go-gemini/client.go

package gemini

import (
	"bufio"
	"crypto/tls"
	"crypto/x509"
	"net"
	"net/url"
)

// Client represents a Gemini client.
type Client struct {
	// KnownHosts is a list of known hosts that the client trusts.
	KnownHosts KnownHosts

	// CertificateStore maps hostnames to certificates.
	// It is used to determine which certificate to use when the server requests
	// a certificate.
	CertificateStore ClientCertificateStore

	// CheckRedirect, if not nil, will be called to determine whether
	// to follow a redirect.
	// If CheckRedirect is nil, a default policy of no more than 5 consecutive
	// redirects will be enforced.
	CheckRedirect func(req *Request, via []*Request) error

	// GetInput, if not nil, will be called to retrieve input when the server
	// requests it.
	GetInput func(prompt string, sensitive bool) (string, bool)

	// GetCertificate, if not nil, will be called when a server requests a certificate.
	// The returned certificate will be used when sending the request again.
	// If the certificate is nil, the request will not be sent again and
	// the response will be returned.
	GetCertificate func(req *Request, store *ClientCertificateStore) *tls.Certificate

	// TrustCertificate, if not nil, will be called to determine whether the
	// client should trust the given certificate.
	// If error is not nil, the connection will be aborted.
	TrustCertificate func(hostname string, cert *x509.Certificate, knownHosts *KnownHosts) error
}

// Get performs a Gemini request for the given url.
func (c *Client) Get(url string) (*Response, error) {
	req, err := NewRequest(url)
	if err != nil {
		return nil, err
	}
	return c.Do(req)
}

// Do performs a Gemini request and returns a Gemini response.
func (c *Client) Do(req *Request) (*Response, error) {
	return c.do(req, nil)
}

func (c *Client) do(req *Request, via []*Request) (*Response, error) {
	// Connect to the host
	config := &tls.Config{
		InsecureSkipVerify: true,
		MinVersion:         tls.VersionTLS12,
		GetClientCertificate: func(info *tls.CertificateRequestInfo) (*tls.Certificate, error) {
			// Request certificates take precedence over client certificates
			if req.Certificate != nil {
				return req.Certificate, nil
			}
			// If we have already stored the certificate, return it
			if cert, err := c.CertificateStore.Lookup(hostname(req.Host), req.URL.Path); err == nil {
				return cert, nil
			}
			return &tls.Certificate{}, nil
		},
		VerifyConnection: func(cs tls.ConnectionState) error {
			cert := cs.PeerCertificates[0]
			// Verify the hostname
			if err := verifyHostname(cert, hostname(req.Host)); err != nil {
				return err
			}
			// Check that the client trusts the certificate
			if c.TrustCertificate == nil {
				if err := c.KnownHosts.Lookup(hostname(req.Host), cert); err != nil {
					return err
				}
			} else if err := c.TrustCertificate(hostname(req.Host), cert, &c.KnownHosts); err != nil {
				return err
			}
			return nil
		},
	}
	conn, err := tls.Dial("tcp", req.Host, config)
	if err != nil {
		return nil, err
	}

	// Write the request
	w := bufio.NewWriter(conn)
	req.write(w)
	if err := w.Flush(); err != nil {
		return nil, err
	}

	// Read the response
	resp := &Response{}
	if err := resp.read(conn); err != nil {
		return nil, err
	}
	// Store connection information
	resp.TLS = conn.ConnectionState()

	// Resend the request with a certificate if the server responded
	// with CertificateRequired
	if resp.Status == StatusCertificateRequired {
		// Check to see if a certificate was already provided to prevent an infinite loop
		if req.Certificate != nil {
			return resp, nil
		}
		if c.GetCertificate != nil {
			if cert := c.GetCertificate(req, &c.CertificateStore); cert != nil {
				req.Certificate = cert
				return c.Do(req)
			}
		}
	} else if resp.Status.Class() == StatusClassRedirect {
		if via == nil {
			via = []*Request{}
		}
		via = append(via, req)

		target, err := url.Parse(resp.Meta)
		if err != nil {
			return resp, err
		}
		target = req.URL.ResolveReference(target)
		redirect, err := NewRequestFromURL(target)
		if err != nil {
			return resp, err
		}

		if c.CheckRedirect != nil {
			if err := c.CheckRedirect(redirect, via); err != nil {
				return resp, err
			}
		} else if len(via) > 5 {
			// Default policy of no more than 5 redirects
			return resp, ErrTooManyRedirects
		}
		return c.do(redirect, via)
	} else if resp.Status.Class() == StatusClassInput {
		if c.GetInput != nil {
			input, ok := c.GetInput(resp.Meta, resp.Status == StatusSensitiveInput)
			if ok {
				req.URL.ForceQuery = true
				req.URL.RawQuery = url.QueryEscape(input)
				return c.do(req, via)
			}
		}
	}

	return resp, nil
}

// hostname returns the host without the port.
func hostname(host string) string {
	hostname, _, err := net.SplitHostPort(host)
	if err != nil {
		return host
	}
	return hostname
}
Rename repository to go-gemini 2020-10-24 13:15:32 -06:00			`package gemini`
Add package declaration comment 2020-09-21 20:09:50 -06:00
			`import (`
Refactor 2020-09-23 22:30:21 -06:00			`"bufio"`
Add package declaration comment 2020-09-21 20:09:50 -06:00			`"crypto/tls"`
Implement configurable Client 2020-09-25 17:53:50 -06:00			`"crypto/x509"`
Add (*Client).Get function 2020-10-27 17:21:33 -06:00			`"net"`
client: Follow redirects 2020-10-27 20:12:10 -06:00			`"net/url"`
Add package declaration comment 2020-09-21 20:09:50 -06:00			`)`

Implement configurable Client 2020-09-25 17:53:50 -06:00			`// Client represents a Gemini client.`
Refactor TOFU 2020-09-25 21:06:54 -06:00			`type Client struct {`
			`// KnownHosts is a list of known hosts that the client trusts.`
Add function to write known hosts to io.Writer 2020-09-27 12:18:30 -06:00			`KnownHosts KnownHosts`
Refactor TOFU 2020-09-25 21:06:54 -06:00
Update comments 2020-09-28 00:16:49 -06:00			`// CertificateStore maps hostnames to certificates.`
			`// It is used to determine which certificate to use when the server requests`
			`// a certificate.`
Restrict client certificates to certain paths 2020-10-27 21:34:06 -06:00			`CertificateStore ClientCertificateStore`
Add preliminary CertificateStore API 2020-09-26 13:14:34 -06:00
client: Follow redirects 2020-10-27 20:12:10 -06:00			`// CheckRedirect, if not nil, will be called to determine whether`
			`// to follow a redirect.`
			`// If CheckRedirect is nil, a default policy of no more than 5 consecutive`
			`// redirects will be enforced.`
			`CheckRedirect func(req Request, via []Request) error`

Add Client.GetInput field 2020-10-27 21:35:22 -06:00			`// GetInput, if not nil, will be called to retrieve input when the server`
			`// requests it.`
			`GetInput func(prompt string, sensitive bool) (string, bool)`

Update documentation 2020-09-27 22:29:11 -06:00			`// GetCertificate, if not nil, will be called when a server requests a certificate.`
			`// The returned certificate will be used when sending the request again.`
			`// If the certificate is nil, the request will not be sent again and`
			`// the response will be returned.`
Restrict client certificates to certain paths 2020-10-27 21:34:06 -06:00			`GetCertificate func(req Request, store ClientCertificateStore) *tls.Certificate`
Add preliminary CertificateStore API 2020-09-26 13:14:34 -06:00
Refactor TOFU 2020-09-25 21:06:54 -06:00			`// TrustCertificate, if not nil, will be called to determine whether the`
			`// client should trust the given certificate.`
Differentiate between unknown and untrusted certificates 2020-09-26 11:27:03 -06:00			`// If error is not nil, the connection will be aborted.`
Make TrustCertificate accept hostname instead of request 2020-09-27 14:10:36 -06:00			`TrustCertificate func(hostname string, cert x509.Certificate, knownHosts KnownHosts) error`
Implement configurable Client 2020-09-25 17:53:50 -06:00			`}`

Add (*Client).Get function 2020-10-27 17:21:33 -06:00			`// Get performs a Gemini request for the given url.`
			`func (c Client) Get(url string) (Response, error) {`
			`req, err := NewRequest(url)`
			`if err != nil {`
			`return nil, err`
			`}`
			`return c.Do(req)`
			`}`

			`// Do performs a Gemini request and returns a Gemini response.`
			`func (c Client) Do(req Request) (*Response, error) {`
client: Follow redirects 2020-10-27 20:12:10 -06:00			`return c.do(req, nil)`
			`}`

			`func (c Client) do(req Request, via []Request) (Response, error) {`
Implement configurable Client 2020-09-25 17:53:50 -06:00			`// Connect to the host`
			`config := &tls.Config{`
			`InsecureSkipVerify: true,`
Specify minimum version of TLS 1.2 2020-09-25 22:31:16 -06:00			`MinVersion: tls.VersionTLS12,`
Add preliminary CertificateStore API 2020-09-26 13:14:34 -06:00			`GetClientCertificate: func(info tls.CertificateRequestInfo) (tls.Certificate, error) {`
Update documentation 2020-09-27 22:29:11 -06:00			`// Request certificates take precedence over client certificates`
Generate certificates on demand 2020-09-27 21:49:41 -06:00			`if req.Certificate != nil {`
			`return req.Certificate, nil`
Polish example client 2020-09-27 17:45:48 -06:00			`}`
Return certificate if it exists in the store 2020-09-27 22:03:42 -06:00			`// If we have already stored the certificate, return it`
Restrict client certificates to certain paths 2020-10-27 21:34:06 -06:00			`if cert, err := c.CertificateStore.Lookup(hostname(req.Host), req.URL.Path); err == nil {`
Implement server certificate store 2020-10-11 21:48:18 -06:00			`return cert, nil`
Return certificate if it exists in the store 2020-09-27 22:03:42 -06:00			`}`
Generate certificates on demand 2020-09-27 21:49:41 -06:00			`return &tls.Certificate{}, nil`
Add preliminary CertificateStore API 2020-09-26 13:14:34 -06:00			`},`
Move certificate verification code to VerifyConnection 2020-10-13 14:44:46 -06:00			`VerifyConnection: func(cs tls.ConnectionState) error {`
			`cert := cs.PeerCertificates[0]`
			`// Verify the hostname`
Remove (*Request).Hostname function 2020-10-13 11:31:50 -06:00			`if err := verifyHostname(cert, hostname(req.Host)); err != nil {`
Implement certificate creation 2020-09-27 11:50:48 -06:00			`return err`
Refactor TOFU 2020-09-25 21:06:54 -06:00			`}`
			`// Check that the client trusts the certificate`
			`if c.TrustCertificate == nil {`
Remove (*Request).Hostname function 2020-10-13 11:31:50 -06:00			`if err := c.KnownHosts.Lookup(hostname(req.Host), cert); err != nil {`
Remove (*KnownHosts).Has function 2020-09-26 11:29:29 -06:00			`return err`
Refactor TOFU 2020-09-25 21:06:54 -06:00			`}`
Remove (*Request).Hostname function 2020-10-13 11:31:50 -06:00			`} else if err := c.TrustCertificate(hostname(req.Host), cert, &c.KnownHosts); err != nil {`
Differentiate between unknown and untrusted certificates 2020-09-26 11:27:03 -06:00			`return err`
Refactor TOFU 2020-09-25 21:06:54 -06:00			`}`
			`return nil`
Implement configurable Client 2020-09-25 17:53:50 -06:00			`},`
			`}`
			`conn, err := tls.Dial("tcp", req.Host, config)`
			`if err != nil {`
			`return nil, err`
			`}`

			`// Write the request`
			`w := bufio.NewWriter(conn)`
			`req.write(w)`
			`if err := w.Flush(); err != nil {`
			`return nil, err`
			`}`

			`// Read the response`
			`resp := &Response{}`
Make (*Response).Body an io.ReadCloser 2020-10-27 17:16:55 -06:00			`if err := resp.read(conn); err != nil {`
Implement configurable Client 2020-09-25 17:53:50 -06:00			`return nil, err`
			`}`
Reject invalid status codes 2020-09-27 17:56:33 -06:00			`// Store connection information`
			`resp.TLS = conn.ConnectionState()`
Only generate certificates after CertificateRequired 2020-09-27 21:58:45 -06:00
			`// Resend the request with a certificate if the server responded`
			`// with CertificateRequired`
			`if resp.Status == StatusCertificateRequired {`
			`// Check to see if a certificate was already provided to prevent an infinite loop`
			`if req.Certificate != nil {`
			`return resp, nil`
			`}`
			`if c.GetCertificate != nil {`
Restrict client certificates to certain paths 2020-10-27 21:34:06 -06:00			`if cert := c.GetCertificate(req, &c.CertificateStore); cert != nil {`
Only generate certificates after CertificateRequired 2020-09-27 21:58:45 -06:00			`req.Certificate = cert`
Add (*Client).Get function 2020-10-27 17:21:33 -06:00			`return c.Do(req)`
Only generate certificates after CertificateRequired 2020-09-27 21:58:45 -06:00			`}`
			`}`
client: Follow redirects 2020-10-27 20:12:10 -06:00			`} else if resp.Status.Class() == StatusClassRedirect {`
			`if via == nil {`
			`via = []*Request{}`
			`}`
			`via = append(via, req)`

			`target, err := url.Parse(resp.Meta)`
			`if err != nil {`
			`return resp, err`
			`}`
			`target = req.URL.ResolveReference(target)`
			`redirect, err := NewRequestFromURL(target)`
			`if err != nil {`
			`return resp, err`
			`}`

			`if c.CheckRedirect != nil {`
			`if err := c.CheckRedirect(redirect, via); err != nil {`
			`return resp, err`
			`}`
			`} else if len(via) > 5 {`
			`// Default policy of no more than 5 redirects`
			`return resp, ErrTooManyRedirects`
			`}`
			`return c.do(redirect, via)`
Add Client.GetInput field 2020-10-27 21:35:22 -06:00			`} else if resp.Status.Class() == StatusClassInput {`
			`if c.GetInput != nil {`
			`input, ok := c.GetInput(resp.Meta, resp.Status == StatusSensitiveInput)`
			`if ok {`
			`req.URL.ForceQuery = true`
			`req.URL.RawQuery = url.QueryEscape(input)`
			`return c.do(req, via)`
			`}`
			`}`
Only generate certificates after CertificateRequired 2020-09-27 21:58:45 -06:00			`}`
Add Client.GetInput field 2020-10-27 21:35:22 -06:00
Implement configurable Client 2020-09-25 17:53:50 -06:00			`return resp, nil`
Refactor 2020-09-23 22:30:21 -06:00			`}`
Add (*Client).Get function 2020-10-27 17:21:33 -06:00
			`// hostname returns the host without the port.`
			`func hostname(host string) string {`
			`hostname, _, err := net.SplitHostPort(host)`
			`if err != nil {`
			`return host`
			`}`
			`return hostname`
			`}`