go-gemini/client.go

310 lines
7.9 KiB
Go
Raw Normal View History

2020-09-27 18:20:59 -06:00
package gmi
2020-09-21 20:09:50 -06:00
import (
2020-09-23 22:30:21 -06:00
"bufio"
2020-09-21 20:09:50 -06:00
"crypto/tls"
2020-09-25 17:53:50 -06:00
"crypto/x509"
2020-09-21 20:09:50 -06:00
"errors"
2020-09-23 22:30:21 -06:00
"io/ioutil"
"net"
2020-09-21 20:09:50 -06:00
"net/url"
"strconv"
2020-09-25 21:06:54 -06:00
"strings"
"time"
2020-09-21 20:09:50 -06:00
)
// Client errors.
2020-09-21 20:09:50 -06:00
var (
2020-09-27 17:56:33 -06:00
ErrInvalidURL = errors.New("gemini: invalid URL")
ErrInvalidResponse = errors.New("gemini: invalid response")
ErrInvalidCertificate = errors.New("gemini: invalid certificate")
ErrUnknownCertificate = errors.New("gemini: unknown certificate")
2020-09-25 21:06:54 -06:00
ErrCertificateNotTrusted = errors.New("gemini: certificate is not trusted")
2020-09-21 20:09:50 -06:00
)
2020-09-25 17:53:50 -06:00
// Request represents a Gemini request.
2020-09-21 20:09:50 -06:00
type Request struct {
2020-09-23 23:37:57 -06:00
// URL specifies the URL being requested.
URL *url.URL
// For client requests, Host specifies the host on which the URL is sought.
2020-09-27 20:13:50 -06:00
// Host must contain a port.
2020-09-23 23:37:57 -06:00
// This field is ignored by the server.
Host string
2020-09-25 17:53:50 -06:00
// Certificate specifies the TLS certificate to use for the request.
2020-09-27 22:29:11 -06:00
// Request certificates take precedence over client certificates.
2020-09-27 15:39:44 -06:00
// This field is ignored by the server.
Certificate *tls.Certificate
2020-09-23 23:37:57 -06:00
// RemoteAddr allows servers and other software to record the network
// address that sent the request.
// This field is ignored by the client.
RemoteAddr net.Addr
// TLS allows servers and other software to record information about the TLS
// connection on which the request was recieved.
// This field is ignored by the client.
TLS tls.ConnectionState
2020-09-21 20:09:50 -06:00
}
// Hostname returns the request host without the port.
func (r *Request) Hostname() string {
return hostname(r.Host)
}
2020-09-27 18:37:16 -06:00
// NewRequest returns a new request. The host is inferred from the provided URL.
2020-09-21 20:09:50 -06:00
func NewRequest(rawurl string) (*Request, error) {
u, err := url.Parse(rawurl)
if err != nil {
return nil, err
}
2020-09-23 23:43:03 -06:00
host := u.Host
// If there is no port, use the default port of 1965
if u.Port() == "" {
host += ":1965"
}
2020-09-21 20:09:50 -06:00
return &Request{
2020-09-23 23:43:03 -06:00
Host: host,
2020-09-21 20:09:50 -06:00
URL: u,
}, nil
}
2020-09-27 18:37:16 -06:00
// NewRequestTo returns a new request for the provided URL to the provided host.
// The host must contain a port.
func NewRequestTo(rawurl, host string) (*Request, error) {
2020-09-21 20:09:50 -06:00
u, err := url.Parse(rawurl)
if err != nil {
return nil, err
}
return &Request{
Host: host,
URL: u,
}, nil
}
2020-09-24 17:02:03 -06:00
// write writes the Gemini request to the provided buffered writer.
func (r *Request) write(w *bufio.Writer) error {
2020-09-21 20:21:51 -06:00
url := r.URL.String()
2020-09-25 16:53:20 -06:00
// User is invalid
2020-09-21 20:21:51 -06:00
if r.URL.User != nil || len(url) > 1024 {
return ErrInvalidURL
}
2020-09-24 17:02:03 -06:00
if _, err := w.WriteString(url); err != nil {
return err
}
if _, err := w.Write(crlf); err != nil {
return err
}
return nil
2020-09-21 20:09:50 -06:00
}
// Response is a Gemini response.
type Response struct {
2020-09-23 23:37:57 -06:00
// Status represents the response status.
2020-09-21 20:09:50 -06:00
Status int
2020-09-23 23:37:57 -06:00
// Meta contains more information related to the response status.
// For successful responses, Meta should contain the mimetype of the response.
// For failure responses, Meta should contain a short description of the failure.
// Meta should not be longer than 1024 bytes.
Meta string
// Body contains the response body.
Body []byte
// TLS contains information about the TLS connection on which the response
// was received.
TLS tls.ConnectionState
2020-09-21 20:09:50 -06:00
}
2020-09-25 17:53:50 -06:00
// read reads a Gemini response from the provided buffered reader.
func (resp *Response) read(r *bufio.Reader) error {
// Read the status
2020-09-24 17:02:03 -06:00
statusB := make([]byte, 2)
if _, err := r.Read(statusB); err != nil {
2020-09-25 17:53:50 -06:00
return err
2020-09-24 17:02:03 -06:00
}
status, err := strconv.Atoi(string(statusB))
2020-09-23 22:30:21 -06:00
if err != nil {
2020-09-25 17:53:50 -06:00
return err
2020-09-23 22:30:21 -06:00
}
2020-09-25 17:53:50 -06:00
resp.Status = status
2020-09-23 22:30:21 -06:00
2020-09-27 17:56:33 -06:00
// Disregard invalid status codes
const minStatus, maxStatus = 1, 6
statusClass := status / 10
if statusClass < minStatus || statusClass > maxStatus {
return ErrInvalidResponse
}
2020-09-24 17:02:03 -06:00
// Read one space
if b, err := r.ReadByte(); err != nil {
2020-09-25 17:53:50 -06:00
return err
2020-09-24 17:02:03 -06:00
} else if b != ' ' {
2020-09-27 17:56:33 -06:00
return ErrInvalidResponse
2020-09-23 22:30:21 -06:00
}
2020-09-24 17:02:03 -06:00
// Read the meta
meta, err := r.ReadString('\r')
2020-09-23 22:30:21 -06:00
if err != nil {
2020-09-25 17:53:50 -06:00
return err
2020-09-23 22:30:21 -06:00
}
2020-09-24 17:02:03 -06:00
// Trim carriage return
meta = meta[:len(meta)-1]
2020-09-24 17:22:35 -06:00
// Ensure meta is less than or equal to 1024 bytes
2020-09-23 22:30:21 -06:00
if len(meta) > 1024 {
2020-09-27 17:56:33 -06:00
return ErrInvalidResponse
2020-09-25 17:53:50 -06:00
}
resp.Meta = meta
// Read terminating newline
if b, err := r.ReadByte(); err != nil {
return err
} else if b != '\n' {
2020-09-27 17:56:33 -06:00
return ErrInvalidResponse
2020-09-23 22:30:21 -06:00
}
2020-09-24 17:02:03 -06:00
// Read response body
if status/10 == StatusClassSuccess {
var err error
2020-09-25 17:53:50 -06:00
resp.Body, err = ioutil.ReadAll(r)
2020-09-24 17:02:03 -06:00
if err != nil {
2020-09-25 17:53:50 -06:00
return err
2020-09-24 17:02:03 -06:00
}
}
2020-09-25 17:53:50 -06:00
return nil
}
2020-09-23 22:30:21 -06:00
2020-09-25 17:53:50 -06:00
// Client represents a Gemini client.
2020-09-25 21:06:54 -06:00
type Client struct {
// KnownHosts is a list of known hosts that the client trusts.
KnownHosts KnownHosts
2020-09-25 21:06:54 -06:00
2020-09-26 13:14:34 -06:00
// CertificateStore contains all the certificates that the client has stored.
2020-09-27 21:49:41 -06:00
CertificateStore CertificateStore
2020-09-26 13:14:34 -06:00
2020-09-27 22:29:11 -06:00
// GetCertificate, if not nil, will be called when a server requests a certificate.
// The returned certificate will be used when sending the request again.
// If the certificate is nil, the request will not be sent again and
// the response will be returned.
2020-09-27 21:49:41 -06:00
GetCertificate func(hostname string, store CertificateStore) *tls.Certificate
2020-09-26 13:14:34 -06:00
2020-09-25 21:06:54 -06:00
// TrustCertificate, if not nil, will be called to determine whether the
// client should trust the given certificate.
// If error is not nil, the connection will be aborted.
TrustCertificate func(hostname string, cert *x509.Certificate, knownHosts *KnownHosts) error
2020-09-25 17:53:50 -06:00
}
// Send sends a Gemini request and returns a Gemini response.
2020-09-25 21:06:54 -06:00
func (c *Client) Send(req *Request) (*Response, error) {
2020-09-25 17:53:50 -06:00
// Connect to the host
config := &tls.Config{
InsecureSkipVerify: true,
2020-09-25 22:31:16 -06:00
MinVersion: tls.VersionTLS12,
2020-09-26 13:14:34 -06:00
GetClientCertificate: func(info *tls.CertificateRequestInfo) (*tls.Certificate, error) {
2020-09-27 22:29:11 -06:00
// Request certificates take precedence over client certificates
2020-09-27 21:49:41 -06:00
if req.Certificate != nil {
return req.Certificate, nil
2020-09-27 17:45:48 -06:00
}
// If we have already stored the certificate, return it
if c.CertificateStore != nil {
if cert, ok := c.CertificateStore[req.Hostname()]; ok {
return cert, nil
}
}
2020-09-27 21:49:41 -06:00
return &tls.Certificate{}, nil
2020-09-26 13:14:34 -06:00
},
2020-09-25 17:53:50 -06:00
VerifyPeerCertificate: func(rawCerts [][]byte, _ [][]*x509.Certificate) error {
2020-09-25 21:06:54 -06:00
// Parse the certificate
2020-09-25 17:53:50 -06:00
cert, err := x509.ParseCertificate(rawCerts[0])
if err != nil {
return err
}
// Validate the certificate
if !validCertificate(cert) {
return ErrInvalidCertificate
}
2020-09-25 21:06:54 -06:00
// Check that the certificate is valid for the hostname
// Use our own implementation of verifyHostname
if err := verifyHostname(cert, req.Hostname()); err != nil {
2020-09-27 11:50:48 -06:00
return err
2020-09-25 21:06:54 -06:00
}
// Check that the client trusts the certificate
if c.TrustCertificate == nil {
if err := c.KnownHosts.Lookup(req.Hostname(), cert); err != nil {
2020-09-26 11:29:29 -06:00
return err
2020-09-25 21:06:54 -06:00
}
} else if err := c.TrustCertificate(req.Hostname(), cert, &c.KnownHosts); err != nil {
return err
2020-09-25 21:06:54 -06:00
}
return nil
2020-09-25 17:53:50 -06:00
},
}
conn, err := tls.Dial("tcp", req.Host, config)
if err != nil {
return nil, err
}
defer conn.Close()
// Write the request
w := bufio.NewWriter(conn)
req.write(w)
if err := w.Flush(); err != nil {
return nil, err
}
// Read the response
resp := &Response{}
r := bufio.NewReader(conn)
if err := resp.read(r); err != nil {
return nil, err
}
2020-09-27 17:56:33 -06:00
// Store connection information
resp.TLS = conn.ConnectionState()
// Resend the request with a certificate if the server responded
// with CertificateRequired
if resp.Status == StatusCertificateRequired {
// Check to see if a certificate was already provided to prevent an infinite loop
if req.Certificate != nil {
return resp, nil
}
if c.GetCertificate != nil {
if cert := c.GetCertificate(req.Hostname(), c.CertificateStore); cert != nil {
req.Certificate = cert
return c.Send(req)
}
}
}
2020-09-25 17:53:50 -06:00
return resp, nil
2020-09-23 22:30:21 -06:00
}
2020-09-25 21:06:54 -06:00
// validCertificate determines whether cert is a valid certificate
func validCertificate(cert *x509.Certificate) bool {
// Check notBefore and notAfter
now := time.Now()
if cert.NotBefore.After(now) {
return false
}
if cert.NotAfter.Before(now) {
return false
}
// No need to check hash algorithms, hopefully tls has checked for us already
return true
}
2020-09-25 21:06:54 -06:00
// hostname extracts the host name from a valid host or host:port
func hostname(host string) string {
i := strings.LastIndexByte(host, ':')
if i != -1 {
return host[:i]
}
return host
}