go-gemini/client.go

233 lines
6.1 KiB
Go
Raw Normal View History

2020-10-24 13:15:32 -06:00
package gemini
2020-09-21 20:09:50 -06:00
import (
2020-09-23 22:30:21 -06:00
"bufio"
2020-09-21 20:09:50 -06:00
"crypto/tls"
2020-09-25 17:53:50 -06:00
"crypto/x509"
2020-10-27 17:21:33 -06:00
"net"
2020-10-27 20:12:10 -06:00
"net/url"
2020-10-28 14:02:04 -06:00
"path"
2020-10-28 11:40:25 -06:00
"strings"
2020-10-31 18:55:56 -06:00
"time"
2020-09-21 20:09:50 -06:00
)
2020-10-28 11:40:25 -06:00
// Client is a Gemini client.
2020-09-25 21:06:54 -06:00
type Client struct {
2020-10-28 11:40:25 -06:00
// KnownHosts is a list of known hosts.
KnownHosts KnownHosts
2020-09-25 21:06:54 -06:00
2020-10-28 11:40:25 -06:00
// Certificates stores client-side certificates.
Certificates CertificateStore
2020-09-26 13:14:34 -06:00
2020-10-31 18:55:56 -06:00
// Timeout specifies a time limit for requests made by this
// Client. The timeout includes connection time and reading
// the response body. The timer remains running after
// Get and Do return and will interrupt reading of the Response.Body.
//
// A Timeout of zero means no timeout.
Timeout time.Duration
// InsecureSkipTrust specifies whether the client should trust
2020-10-31 20:50:42 -06:00
// any certificate it receives without checking KnownHosts
2020-10-31 20:45:21 -06:00
// or calling TrustCertificate.
// Use with caution.
InsecureSkipTrust bool
2020-10-31 20:45:21 -06:00
2020-10-28 11:40:25 -06:00
// GetInput is called to retrieve input when the server requests it.
// If GetInput is nil or returns false, no input will be sent and
// the response will be returned.
GetInput func(prompt string, sensitive bool) (input string, ok bool)
// CheckRedirect determines whether to follow a redirect.
2020-10-27 20:12:10 -06:00
// If CheckRedirect is nil, a default policy of no more than 5 consecutive
// redirects will be enforced.
CheckRedirect func(req *Request, via []*Request) error
2020-10-28 11:40:25 -06:00
// CreateCertificate is called to generate a certificate upon
// the request of a server.
// If CreateCertificate is nil or the returned error is not nil,
// the request will not be sent again and the response will be returned.
CreateCertificate func(hostname, path string) (tls.Certificate, error)
// TrustCertificate is called to determine whether the client
// should trust a certificate it has not seen before.
2020-10-31 21:05:31 -06:00
// If TrustCertificate is nil, the certificate will not be trusted
// and the connection will be aborted.
//
// If TrustCertificate returns TrustOnce, the certificate will be added
// to the client's list of known hosts.
// If TrustCertificate returns TrustAlways, the certificate will also be
// written to the known hosts file.
TrustCertificate func(hostname string, cert *x509.Certificate) Trust
2020-09-25 17:53:50 -06:00
}
2020-10-27 17:21:33 -06:00
// Get performs a Gemini request for the given url.
func (c *Client) Get(url string) (*Response, error) {
req, err := NewRequest(url)
if err != nil {
return nil, err
}
return c.Do(req)
}
// Do performs a Gemini request and returns a Gemini response.
func (c *Client) Do(req *Request) (*Response, error) {
2020-10-27 20:12:10 -06:00
return c.do(req, nil)
}
func (c *Client) do(req *Request, via []*Request) (*Response, error) {
2020-09-25 17:53:50 -06:00
// Connect to the host
config := &tls.Config{
InsecureSkipVerify: true,
2020-09-25 22:31:16 -06:00
MinVersion: tls.VersionTLS12,
2020-10-28 11:40:25 -06:00
GetClientCertificate: func(_ *tls.CertificateRequestInfo) (*tls.Certificate, error) {
return c.getClientCertificate(req)
2020-09-26 13:14:34 -06:00
},
VerifyConnection: func(cs tls.ConnectionState) error {
2020-10-28 11:40:25 -06:00
return c.verifyConnection(req, cs)
2020-09-25 17:53:50 -06:00
},
}
conn, err := tls.Dial("tcp", req.Host, config)
if err != nil {
return nil, err
}
2020-10-31 18:55:56 -06:00
// Set connection deadline
if d := c.Timeout; d != 0 {
conn.SetDeadline(time.Now().Add(d))
2020-10-31 18:55:56 -06:00
}
2020-09-25 17:53:50 -06:00
// Write the request
w := bufio.NewWriter(conn)
req.write(w)
if err := w.Flush(); err != nil {
return nil, err
}
// Read the response
resp := &Response{}
2020-10-27 17:16:55 -06:00
if err := resp.read(conn); err != nil {
2020-09-25 17:53:50 -06:00
return nil, err
}
2020-10-28 11:40:25 -06:00
// Store connection state
2020-09-27 17:56:33 -06:00
resp.TLS = conn.ConnectionState()
2020-10-28 11:40:25 -06:00
switch {
case resp.Status == StatusCertificateRequired:
// Check to see if a certificate was already provided to prevent an infinite loop
if req.Certificate != nil {
return resp, nil
}
2020-10-28 11:40:25 -06:00
hostname, path := req.URL.Hostname(), strings.TrimSuffix(req.URL.Path, "/")
if c.CreateCertificate != nil {
cert, err := c.CreateCertificate(hostname, path)
if err != nil {
return resp, err
}
2020-10-28 11:40:25 -06:00
c.Certificates.Add(hostname+path, cert)
return c.do(req, via)
}
return resp, ErrCertificateRequired
2020-10-28 11:40:25 -06:00
case resp.Status.Class() == StatusClassInput:
if c.GetInput != nil {
input, ok := c.GetInput(resp.Meta, resp.Status == StatusSensitiveInput)
if ok {
req.URL.ForceQuery = true
req.URL.RawQuery = url.QueryEscape(input)
return c.do(req, via)
}
}
return resp, ErrInputRequired
case resp.Status.Class() == StatusClassRedirect:
2020-10-27 20:12:10 -06:00
if via == nil {
via = []*Request{}
}
via = append(via, req)
target, err := url.Parse(resp.Meta)
if err != nil {
return resp, err
}
target = req.URL.ResolveReference(target)
redirect, err := NewRequestFromURL(target)
if err != nil {
return resp, err
}
if c.CheckRedirect != nil {
if err := c.CheckRedirect(redirect, via); err != nil {
return resp, err
}
} else if len(via) > 5 {
// Default policy of no more than 5 redirects
return resp, ErrTooManyRedirects
}
return c.do(redirect, via)
}
2020-10-27 21:35:22 -06:00
resp.Request = req
2020-09-25 17:53:50 -06:00
return resp, nil
2020-09-23 22:30:21 -06:00
}
2020-10-27 17:21:33 -06:00
2020-10-28 11:40:25 -06:00
func (c *Client) getClientCertificate(req *Request) (*tls.Certificate, error) {
// Request certificates have the highest precedence
if req.Certificate != nil {
return req.Certificate, nil
}
2020-10-28 14:02:04 -06:00
// Search recursively for the certificate
scope := req.URL.Hostname() + strings.TrimSuffix(req.URL.Path, "/")
for {
cert, err := c.Certificates.Lookup(scope)
if err == nil {
return cert, err
}
if err == ErrCertificateExpired {
break
}
scope = path.Dir(scope)
if scope == "." {
break
}
2020-10-28 11:40:25 -06:00
}
2020-10-28 14:02:04 -06:00
2020-10-28 11:40:25 -06:00
return &tls.Certificate{}, nil
}
func (c *Client) verifyConnection(req *Request, cs tls.ConnectionState) error {
// Verify the hostname
var hostname string
if host, _, err := net.SplitHostPort(req.Host); err == nil {
hostname = host
} else {
hostname = req.Host
}
cert := cs.PeerCertificates[0]
if err := verifyHostname(cert, hostname); err != nil {
return err
}
if c.InsecureSkipTrust {
2020-10-31 20:45:21 -06:00
return nil
}
// Check the known hosts
err := c.KnownHosts.Lookup(hostname, cert)
switch err {
case ErrCertificateExpired, ErrCertificateNotFound:
2020-10-31 20:45:21 -06:00
// See if the client trusts the certificate
if c.TrustCertificate != nil {
switch c.TrustCertificate(hostname, cert) {
case TrustOnce:
c.KnownHosts.AddTemporary(hostname, cert)
return nil
case TrustAlways:
c.KnownHosts.Add(hostname, cert)
return nil
}
}
2020-10-31 20:45:21 -06:00
return ErrCertificateNotTrusted
2020-10-27 17:21:33 -06:00
}
2020-10-28 11:40:25 -06:00
return err
2020-10-27 17:21:33 -06:00
}