2020-10-24 19:15:32 +00:00
|
|
|
package gemini
|
2020-09-22 02:09:50 +00:00
|
|
|
|
|
|
|
|
import (
|
2020-09-24 04:30:21 +00:00
|
|
|
"bufio"
|
2020-09-22 02:09:50 +00:00
|
|
|
"crypto/tls"
|
2020-09-25 23:53:50 +00:00
|
|
|
"crypto/x509"
|
2020-10-27 23:21:33 +00:00
|
|
|
"net"
|
2020-10-28 02:12:10 +00:00
|
|
|
"net/url"
|
2020-09-22 02:09:50 +00:00
|
|
|
)
|
|
|
|
|
|
2020-09-25 23:53:50 +00:00
|
|
|
// Client represents a Gemini client.
|
2020-09-26 03:06:54 +00:00
|
|
|
type Client struct {
|
|
|
|
|
// KnownHosts is a list of known hosts that the client trusts.
|
2020-09-27 18:18:30 +00:00
|
|
|
KnownHosts KnownHosts
|
2020-09-26 03:06:54 +00:00
|
|
|
|
2020-09-28 06:16:49 +00:00
|
|
|
// CertificateStore maps hostnames to certificates.
|
|
|
|
|
// It is used to determine which certificate to use when the server requests
|
|
|
|
|
// a certificate.
|
2020-10-28 03:34:06 +00:00
|
|
|
CertificateStore ClientCertificateStore
|
2020-09-26 19:14:34 +00:00
|
|
|
|
2020-10-28 02:12:10 +00:00
|
|
|
// CheckRedirect, if not nil, will be called to determine whether
|
|
|
|
|
// to follow a redirect.
|
|
|
|
|
// If CheckRedirect is nil, a default policy of no more than 5 consecutive
|
|
|
|
|
// redirects will be enforced.
|
|
|
|
|
CheckRedirect func(req *Request, via []*Request) error
|
|
|
|
|
|
2020-10-28 03:35:22 +00:00
|
|
|
// GetInput, if not nil, will be called to retrieve input when the server
|
|
|
|
|
// requests it.
|
|
|
|
|
GetInput func(prompt string, sensitive bool) (string, bool)
|
|
|
|
|
|
2020-09-28 04:29:11 +00:00
|
|
|
// GetCertificate, if not nil, will be called when a server requests a certificate.
|
|
|
|
|
// The returned certificate will be used when sending the request again.
|
|
|
|
|
// If the certificate is nil, the request will not be sent again and
|
|
|
|
|
// the response will be returned.
|
2020-10-28 03:34:06 +00:00
|
|
|
GetCertificate func(req *Request, store *ClientCertificateStore) *tls.Certificate
|
2020-09-26 19:14:34 +00:00
|
|
|
|
2020-09-26 03:06:54 +00:00
|
|
|
// TrustCertificate, if not nil, will be called to determine whether the
|
|
|
|
|
// client should trust the given certificate.
|
2020-09-26 17:27:03 +00:00
|
|
|
// If error is not nil, the connection will be aborted.
|
2020-09-27 20:10:36 +00:00
|
|
|
TrustCertificate func(hostname string, cert *x509.Certificate, knownHosts *KnownHosts) error
|
2020-09-25 23:53:50 +00:00
|
|
|
}
|
|
|
|
|
|
2020-10-27 23:21:33 +00:00
|
|
|
// Get performs a Gemini request for the given url.
|
|
|
|
|
func (c *Client) Get(url string) (*Response, error) {
|
|
|
|
|
req, err := NewRequest(url)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
return c.Do(req)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Do performs a Gemini request and returns a Gemini response.
|
|
|
|
|
func (c *Client) Do(req *Request) (*Response, error) {
|
2020-10-28 02:12:10 +00:00
|
|
|
return c.do(req, nil)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (c *Client) do(req *Request, via []*Request) (*Response, error) {
|
2020-09-25 23:53:50 +00:00
|
|
|
// Connect to the host
|
|
|
|
|
config := &tls.Config{
|
|
|
|
|
InsecureSkipVerify: true,
|
2020-09-26 04:31:16 +00:00
|
|
|
MinVersion: tls.VersionTLS12,
|
2020-09-26 19:14:34 +00:00
|
|
|
GetClientCertificate: func(info *tls.CertificateRequestInfo) (*tls.Certificate, error) {
|
2020-09-28 04:29:11 +00:00
|
|
|
// Request certificates take precedence over client certificates
|
2020-09-28 03:49:41 +00:00
|
|
|
if req.Certificate != nil {
|
|
|
|
|
return req.Certificate, nil
|
2020-09-27 23:45:48 +00:00
|
|
|
}
|
2020-09-28 04:03:42 +00:00
|
|
|
// If we have already stored the certificate, return it
|
2020-10-28 03:34:06 +00:00
|
|
|
if cert, err := c.CertificateStore.Lookup(hostname(req.Host), req.URL.Path); err == nil {
|
2020-10-12 03:48:18 +00:00
|
|
|
return cert, nil
|
2020-09-28 04:03:42 +00:00
|
|
|
}
|
2020-09-28 03:49:41 +00:00
|
|
|
return &tls.Certificate{}, nil
|
2020-09-26 19:14:34 +00:00
|
|
|
},
|
2020-10-13 20:44:46 +00:00
|
|
|
VerifyConnection: func(cs tls.ConnectionState) error {
|
|
|
|
|
cert := cs.PeerCertificates[0]
|
|
|
|
|
// Verify the hostname
|
2020-10-13 17:31:50 +00:00
|
|
|
if err := verifyHostname(cert, hostname(req.Host)); err != nil {
|
2020-09-27 17:50:48 +00:00
|
|
|
return err
|
2020-09-26 03:06:54 +00:00
|
|
|
}
|
|
|
|
|
// Check that the client trusts the certificate
|
|
|
|
|
if c.TrustCertificate == nil {
|
2020-10-13 17:31:50 +00:00
|
|
|
if err := c.KnownHosts.Lookup(hostname(req.Host), cert); err != nil {
|
2020-09-26 17:29:29 +00:00
|
|
|
return err
|
2020-09-26 03:06:54 +00:00
|
|
|
}
|
2020-10-13 17:31:50 +00:00
|
|
|
} else if err := c.TrustCertificate(hostname(req.Host), cert, &c.KnownHosts); err != nil {
|
2020-09-26 17:27:03 +00:00
|
|
|
return err
|
2020-09-26 03:06:54 +00:00
|
|
|
}
|
|
|
|
|
return nil
|
2020-09-25 23:53:50 +00:00
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
conn, err := tls.Dial("tcp", req.Host, config)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Write the request
|
|
|
|
|
w := bufio.NewWriter(conn)
|
|
|
|
|
req.write(w)
|
|
|
|
|
if err := w.Flush(); err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Read the response
|
|
|
|
|
resp := &Response{}
|
2020-10-27 23:16:55 +00:00
|
|
|
if err := resp.read(conn); err != nil {
|
2020-09-25 23:53:50 +00:00
|
|
|
return nil, err
|
|
|
|
|
}
|
2020-09-27 23:56:33 +00:00
|
|
|
// Store connection information
|
|
|
|
|
resp.TLS = conn.ConnectionState()
|
2020-09-28 03:58:45 +00:00
|
|
|
|
|
|
|
|
// Resend the request with a certificate if the server responded
|
|
|
|
|
// with CertificateRequired
|
|
|
|
|
if resp.Status == StatusCertificateRequired {
|
|
|
|
|
// Check to see if a certificate was already provided to prevent an infinite loop
|
|
|
|
|
if req.Certificate != nil {
|
|
|
|
|
return resp, nil
|
|
|
|
|
}
|
|
|
|
|
if c.GetCertificate != nil {
|
2020-10-28 03:34:06 +00:00
|
|
|
if cert := c.GetCertificate(req, &c.CertificateStore); cert != nil {
|
2020-09-28 03:58:45 +00:00
|
|
|
req.Certificate = cert
|
2020-10-27 23:21:33 +00:00
|
|
|
return c.Do(req)
|
2020-09-28 03:58:45 +00:00
|
|
|
}
|
|
|
|
|
}
|
2020-10-28 02:12:10 +00:00
|
|
|
} else if resp.Status.Class() == StatusClassRedirect {
|
|
|
|
|
if via == nil {
|
|
|
|
|
via = []*Request{}
|
|
|
|
|
}
|
|
|
|
|
via = append(via, req)
|
|
|
|
|
|
|
|
|
|
target, err := url.Parse(resp.Meta)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return resp, err
|
|
|
|
|
}
|
|
|
|
|
target = req.URL.ResolveReference(target)
|
|
|
|
|
redirect, err := NewRequestFromURL(target)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return resp, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if c.CheckRedirect != nil {
|
|
|
|
|
if err := c.CheckRedirect(redirect, via); err != nil {
|
|
|
|
|
return resp, err
|
|
|
|
|
}
|
|
|
|
|
} else if len(via) > 5 {
|
|
|
|
|
// Default policy of no more than 5 redirects
|
|
|
|
|
return resp, ErrTooManyRedirects
|
|
|
|
|
}
|
|
|
|
|
return c.do(redirect, via)
|
2020-10-28 03:35:22 +00:00
|
|
|
} else if resp.Status.Class() == StatusClassInput {
|
|
|
|
|
if c.GetInput != nil {
|
|
|
|
|
input, ok := c.GetInput(resp.Meta, resp.Status == StatusSensitiveInput)
|
|
|
|
|
if ok {
|
|
|
|
|
req.URL.ForceQuery = true
|
|
|
|
|
req.URL.RawQuery = url.QueryEscape(input)
|
|
|
|
|
return c.do(req, via)
|
|
|
|
|
}
|
|
|
|
|
}
|
2020-09-28 03:58:45 +00:00
|
|
|
}
|
2020-10-28 03:35:22 +00:00
|
|
|
|
2020-09-25 23:53:50 +00:00
|
|
|
return resp, nil
|
2020-09-24 04:30:21 +00:00
|
|
|
}
|
2020-10-27 23:21:33 +00:00
|
|
|
|
|
|
|
|
// hostname returns the host without the port.
|
|
|
|
|
func hostname(host string) string {
|
|
|
|
|
hostname, _, err := net.SplitHostPort(host)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return host
|
|
|
|
|
}
|
|
|
|
|
return hostname
|
|
|
|
|
}
|
