From 6458420454448e6621ffe026de09e8ecd21271ef Mon Sep 17 00:00:00 2001
From: adnano <me@adnano.co>
Date: Sat, 26 Sep 2020 15:14:34 -0400
Subject: [PATCH] Add preliminary CertificateStore API

---
 client.go | 15 +++++++++++++++
 store.go  | 24 ++++++++++++++++++++++++
 2 files changed, 39 insertions(+)
 create mode 100644 store.go

diff --git a/client.go b/client.go
index 615dcd6..7af5792 100644
--- a/client.go
+++ b/client.go
@@ -170,6 +170,13 @@ type Client struct {
 	// KnownHosts is a list of known hosts that the client trusts.
 	KnownHosts *KnownHosts
 
+	// CertificateStore contains all the certificates that the client has stored.
+	CertificateStore *CertificateStore
+
+	// GetCertificate, if not nil, will be called to determine which certificate
+	// (if any) should be used for a request.
+	GetCertificate func(req *Request, store *CertificateStore) *tls.Certificate
+
 	// TrustCertificate, if not nil, will be called to determine whether the
 	// client should trust the given certificate.
 	// If error is not nil, the connection will be aborted.
@@ -183,6 +190,14 @@ func (c *Client) Send(req *Request) (*Response, error) {
 		InsecureSkipVerify: true,
 		MinVersion:         tls.VersionTLS12,
 		Certificates:       []tls.Certificate{req.Certificate},
+		GetClientCertificate: func(info *tls.CertificateRequestInfo) (*tls.Certificate, error) {
+			if c.GetCertificate != nil {
+				if cert := c.GetCertificate(req, c.CertificateStore); cert != nil {
+					return cert, nil
+				}
+			}
+			return &req.Certificate, nil
+		},
 		VerifyPeerCertificate: func(rawCerts [][]byte, _ [][]*x509.Certificate) error {
 			// Parse the certificate
 			cert, err := x509.ParseCertificate(rawCerts[0])
diff --git a/store.go b/store.go
new file mode 100644
index 0000000..27ab955
--- /dev/null
+++ b/store.go
@@ -0,0 +1,24 @@
+package gemini
+
+import (
+	"crypto/x509"
+)
+
+// CertificateStore maps hostnames to certificates.
+type CertificateStore struct {
+	store map[string]*x509.Certificate // map of hostnames to certificates
+}
+
+func NewCertificateStore() *CertificateStore {
+	return &CertificateStore{
+		store: map[string]*x509.Certificate{},
+	}
+}
+
+func (c *CertificateStore) Put(hostname string, cert *x509.Certificate) {
+	c.store[hostname] = cert
+}
+
+func (c *CertificateStore) Get(hostname string) *x509.Certificate {
+	return c.store[hostname]
+}