2020-09-21 20:09:50 -06:00
|
|
|
// Package gemini implements the Gemini protocol.
|
|
|
|
package gemini
|
|
|
|
|
|
|
|
import (
|
2020-09-23 22:30:21 -06:00
|
|
|
"bufio"
|
2020-09-21 20:09:50 -06:00
|
|
|
"crypto/tls"
|
2020-09-25 17:53:50 -06:00
|
|
|
"crypto/x509"
|
2020-09-21 20:09:50 -06:00
|
|
|
"errors"
|
2020-09-23 22:30:21 -06:00
|
|
|
"io/ioutil"
|
|
|
|
"net"
|
2020-09-21 20:09:50 -06:00
|
|
|
"net/url"
|
|
|
|
"strconv"
|
2020-09-25 21:06:54 -06:00
|
|
|
"strings"
|
2020-09-21 20:09:50 -06:00
|
|
|
)
|
|
|
|
|
2020-09-25 21:23:24 -06:00
|
|
|
// Client errors.
|
2020-09-21 20:09:50 -06:00
|
|
|
var (
|
2020-09-25 21:06:54 -06:00
|
|
|
ErrProtocol = errors.New("gemini: protocol error")
|
|
|
|
ErrInvalidURL = errors.New("gemini: requested URL is invalid")
|
|
|
|
ErrCertificateNotValid = errors.New("gemini: certificate is invalid")
|
|
|
|
ErrCertificateNotTrusted = errors.New("gemini: certificate is not trusted")
|
2020-09-26 11:27:03 -06:00
|
|
|
ErrCertificateUnknown = errors.New("gemini: certificate is unknown")
|
2020-09-21 20:09:50 -06:00
|
|
|
)
|
|
|
|
|
2020-09-25 17:53:50 -06:00
|
|
|
// Request represents a Gemini request.
|
2020-09-21 20:09:50 -06:00
|
|
|
type Request struct {
|
2020-09-23 23:37:57 -06:00
|
|
|
// URL specifies the URL being requested.
|
|
|
|
URL *url.URL
|
|
|
|
|
|
|
|
// For client requests, Host specifies the host on which the URL is sought.
|
|
|
|
// This field is ignored by the server.
|
|
|
|
Host string
|
|
|
|
|
2020-09-25 17:53:50 -06:00
|
|
|
// Certificate specifies the TLS certificate to use for the request.
|
2020-09-25 16:53:20 -06:00
|
|
|
Certificate tls.Certificate
|
2020-09-23 23:37:57 -06:00
|
|
|
|
|
|
|
// RemoteAddr allows servers and other software to record the network
|
|
|
|
// address that sent the request.
|
|
|
|
// This field is ignored by the client.
|
|
|
|
RemoteAddr net.Addr
|
|
|
|
|
|
|
|
// TLS allows servers and other software to record information about the TLS
|
|
|
|
// connection on which the request was recieved.
|
|
|
|
// This field is ignored by the client.
|
|
|
|
TLS tls.ConnectionState
|
2020-09-21 20:09:50 -06:00
|
|
|
}
|
|
|
|
|
2020-09-27 13:03:46 -06:00
|
|
|
// Hostname returns the request host without the port.
|
|
|
|
func (r *Request) Hostname() string {
|
|
|
|
return hostname(r.Host)
|
|
|
|
}
|
|
|
|
|
2020-09-21 20:09:50 -06:00
|
|
|
// NewRequest returns a new request. The host is inferred from the provided url.
|
|
|
|
func NewRequest(rawurl string) (*Request, error) {
|
|
|
|
u, err := url.Parse(rawurl)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
2020-09-23 23:43:03 -06:00
|
|
|
host := u.Host
|
|
|
|
|
|
|
|
// If there is no port, use the default port of 1965
|
|
|
|
if u.Port() == "" {
|
|
|
|
host += ":1965"
|
|
|
|
}
|
|
|
|
|
2020-09-21 20:09:50 -06:00
|
|
|
return &Request{
|
2020-09-23 23:43:03 -06:00
|
|
|
Host: host,
|
2020-09-21 20:09:50 -06:00
|
|
|
URL: u,
|
|
|
|
}, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// NewProxyRequest returns a new request using the provided host.
|
2020-09-23 23:43:03 -06:00
|
|
|
// The provided host must contain a port.
|
2020-09-21 20:09:50 -06:00
|
|
|
func NewProxyRequest(host, rawurl string) (*Request, error) {
|
|
|
|
u, err := url.Parse(rawurl)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
return &Request{
|
|
|
|
Host: host,
|
|
|
|
URL: u,
|
|
|
|
}, nil
|
|
|
|
}
|
|
|
|
|
2020-09-24 17:02:03 -06:00
|
|
|
// write writes the Gemini request to the provided buffered writer.
|
|
|
|
func (r *Request) write(w *bufio.Writer) error {
|
2020-09-21 20:21:51 -06:00
|
|
|
url := r.URL.String()
|
2020-09-25 16:53:20 -06:00
|
|
|
// User is invalid
|
2020-09-21 20:21:51 -06:00
|
|
|
if r.URL.User != nil || len(url) > 1024 {
|
|
|
|
return ErrInvalidURL
|
|
|
|
}
|
2020-09-24 17:02:03 -06:00
|
|
|
if _, err := w.WriteString(url); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
if _, err := w.Write(crlf); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
return nil
|
2020-09-21 20:09:50 -06:00
|
|
|
}
|
|
|
|
|
|
|
|
// Response is a Gemini response.
|
|
|
|
type Response struct {
|
2020-09-23 23:37:57 -06:00
|
|
|
// Status represents the response status.
|
2020-09-21 20:09:50 -06:00
|
|
|
Status int
|
2020-09-23 23:37:57 -06:00
|
|
|
|
|
|
|
// Meta contains more information related to the response status.
|
|
|
|
// For successful responses, Meta should contain the mimetype of the response.
|
|
|
|
// For failure responses, Meta should contain a short description of the failure.
|
|
|
|
// Meta should not be longer than 1024 bytes.
|
|
|
|
Meta string
|
|
|
|
|
|
|
|
// Body contains the response body.
|
|
|
|
Body []byte
|
|
|
|
|
|
|
|
// TLS contains information about the TLS connection on which the response
|
|
|
|
// was received.
|
|
|
|
TLS tls.ConnectionState
|
2020-09-21 20:09:50 -06:00
|
|
|
}
|
|
|
|
|
2020-09-25 17:53:50 -06:00
|
|
|
// read reads a Gemini response from the provided buffered reader.
|
|
|
|
func (resp *Response) read(r *bufio.Reader) error {
|
|
|
|
// Read the status
|
2020-09-24 17:02:03 -06:00
|
|
|
statusB := make([]byte, 2)
|
|
|
|
if _, err := r.Read(statusB); err != nil {
|
2020-09-25 17:53:50 -06:00
|
|
|
return err
|
2020-09-24 17:02:03 -06:00
|
|
|
}
|
|
|
|
status, err := strconv.Atoi(string(statusB))
|
2020-09-23 22:30:21 -06:00
|
|
|
if err != nil {
|
2020-09-25 17:53:50 -06:00
|
|
|
return err
|
2020-09-23 22:30:21 -06:00
|
|
|
}
|
2020-09-25 17:53:50 -06:00
|
|
|
resp.Status = status
|
2020-09-23 22:30:21 -06:00
|
|
|
|
2020-09-24 17:02:03 -06:00
|
|
|
// Read one space
|
|
|
|
if b, err := r.ReadByte(); err != nil {
|
2020-09-25 17:53:50 -06:00
|
|
|
return err
|
2020-09-24 17:02:03 -06:00
|
|
|
} else if b != ' ' {
|
2020-09-25 17:53:50 -06:00
|
|
|
return ErrProtocol
|
2020-09-23 22:30:21 -06:00
|
|
|
}
|
|
|
|
|
2020-09-24 17:02:03 -06:00
|
|
|
// Read the meta
|
|
|
|
meta, err := r.ReadString('\r')
|
2020-09-23 22:30:21 -06:00
|
|
|
if err != nil {
|
2020-09-25 17:53:50 -06:00
|
|
|
return err
|
2020-09-23 22:30:21 -06:00
|
|
|
}
|
2020-09-24 17:02:03 -06:00
|
|
|
// Trim carriage return
|
|
|
|
meta = meta[:len(meta)-1]
|
2020-09-24 17:22:35 -06:00
|
|
|
// Ensure meta is less than or equal to 1024 bytes
|
2020-09-23 22:30:21 -06:00
|
|
|
if len(meta) > 1024 {
|
2020-09-25 17:53:50 -06:00
|
|
|
return ErrProtocol
|
|
|
|
}
|
|
|
|
resp.Meta = meta
|
|
|
|
|
|
|
|
// Read terminating newline
|
|
|
|
if b, err := r.ReadByte(); err != nil {
|
|
|
|
return err
|
|
|
|
} else if b != '\n' {
|
|
|
|
return ErrProtocol
|
2020-09-23 22:30:21 -06:00
|
|
|
}
|
|
|
|
|
2020-09-24 17:02:03 -06:00
|
|
|
// Read response body
|
|
|
|
if status/10 == StatusClassSuccess {
|
|
|
|
var err error
|
2020-09-25 17:53:50 -06:00
|
|
|
resp.Body, err = ioutil.ReadAll(r)
|
2020-09-24 17:02:03 -06:00
|
|
|
if err != nil {
|
2020-09-25 17:53:50 -06:00
|
|
|
return err
|
2020-09-24 17:02:03 -06:00
|
|
|
}
|
|
|
|
}
|
2020-09-25 17:53:50 -06:00
|
|
|
return nil
|
|
|
|
}
|
2020-09-23 22:30:21 -06:00
|
|
|
|
2020-09-25 17:53:50 -06:00
|
|
|
// Client represents a Gemini client.
|
2020-09-25 21:06:54 -06:00
|
|
|
type Client struct {
|
|
|
|
// KnownHosts is a list of known hosts that the client trusts.
|
2020-09-27 12:18:30 -06:00
|
|
|
KnownHosts KnownHosts
|
2020-09-25 21:06:54 -06:00
|
|
|
|
2020-09-26 13:14:34 -06:00
|
|
|
// CertificateStore contains all the certificates that the client has stored.
|
|
|
|
CertificateStore *CertificateStore
|
|
|
|
|
|
|
|
// GetCertificate, if not nil, will be called to determine which certificate
|
|
|
|
// (if any) should be used for a request.
|
|
|
|
GetCertificate func(req *Request, store *CertificateStore) *tls.Certificate
|
|
|
|
|
2020-09-25 21:06:54 -06:00
|
|
|
// TrustCertificate, if not nil, will be called to determine whether the
|
|
|
|
// client should trust the given certificate.
|
2020-09-26 11:27:03 -06:00
|
|
|
// If error is not nil, the connection will be aborted.
|
2020-09-27 13:03:46 -06:00
|
|
|
TrustCertificate func(req *Request, cert *x509.Certificate, knownHosts *KnownHosts) error
|
2020-09-25 17:53:50 -06:00
|
|
|
}
|
|
|
|
|
|
|
|
// Send sends a Gemini request and returns a Gemini response.
|
2020-09-25 21:06:54 -06:00
|
|
|
func (c *Client) Send(req *Request) (*Response, error) {
|
2020-09-25 17:53:50 -06:00
|
|
|
// Connect to the host
|
|
|
|
config := &tls.Config{
|
|
|
|
InsecureSkipVerify: true,
|
2020-09-25 22:31:16 -06:00
|
|
|
MinVersion: tls.VersionTLS12,
|
2020-09-25 17:53:50 -06:00
|
|
|
Certificates: []tls.Certificate{req.Certificate},
|
2020-09-26 13:14:34 -06:00
|
|
|
GetClientCertificate: func(info *tls.CertificateRequestInfo) (*tls.Certificate, error) {
|
|
|
|
if c.GetCertificate != nil {
|
|
|
|
if cert := c.GetCertificate(req, c.CertificateStore); cert != nil {
|
|
|
|
return cert, nil
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return &req.Certificate, nil
|
|
|
|
},
|
2020-09-25 17:53:50 -06:00
|
|
|
VerifyPeerCertificate: func(rawCerts [][]byte, _ [][]*x509.Certificate) error {
|
2020-09-25 21:06:54 -06:00
|
|
|
// Parse the certificate
|
2020-09-25 17:53:50 -06:00
|
|
|
cert, err := x509.ParseCertificate(rawCerts[0])
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2020-09-25 21:06:54 -06:00
|
|
|
// Check that the certificate is valid for the hostname
|
2020-09-27 13:57:55 -06:00
|
|
|
// Use our own implementation of verifyHostname
|
|
|
|
if err := verifyHostname(cert, req.Hostname()); err != nil {
|
2020-09-27 11:50:48 -06:00
|
|
|
return err
|
2020-09-25 21:06:54 -06:00
|
|
|
}
|
|
|
|
// Check that the client trusts the certificate
|
|
|
|
if c.TrustCertificate == nil {
|
2020-09-27 13:03:46 -06:00
|
|
|
if err := c.KnownHosts.Lookup(req.Hostname(), cert); err != nil {
|
2020-09-26 11:29:29 -06:00
|
|
|
return err
|
2020-09-25 21:06:54 -06:00
|
|
|
}
|
2020-09-27 13:03:46 -06:00
|
|
|
} else if err := c.TrustCertificate(req, cert, &c.KnownHosts); err != nil {
|
2020-09-26 11:27:03 -06:00
|
|
|
return err
|
2020-09-25 21:06:54 -06:00
|
|
|
}
|
|
|
|
return nil
|
2020-09-25 17:53:50 -06:00
|
|
|
},
|
|
|
|
}
|
|
|
|
conn, err := tls.Dial("tcp", req.Host, config)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
defer conn.Close()
|
|
|
|
|
|
|
|
// Write the request
|
|
|
|
w := bufio.NewWriter(conn)
|
|
|
|
req.write(w)
|
|
|
|
if err := w.Flush(); err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
// Read the response
|
|
|
|
resp := &Response{}
|
|
|
|
r := bufio.NewReader(conn)
|
|
|
|
// Store connection information
|
|
|
|
resp.TLS = conn.ConnectionState()
|
|
|
|
if err := resp.read(r); err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
return resp, nil
|
2020-09-23 22:30:21 -06:00
|
|
|
}
|
2020-09-25 21:06:54 -06:00
|
|
|
|
|
|
|
// hostname extracts the host name from a valid host or host:port
|
|
|
|
func hostname(host string) string {
|
|
|
|
i := strings.LastIndexByte(host, ':')
|
|
|
|
if i != -1 {
|
|
|
|
return host[:i]
|
|
|
|
}
|
|
|
|
return host
|
|
|
|
}
|