"
	"crypto/x509"
	"encoding/hex"
	"fmt"
	"log"
	"net"
	"os"
	"strings"

	"tildegit.org/tjp/gus/gemini"
	guslog "tildegit.org/tjp/gus/contrib/log"
)

func main() {
	// Get TLS files from the environment
	certfile, keyfile := envConfig()

	// build a TLS configuration suitable for gemini
	tlsconf, err := gemini.FileTLS(certfile, keyfile)
	if err != nil {
		log.Fatal(err)
	}

	// set up the network listener
	listener, err := net.Listen("tcp4", ":1965")
	if err != nil {
		log.Fatal(err)
	}

	// add stdout logging to the request handler
	handler := guslog.Requests(os.Stdout, nil)(inspectHandler)

	// run the server
	gemini.NewServer(context.Background(), tlsconf, listener, handler).Serve()
}

func envConfig() (string, string) {
	certfile, ok := os.LookupEnv("SERVER_CERTIFICATE")
	if !ok {
		log.Fatal("missing SERVER_CERTIFICATE environment variable")
	}

	keyfile, ok := os.LookupEnv("SERVER_PRIVATEKEY")
	if !ok {
		log.Fatal("missing SERVER_PRIVATEKEY environment variable")
	}

	return certfile, keyfile
}

func inspectHandler(ctx context.Context, req *gemini.Request) *gemini.Response {
	// build and return a ```-wrapped description of the connection TLS state
	body := "```\n" + displayTLSState(req.TLSState) + "\n```"
	return gemini.Success("text/gemini", bytes.NewBufferString(body))
}

func displayTLSState(state *tls.ConnectionState) string {
	builder := &strings.Builder{}

	builder.WriteString("Version:             ")
	builder.WriteString(map[uint16]string{
		tls.VersionTLS10: "TLSv1.0",
		tls.VersionTLS11: "TLSv1.1",
		tls.VersionTLS12: "TLSv1.2",
		tls.VersionTLS13: "TLSv1.3",
		tls.VersionSSL30: "SSLv3",
	}[state.Version])
	builder.WriteString("\n")

	builder.WriteString(fmt.Sprintf("Handshake complete:  %t\n", state.HandshakeComplete))
	builder.WriteString(fmt.Sprintf("Did resume:          %t\n", state.DidResume))
	builder.WriteString(fmt.Sprintf("Cipher suite:        %x\n", state.CipherSuite))
	builder.WriteString(fmt.Sprintf("Negotiated protocol: %q\n", state.NegotiatedProtocol))
	builder.WriteString(fmt.Sprintf("Server name:         %s\n", state.ServerName))

	builder.WriteString(fmt.Sprintf("Certificates (%d)\n", len(state.PeerCertificates)))
	for i, cert := range state.PeerCertificates {
		builder.WriteString(fmt.Sprintf("  #%d:                %s\n", i+1, fingerprint(cert)))
	}

	return builder.String()
}

func fingerprint(cert *x509.Certificate) []byte {
	raw := md5.Sum(cert.Raw)
	dst := make([]byte, hex.EncodedLen(len(raw)))
	hex.Encode(dst, raw[:])
	return dst
}