reflection work so far...
This commit is contained in:
brent saner
155
funcs_tlsuri.go
155
funcs_tlsuri.go
@@ -3,12 +3,108 @@ package cryptparse
|
||||
import (
|
||||
`crypto`
|
||||
`crypto/tls`
|
||||
`fmt`
|
||||
`net`
|
||||
`net/url`
|
||||
`os`
|
||||
`strconv`
|
||||
`strings`
|
||||
)
|
||||
|
||||
/*
|
||||
SetHost allows one to explicitly set the host component of the URI.
|
||||
A host can be removed from a TlsUri by invoking this method with an empty hostAddr string.
|
||||
|
||||
No validation is performed.
|
||||
*/
|
||||
func (t *TlsUri) SetHost(hostAddr string) {
|
||||
|
||||
if t == nil {
|
||||
return
|
||||
}
|
||||
|
||||
if t.Port() == "" {
|
||||
t.Host = hostAddr
|
||||
} else {
|
||||
t.Host = fmt.Sprintf("%s:%s", hostAddr, t.Port())
|
||||
}
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
/*
|
||||
SetHostPort is a small wrapper around the SetHost and SetPort methods, combining them into one.
|
||||
|
||||
Refer to the comments for each on usage.
|
||||
*/
|
||||
func (t *TlsUri) SetHostPort(host string, port *uint16) {
|
||||
|
||||
t.SetPort(port)
|
||||
t.SetHost(host)
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
/*
|
||||
SetHostPortStr is a small wrapper around the SetHost and SetPortStr methods, combining them into one.
|
||||
|
||||
Refer to the comments for each on usage.
|
||||
*/
|
||||
func (t *TlsUri) SetHostPortStr(host string, port string) (err error) {
|
||||
|
||||
if err = t.SetPortStr(port); err != nil {
|
||||
return
|
||||
}
|
||||
t.SetHost(host)
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
/*
|
||||
SetPort allows one to explicitly set the port component of the URI.
|
||||
A port can be removed from a TlsUri by invoking this method with a nil port.
|
||||
*/
|
||||
func (t *TlsUri) SetPort(port *uint16) {
|
||||
|
||||
if t == nil {
|
||||
return
|
||||
}
|
||||
|
||||
if port == nil {
|
||||
t.Host = t.Hostname()
|
||||
} else {
|
||||
t.Host = fmt.Sprintf("%s:%d", t.Hostname(), *port)
|
||||
}
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
/*
|
||||
SetPortStr allows one to specify the port number as a string instead of a uint16 ptr.
|
||||
If port is an empty string, any existing defined port will be removed from t.
|
||||
*/
|
||||
func (t *TlsUri) SetPortStr(port string) (err error) {
|
||||
|
||||
var n uint64
|
||||
var u uint16
|
||||
|
||||
if port == "" {
|
||||
t.Host = t.Hostname()
|
||||
} else {
|
||||
if n, err = strconv.ParseUint(port, 10, 16); err == nil {
|
||||
return
|
||||
}
|
||||
if n > 65535 {
|
||||
err = ErrBadPortRange
|
||||
return
|
||||
}
|
||||
u = uint16(n)
|
||||
t.Host = fmt.Sprintf("%s:%d", t.Hostname(), u)
|
||||
}
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
/*
|
||||
WithConn returns a (crypto/)tls.Conn from an existing/already dialed net.Conn.
|
||||
|
||||
@@ -45,8 +141,8 @@ func (t *TlsUri) ToConn() (conn net.Conn, err error) {
|
||||
params = t.Query()
|
||||
|
||||
if params != nil {
|
||||
if _, ok = params[TlsUriParamNet]; ok {
|
||||
netType = params[TlsUriParamNet][0]
|
||||
if _, ok = params[ParamNet]; ok {
|
||||
netType = params[ParamNet][0]
|
||||
}
|
||||
}
|
||||
netType = strings.ToLower(netType)
|
||||
@@ -99,8 +195,8 @@ func (t *TlsUri) ToTlsConn() (conn *tls.Conn, err error) {
|
||||
params = t.Query()
|
||||
|
||||
if params != nil {
|
||||
if _, ok = params[TlsUriParamNet]; ok {
|
||||
netType = params[TlsUriParamNet][0]
|
||||
if _, ok = params[ParamNet]; ok {
|
||||
netType = params[ParamNet][0]
|
||||
}
|
||||
}
|
||||
netType = strings.ToLower(netType)
|
||||
@@ -124,7 +220,6 @@ func (t *TlsUri) ToTlsFlat() (tlsFlat *TlsFlat, err error) {
|
||||
|
||||
var b []byte
|
||||
var params url.Values
|
||||
var paramMap map[string][]string
|
||||
// These also have maps so they can backmap filenames.
|
||||
var privKeys []crypto.PrivateKey
|
||||
var privKeyMap map[string][]crypto.PrivateKey
|
||||
@@ -133,6 +228,8 @@ func (t *TlsUri) ToTlsFlat() (tlsFlat *TlsFlat, err error) {
|
||||
var isMatch bool
|
||||
var fCert *TlsFlatCert
|
||||
var val string
|
||||
var ok bool
|
||||
var paramMap map[tlsUriParam][]string = make(map[tlsUriParam][]string)
|
||||
var f TlsFlat = TlsFlat{
|
||||
SniName: t.Hostname(),
|
||||
SkipVerify: false,
|
||||
@@ -145,22 +242,24 @@ func (t *TlsUri) ToTlsFlat() (tlsFlat *TlsFlat, err error) {
|
||||
}
|
||||
|
||||
params = t.Query()
|
||||
paramMap = params
|
||||
|
||||
if params == nil {
|
||||
tlsFlat = &f
|
||||
return
|
||||
}
|
||||
|
||||
// CA cert(s).
|
||||
if t.Query().Has(TlsUriParamCa) {
|
||||
f.CaFiles = append(f.CaFiles, paramMap[TlsUriParamCa]...)
|
||||
for k, v := range params {
|
||||
paramMap[tlsUriParam(k)] = v
|
||||
}
|
||||
|
||||
// Keys and Certs. These are done first so we can match to a client certificate.
|
||||
if t.Query().Has(TlsUriParamKey) {
|
||||
// CA cert(s).
|
||||
if _, ok = paramMap[ParamCa]; ok {
|
||||
f.CaFiles = append(f.CaFiles, paramMap[ParamCa]...)
|
||||
}
|
||||
|
||||
// Keys and Certs. These are done first so we can match to a leaf certificate.
|
||||
if _, ok = paramMap[ParamKey]; ok {
|
||||
privKeyMap = make(map[string][]crypto.PrivateKey)
|
||||
for _, kFile := range paramMap[TlsUriParamKey] {
|
||||
for _, kFile := range paramMap[ParamKey] {
|
||||
if b, err = os.ReadFile(kFile); err != nil {
|
||||
return
|
||||
}
|
||||
@@ -170,13 +269,13 @@ func (t *TlsUri) ToTlsFlat() (tlsFlat *TlsFlat, err error) {
|
||||
privKeys = append(privKeys, privKeyMap[kFile]...)
|
||||
}
|
||||
}
|
||||
if t.Query().Has(TlsUriParamCert) {
|
||||
if t_, ok = paramMap[ParamCert]; ok {
|
||||
tlsCertMap = make(map[string][]tls.Certificate)
|
||||
for _, cFile := range paramMap[TlsUriParamCert] {
|
||||
for _, cFile := range paramMap[ParamCert] {
|
||||
if b, err = os.ReadFile(cFile); err != nil {
|
||||
return
|
||||
}
|
||||
if tlsCertMap[cFile], err = ParseLeafCert(b, privKeys); err != nil {
|
||||
if tlsCertMap[cFile], _, err = ParseLeafCert(b, privKeys); err != nil {
|
||||
return
|
||||
}
|
||||
tlsCerts = append(tlsCerts, tlsCertMap[cFile]...)
|
||||
@@ -201,13 +300,13 @@ func (t *TlsUri) ToTlsFlat() (tlsFlat *TlsFlat, err error) {
|
||||
}
|
||||
|
||||
// Hostname.
|
||||
if t.Query().Has(TlsUriParamSni) {
|
||||
f.SniName = t.Query().Get(TlsUriParamSni)
|
||||
if t.Query().Has(ParamSni) {
|
||||
f.SniName = t.Query().Get(ParamSni)
|
||||
}
|
||||
|
||||
// Disable verification.
|
||||
if t.Query().Has(TlsUriParamNoVerify) {
|
||||
val = strings.ToLower(t.Query().Get(TlsUriParamNoVerify))
|
||||
if t.Query().Has(ParamNoVerify) {
|
||||
val = strings.ToLower(t.Query().Get(ParamNoVerify))
|
||||
for _, i := range paramBoolValsTrue {
|
||||
if val == i {
|
||||
f.SkipVerify = true
|
||||
@@ -217,25 +316,25 @@ func (t *TlsUri) ToTlsFlat() (tlsFlat *TlsFlat, err error) {
|
||||
}
|
||||
|
||||
// Ciphers.
|
||||
if t.Query().Has(TlsUriParamCipher) {
|
||||
f.CipherSuites = params[TlsUriParamCipher]
|
||||
if t.Query().Has(ParamCipher) {
|
||||
f.CipherSuites = params[ParamCipher]
|
||||
}
|
||||
|
||||
// Minimum TLS Protocol Version.
|
||||
if t.Query().Has(TlsUriParamMinTls) {
|
||||
if t.Query().Has(ParamMinTls) {
|
||||
f.MinTlsProtocol = new(string)
|
||||
*f.MinTlsProtocol = t.Query().Get(TlsUriParamMinTls)
|
||||
*f.MinTlsProtocol = t.Query().Get(ParamMinTls)
|
||||
}
|
||||
|
||||
// Maximum TLS Protocol Version.
|
||||
if t.Query().Has(TlsUriParamMaxTls) {
|
||||
if t.Query().Has(ParamMaxTls) {
|
||||
f.MaxTlsProtocol = new(string)
|
||||
*f.MaxTlsProtocol = t.Query().Get(TlsUriParamMaxTls)
|
||||
*f.MaxTlsProtocol = t.Query().Get(ParamMaxTls)
|
||||
}
|
||||
|
||||
// Curves.
|
||||
if t.Query().Has(TlsUriParamCurve) {
|
||||
f.Curves = params[TlsUriParamCurve]
|
||||
if t.Query().Has(ParamCurve) {
|
||||
f.Curves = params[ParamCurve]
|
||||
}
|
||||
|
||||
tlsFlat = &f
|
||||
|
||||
Reference in New Issue
Block a user