go-gemini/client.go

package gmi

import (
	"bufio"
	"crypto/tls"
	"crypto/x509"
)

// Client represents a Gemini client.
type Client struct {
	// KnownHosts is a list of known hosts that the client trusts.
	KnownHosts KnownHosts

	// CertificateStore maps hostnames to certificates.
	// It is used to determine which certificate to use when the server requests
	// a certificate.
	CertificateStore CertificateStore

	// GetCertificate, if not nil, will be called when a server requests a certificate.
	// The returned certificate will be used when sending the request again.
	// If the certificate is nil, the request will not be sent again and
	// the response will be returned.
	GetCertificate func(hostname string, store *CertificateStore) *tls.Certificate

	// TrustCertificate, if not nil, will be called to determine whether the
	// client should trust the given certificate.
	// If error is not nil, the connection will be aborted.
	TrustCertificate func(hostname string, cert *x509.Certificate, knownHosts *KnownHosts) error
}

// Send sends a Gemini request and returns a Gemini response.
func (c *Client) Send(req *Request) (*Response, error) {
	// Connect to the host
	config := &tls.Config{
		InsecureSkipVerify: true,
		MinVersion:         tls.VersionTLS12,
		GetClientCertificate: func(info *tls.CertificateRequestInfo) (*tls.Certificate, error) {
			// Request certificates take precedence over client certificates
			if req.Certificate != nil {
				return req.Certificate, nil
			}
			// If we have already stored the certificate, return it
			if cert, err := c.CertificateStore.Lookup(hostname(req.Host)); err == nil {
				return cert, nil
			}
			return &tls.Certificate{}, nil
		},
		VerifyConnection: func(cs tls.ConnectionState) error {
			cert := cs.PeerCertificates[0]
			// Verify the hostname
			if err := verifyHostname(cert, hostname(req.Host)); err != nil {
				return err
			}
			// Check that the client trusts the certificate
			if c.TrustCertificate == nil {
				if err := c.KnownHosts.Lookup(hostname(req.Host), cert); err != nil {
					return err
				}
			} else if err := c.TrustCertificate(hostname(req.Host), cert, &c.KnownHosts); err != nil {
				return err
			}
			return nil
		},
	}
	conn, err := tls.Dial("tcp", req.Host, config)
	if err != nil {
		return nil, err
	}
	defer conn.Close()

	// Write the request
	w := bufio.NewWriter(conn)
	req.write(w)
	if err := w.Flush(); err != nil {
		return nil, err
	}

	// Read the response
	resp := &Response{}
	r := bufio.NewReader(conn)
	if err := resp.read(r); err != nil {
		return nil, err
	}
	// Store connection information
	resp.TLS = conn.ConnectionState()

	// Resend the request with a certificate if the server responded
	// with CertificateRequired
	if resp.Status == StatusCertificateRequired {
		// Check to see if a certificate was already provided to prevent an infinite loop
		if req.Certificate != nil {
			return resp, nil
		}
		if c.GetCertificate != nil {
			if cert := c.GetCertificate(hostname(req.Host), &c.CertificateStore); cert != nil {
				req.Certificate = cert
				return c.Send(req)
			}
		}
	}
	return resp, nil
}
Change package name to gmi 2020-09-28 00:20:59 +00:00			`package gmi`
Add package declaration comment 2020-09-22 02:09:50 +00:00
			`import (`
Refactor 2020-09-24 04:30:21 +00:00			`"bufio"`
Add package declaration comment 2020-09-22 02:09:50 +00:00			`"crypto/tls"`
Implement configurable Client 2020-09-25 23:53:50 +00:00			`"crypto/x509"`
Add package declaration comment 2020-09-22 02:09:50 +00:00			`)`

Implement configurable Client 2020-09-25 23:53:50 +00:00			`// Client represents a Gemini client.`
Refactor TOFU 2020-09-26 03:06:54 +00:00			`type Client struct {`
			`// KnownHosts is a list of known hosts that the client trusts.`
Add function to write known hosts to io.Writer 2020-09-27 18:18:30 +00:00			`KnownHosts KnownHosts`
Refactor TOFU 2020-09-26 03:06:54 +00:00
Update comments 2020-09-28 06:16:49 +00:00			`// CertificateStore maps hostnames to certificates.`
			`// It is used to determine which certificate to use when the server requests`
			`// a certificate.`
Generate certificates on demand 2020-09-28 03:49:41 +00:00			`CertificateStore CertificateStore`
Add preliminary CertificateStore API 2020-09-26 19:14:34 +00:00
Update documentation 2020-09-28 04:29:11 +00:00			`// GetCertificate, if not nil, will be called when a server requests a certificate.`
			`// The returned certificate will be used when sending the request again.`
			`// If the certificate is nil, the request will not be sent again and`
			`// the response will be returned.`
Update documentation 2020-10-12 20:34:52 +00:00			`GetCertificate func(hostname string, store CertificateStore) tls.Certificate`
Add preliminary CertificateStore API 2020-09-26 19:14:34 +00:00
Refactor TOFU 2020-09-26 03:06:54 +00:00			`// TrustCertificate, if not nil, will be called to determine whether the`
			`// client should trust the given certificate.`
Differentiate between unknown and untrusted certificates 2020-09-26 17:27:03 +00:00			`// If error is not nil, the connection will be aborted.`
Make TrustCertificate accept hostname instead of request 2020-09-27 20:10:36 +00:00			`TrustCertificate func(hostname string, cert x509.Certificate, knownHosts KnownHosts) error`
Implement configurable Client 2020-09-25 23:53:50 +00:00			`}`

			`// Send sends a Gemini request and returns a Gemini response.`
Refactor TOFU 2020-09-26 03:06:54 +00:00			`func (c Client) Send(req Request) (*Response, error) {`
Implement configurable Client 2020-09-25 23:53:50 +00:00			`// Connect to the host`
			`config := &tls.Config{`
			`InsecureSkipVerify: true,`
Specify minimum version of TLS 1.2 2020-09-26 04:31:16 +00:00			`MinVersion: tls.VersionTLS12,`
Add preliminary CertificateStore API 2020-09-26 19:14:34 +00:00			`GetClientCertificate: func(info tls.CertificateRequestInfo) (tls.Certificate, error) {`
Update documentation 2020-09-28 04:29:11 +00:00			`// Request certificates take precedence over client certificates`
Generate certificates on demand 2020-09-28 03:49:41 +00:00			`if req.Certificate != nil {`
			`return req.Certificate, nil`
Polish example client 2020-09-27 23:45:48 +00:00			`}`
Return certificate if it exists in the store 2020-09-28 04:03:42 +00:00			`// If we have already stored the certificate, return it`
Remove (*Request).Hostname function 2020-10-13 17:31:50 +00:00			`if cert, err := c.CertificateStore.Lookup(hostname(req.Host)); err == nil {`
Implement server certificate store 2020-10-12 03:48:18 +00:00			`return cert, nil`
Return certificate if it exists in the store 2020-09-28 04:03:42 +00:00			`}`
Generate certificates on demand 2020-09-28 03:49:41 +00:00			`return &tls.Certificate{}, nil`
Add preliminary CertificateStore API 2020-09-26 19:14:34 +00:00			`},`
Move certificate verification code to VerifyConnection 2020-10-13 20:44:46 +00:00			`VerifyConnection: func(cs tls.ConnectionState) error {`
			`cert := cs.PeerCertificates[0]`
			`// Verify the hostname`
Remove (*Request).Hostname function 2020-10-13 17:31:50 +00:00			`if err := verifyHostname(cert, hostname(req.Host)); err != nil {`
Implement certificate creation 2020-09-27 17:50:48 +00:00			`return err`
Refactor TOFU 2020-09-26 03:06:54 +00:00			`}`
			`// Check that the client trusts the certificate`
			`if c.TrustCertificate == nil {`
Remove (*Request).Hostname function 2020-10-13 17:31:50 +00:00			`if err := c.KnownHosts.Lookup(hostname(req.Host), cert); err != nil {`
Remove (*KnownHosts).Has function 2020-09-26 17:29:29 +00:00			`return err`
Refactor TOFU 2020-09-26 03:06:54 +00:00			`}`
Remove (*Request).Hostname function 2020-10-13 17:31:50 +00:00			`} else if err := c.TrustCertificate(hostname(req.Host), cert, &c.KnownHosts); err != nil {`
Differentiate between unknown and untrusted certificates 2020-09-26 17:27:03 +00:00			`return err`
Refactor TOFU 2020-09-26 03:06:54 +00:00			`}`
			`return nil`
Implement configurable Client 2020-09-25 23:53:50 +00:00			`},`
			`}`
			`conn, err := tls.Dial("tcp", req.Host, config)`
			`if err != nil {`
			`return nil, err`
			`}`
			`defer conn.Close()`

			`// Write the request`
			`w := bufio.NewWriter(conn)`
			`req.write(w)`
			`if err := w.Flush(); err != nil {`
			`return nil, err`
			`}`

			`// Read the response`
			`resp := &Response{}`
			`r := bufio.NewReader(conn)`
			`if err := resp.read(r); err != nil {`
			`return nil, err`
			`}`
Reject invalid status codes 2020-09-27 23:56:33 +00:00			`// Store connection information`
			`resp.TLS = conn.ConnectionState()`
Only generate certificates after CertificateRequired 2020-09-28 03:58:45 +00:00
			`// Resend the request with a certificate if the server responded`
			`// with CertificateRequired`
			`if resp.Status == StatusCertificateRequired {`
			`// Check to see if a certificate was already provided to prevent an infinite loop`
			`if req.Certificate != nil {`
			`return resp, nil`
			`}`
			`if c.GetCertificate != nil {`
Remove (*Request).Hostname function 2020-10-13 17:31:50 +00:00			`if cert := c.GetCertificate(hostname(req.Host), &c.CertificateStore); cert != nil {`
Only generate certificates after CertificateRequired 2020-09-28 03:58:45 +00:00			`req.Certificate = cert`
			`return c.Send(req)`
			`}`
			`}`
			`}`
Implement configurable Client 2020-09-25 23:53:50 +00:00			`return resp, nil`
Refactor 2020-09-24 04:30:21 +00:00			`}`