Ability to remove hosts from the states, refactoring

[tofuproxy.git] / tlsauth.go

diff --git a/tlsauth.go b/tlsauth.go
index 531245d23f6e15773995a24bbc7655a4bc5c09ed..8622a0cf85abb48b1d96f2d14ed57023ff6c5816 100644 (file)
--- a/tlsauth.go
+++ b/tlsauth.go
@@ -31,6 +31,7 @@ import (
        "strings"
 
        "go.cypherpunks.ru/ucspi"
+       "go.stargrave.org/tofuproxy/caches"
        "go.stargrave.org/tofuproxy/fifos"
 )
 
@@ -38,11 +39,18 @@ var CCerts string
 
 type ClientCertificateGetter struct {
        host string
+       auth bool
 }
 
 func (g *ClientCertificateGetter) get(
        cri *tls.CertificateRequestInfo,
 ) (*tls.Certificate, error) {
+       caches.TLSAuthCacheM.RLock()
+       tlsCert := caches.TLSAuthCache[g.host]
+       caches.TLSAuthCacheM.RUnlock()
+       if tlsCert != nil {
+               return tlsCert, nil
+       }
        var b bytes.Buffer
        b.WriteString(fmt.Sprintf(`
 wm title . "TLS client authentication: %s"
@@ -107,6 +115,10 @@ grid .submit
        if err != nil {
                return &tls.Certificate{}, nil
        }
-       fifos.SinkCert <- fmt.Sprintf("ClientAuth\t%s\t%s", g.host, certs[i].Subject)
+       fifos.LogTLSAuth <- fmt.Sprintf("%s\t%s", g.host, certs[i].Subject)
+       caches.TLSAuthCacheM.Lock()
+       caches.TLSAuthCache[g.host] = tlsCerts[i]
+       caches.TLSAuthCacheM.Unlock()
+       g.auth = true
        return tlsCerts[i], nil
 }