fifos/tls.go

   1 /*
   2 tofuproxy -- flexible HTTP/HTTPS proxy, TLS terminator, X.509 TOFU
   3              manager, WARC/geminispace browser
   4 Copyright (C) 2021-2023 Sergey Matveev <stargrave@stargrave.org>
   5
   6 This program is free software: you can redistribute it and/or modify
   7 it under the terms of the GNU General Public License as published by
   8 the Free Software Foundation, version 3 of the License.
   9
  10 This program is distributed in the hope that it will be useful,
  11 but WITHOUT ANY WARRANTY; without even the implied warranty of
  12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  13 GNU General Public License for more details.
  14
  15 You should have received a copy of the GNU General Public License
  16 along with this program.  If not, see <http://www.gnu.org/licenses/>.
  17 */
  18
  19 package fifos
  20
  21 import (
  22         "crypto/tls"
  23         "log"
  24         "strings"
  25
  26         "go.cypherpunks.ru/ucspi"
  27         "go.stargrave.org/tofuproxy/caches"
  28 )
  29
  30 func addTLSAuth(p string) {
  31         for {
  32                 for _, line := range readLinesFromFIFO(p) {
  33                         cols := strings.SplitN(line, " ", 2)
  34                         if len(cols) != 2 {
  35                                 log.Println("invalid add-tls-auth line format")
  36                                 continue
  37                         }
  38                         if cols[1] == "NONE" {
  39                                 caches.TLSAuthCacheM.Lock()
  40                                 caches.TLSAuthCache[cols[0]] = &tls.Certificate{}
  41                                 caches.TLSAuthCacheM.Unlock()
  42                                 log.Printf("%s: added host %s: NONE\n", p, cols[0])
  43                                 continue
  44                         }
  45                         _, cert, err := ucspi.CertificateFromFile(cols[1])
  46                         if err != nil {
  47                                 log.Fatalln(err)
  48                         }
  49                         prv, err := ucspi.PrivateKeyFromFile(cols[1])
  50                         if err != nil {
  51                                 log.Fatalln(err)
  52                         }
  53                         caches.TLSAuthCacheM.Lock()
  54                         caches.TLSAuthCache[cols[0]] = &tls.Certificate{
  55                                 Certificate: [][]byte{cert.Raw},
  56                                 PrivateKey:  prv,
  57                         }
  58                         caches.TLSAuthCacheM.Unlock()
  59                         log.Printf("%s: added host %s: %s\n", p, cols[0], cert.Subject)
  60                 }
  61         }
  62 }