fifos/tls.go

   1 // tofuproxy -- flexible HTTP/HTTPS proxy, TLS terminator, X.509 TOFU
   2 //              manager, WARC/geminispace browser
   3 // Copyright (C) 2021-2024 Sergey Matveev <stargrave@stargrave.org>
   4 //
   5 // This program is free software: you can redistribute it and/or modify
   6 // it under the terms of the GNU General Public License as published by
   7 // the Free Software Foundation, version 3 of the License.
   8 //
   9 // This program is distributed in the hope that it will be useful,
  10 // but WITHOUT ANY WARRANTY; without even the implied warranty of
  11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12 // GNU General Public License for more details.
  13 //
  14 // You should have received a copy of the GNU General Public License
  15 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
  16
  17 package fifos
  18
  19 import (
  20         "crypto/tls"
  21         "log"
  22         "strings"
  23
  24         "go.cypherpunks.ru/ucspi"
  25         "go.stargrave.org/tofuproxy/caches"
  26 )
  27
  28 func addTLSAuth(p string) {
  29         for {
  30                 for _, line := range readLinesFromFIFO(p) {
  31                         cols := strings.SplitN(line, " ", 2)
  32                         if len(cols) != 2 {
  33                                 log.Println("invalid add-tls-auth line format")
  34                                 continue
  35                         }
  36                         if cols[1] == "NONE" {
  37                                 caches.TLSAuthCacheM.Lock()
  38                                 caches.TLSAuthCache[cols[0]] = &tls.Certificate{}
  39                                 caches.TLSAuthCacheM.Unlock()
  40                                 log.Printf("%s: added host %s: NONE\n", p, cols[0])
  41                                 continue
  42                         }
  43                         _, cert, err := ucspi.CertificateFromFile(cols[1])
  44                         if err != nil {
  45                                 log.Fatalln(err)
  46                         }
  47                         prv, err := ucspi.PrivateKeyFromFile(cols[1])
  48                         if err != nil {
  49                                 log.Fatalln(err)
  50                         }
  51                         caches.TLSAuthCacheM.Lock()
  52                         caches.TLSAuthCache[cols[0]] = &tls.Certificate{
  53                                 Certificate: [][]byte{cert.Raw},
  54                                 PrivateKey:  prv,
  55                         }
  56                         caches.TLSAuthCacheM.Unlock()
  57                         log.Printf("%s: added host %s: %s\n", p, cols[0], cert.Subject)
  58                 }
  59         }
  60 }