Skip to content

Commit

Permalink
.
Browse files Browse the repository at this point in the history
  • Loading branch information
@kdudkov
kdudkov committed Nov 5, 2023
1 parent a3a60c4 commit feb7cde
Show file tree
Hide file tree
Showing 5 changed files with 38 additions and 19 deletions.
12 changes: 2 additions & 10 deletions cmd/goatak_server/tcpserver.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,8 @@ package main

import (
"crypto/tls"
"crypto/x509"
"fmt"
"github.com/kdudkov/goatak/pkg/tlsutil"
"net"

"go.uber.org/zap"
Expand Down Expand Up @@ -88,7 +88,7 @@ func (app *App) listenTls(addr string) error {

func (app *App) verifyConnection(st tls.ConnectionState) error {
user, sn := getCertUser(&st)
app.logCert(st.PeerCertificates)
tlsutil.LogCerts(app.Logger, st.PeerCertificates...)

if !app.users.UserIsValid(user, sn) {
app.Logger.Warnf("bad user %s", user)
Expand All @@ -108,14 +108,6 @@ func getCertUser(st *tls.ConnectionState) (string, string) {
return "", ""
}

func (app *App) logCert(cert []*x509.Certificate) {
for i, cert := range cert {
app.Logger.Infof("#%d issuer: %s", i, cert.Issuer.String())
app.Logger.Infof("#%d subject: %s", i, cert.Subject.String())
app.Logger.Infof("#%d sn: %x", i, cert.SerialNumber)
}
}

func (app *App) onTlsClientConnect(username, sn string) {

}
5 changes: 3 additions & 2 deletions cmd/webclient/enroll.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -98,7 +98,6 @@ func (e *Enroller) getOrEnrollCert(uid, version string) (*tls.Certificate, []*x5
fname := fmt.Sprintf("%s_%s.p12", e.host, e.user)
if cert, cas, err := loadP12(fname, viper.GetString("ssl.password")); err == nil {
e.logger.Infof("loading cert from file %s", fname)
e.logger.Infof("cert is valid till %s", cert.Leaf.NotAfter)
return cert, cas, nil
}

Expand Down Expand Up @@ -183,6 +182,8 @@ func (e *Enroller) getOrEnrollCert(uid, version string) (*tls.Certificate, []*x5
return nil, nil, fmt.Errorf("no signed cert in answer")
}

tlsutil.LogCert(e.logger, "signed cert", cert)

if e.save {
if err := e.saveP12(key, cert, ca); err != nil {
e.logger.Errorf("%s", err)
Expand Down Expand Up @@ -257,7 +258,7 @@ func (e *Enroller) saveP12(key interface{}, cert *x509.Certificate, ca []*x509.C
}
defer f.Close()

data, err := pkcs12.Encode(rand.Reader, key, cert, ca, viper.GetString("ssl.password"))
data, err := pkcs12.Modern.Encode(key, cert, ca, viper.GetString("ssl.password"))
if err != nil {
return err
}
Expand Down
1 change: 1 addition & 0 deletions cmd/webclient/main.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -452,6 +452,7 @@ func main() {
app.Logger.Errorf("error while loading cert: %s", err.Error())
return
}
tlsutil.LogCert(app.Logger, "loaded cert", cert.Leaf)
app.tlsCert = cert
app.cas = tlsutil.MakeCertPool(cas...)
}
Expand Down
10 changes: 3 additions & 7 deletions cmd/webclient/tcp_handler.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,9 +3,9 @@ package main
import (
"crypto/tls"
"fmt"
"github.com/kdudkov/goatak/pkg/tlsutil"
"github.com/spf13/viper"
"net"
"strings"
)

func (app *App) connect() (net.Conn, error) {
Expand All @@ -25,11 +25,7 @@ func (app *App) connect() (net.Conn, error) {

app.Logger.Infof("Handshake complete: %t", cs.HandshakeComplete)
app.Logger.Infof("version: %d", cs.Version)
for i, cert := range cs.PeerCertificates {
app.Logger.Infof("cert #%d subject: %s", i, cert.Subject.String())
app.Logger.Infof("cert #%d issuer: %s", i, cert.Issuer.String())
app.Logger.Infof("cert #%d dns_names: %s", i, strings.Join(cert.DNSNames, ","))
}
tlsutil.LogCerts(app.Logger, cs.PeerCertificates...)
return conn, nil
} else {
app.Logger.Infof("connecting to %s...", addr)
Expand All @@ -41,7 +37,7 @@ func (app *App) getTlsConfig() *tls.Config {
conf := &tls.Config{
Certificates: []tls.Certificate{*app.tlsCert},
RootCAs: app.cas,
//InsecureSkipVerify: true,
ClientCAs: app.cas,
}

if !viper.GetBool("ssl.strict") {
Expand Down
29 changes: 29 additions & 0 deletions pkg/tlsutil/util.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,8 @@ import (
"crypto/rsa"
"crypto/x509"
"encoding/pem"
"fmt"
"go.uber.org/zap"
"strings"

"software.sslmate.com/src/go-pkcs12"
Expand Down Expand Up @@ -77,3 +79,30 @@ func MakeCertPool(certs ...*x509.Certificate) *x509.CertPool {

return cp
}

func LogCert(logger *zap.SugaredLogger, name string, cert *x509.Certificate) {
if cert == nil {
logger.Errorf("no %s!!!", name)
return
}
logger.Infof("%s sn: %x", name, cert.SerialNumber)
logger.Infof("%s subject: %s", name, cert.Subject.String())
logger.Infof("%s issuer: %s", name, cert.Issuer.String())
logger.Infof("%s valid till %s", name, cert.NotAfter)
if len(cert.DNSNames) > 0 {
logger.Infof("%s dns_names: %s", name, strings.Join(cert.DNSNames, ","))
}
if len(cert.IPAddresses) > 0 {
ip1 := make([]string, len(cert.IPAddresses))
for i, ip := range cert.IPAddresses {
ip1[i] = ip.String()
}
logger.Infof("%s ip_addresses: %s", name, strings.Join(ip1, ","))
}
}

func LogCerts(logger *zap.SugaredLogger, certs ...*x509.Certificate) {
for i, c := range certs {
LogCert(logger, fmt.Sprintf("cert #%d", i), c)
}
}

0 comments on commit feb7cde

Please sign in to comment.