diff --git a/go.mod b/go.mod index 9ccd0bf..02747f7 100644 --- a/go.mod +++ b/go.mod @@ -2,4 +2,9 @@ module github.com/ElMostafaIdrassi/goMutualAuthServer go 1.17 -require github.com/grantae/certinfo v0.0.0-20170412194111-59d56a35515b +require ( + github.com/grantae/certinfo v0.0.0-20170412194111-59d56a35515b + golang.org/x/net v0.0.0-20211216030914-fe4d6282115f +) + +require golang.org/x/text v0.3.6 // indirect diff --git a/go.sum b/go.sum index b70051d..26a026b 100644 --- a/go.sum +++ b/go.sum @@ -1,2 +1,10 @@ github.com/grantae/certinfo v0.0.0-20170412194111-59d56a35515b h1:NGgE5ELokSf2tZ/bydyDUKrvd/jP8lrAoPNeBuMOTOk= github.com/grantae/certinfo v0.0.0-20170412194111-59d56a35515b/go.mod h1:zT/uzhdQGTqlwTq7Lpbj3JoJQWfPfIJ1tE0OidAmih8= +golang.org/x/net v0.0.0-20211216030914-fe4d6282115f h1:hEYJvxw1lSnWIl8X9ofsYMklzaDs90JI2az5YMd4fPM= +golang.org/x/net v0.0.0-20211216030914-fe4d6282115f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= +golang.org/x/text v0.3.6 h1:aRYxNxv6iGQlyVaZmk6ZgYEDa+Jg18DxebPSrd6bg1M= +golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= diff --git a/main.go b/main.go index 5c0d350..a53dfa1 100644 --- a/main.go +++ b/main.go @@ -6,8 +6,12 @@ import ( "errors" "flag" "fmt" + "io" + "net" + "net/http" "github.com/grantae/certinfo" + "golang.org/x/net/http2" ) func tlsVersionToString(tlsVersion uint16) string { @@ -208,6 +212,9 @@ var defaultTlsCertPEM = "-----BEGIN CERTIFICATE-----\n" + func main() { + var cert tls.Certificate + var err error + tlsVersion := uint16(tls.VersionTLS10) tlsVersionFlag := flag.String("tlsversion", "1.2", "TLS version of the server") serverPort := flag.Int("port", 443, "Server port") @@ -240,8 +247,6 @@ func main() { return } - var cert tls.Certificate - var err error if *pathToServerKey == "" || *pathToServerCert == "" { cert, err = tls.X509KeyPair([]byte(defaultTlsCertPEM), []byte(defaultTlsKeyPEM)) if err != nil { @@ -306,50 +311,64 @@ func main() { return fmt.Errorf("no client certificate") } - fmt.Printf("Peer Certificate : %s\n\n", x509ToString(certs[0])) + fmt.Printf("%s\n\n", x509ToString(certs[0])) return nil } - url := "localhost:" + fmt.Sprintf("%d", *serverPort) - listener, err := tls.Listen("tcp", url, config) - if err != nil { - fmt.Printf("ERROR: tls.Listen() failed: %s\n", err) - return + address := "localhost:" + fmt.Sprintf("%d", *serverPort) + server := &http.Server{ + Addr: address, + TLSConfig: config, } - for { - fmt.Printf("INFO: Server listening...\n") - conn, err := listener.Accept() - if err != nil { - fmt.Printf("ERROR: listener.Accept() failed: %s\n\n", err) - return + server.ConnState = func(conn net.Conn, state http.ConnState) { + switch state { + case http.StateNew: + fmt.Printf("INFO: Connection State: NEW\n") + case http.StateActive: + fmt.Printf("INFO: Connection State: ACTIVE\n") + case http.StateIdle: + fmt.Printf("INFO: Connection State: IDLE\n") + case http.StateHijacked: + fmt.Printf("INFO: Connection State: HIJACKED\n") + case http.StateClosed: + fmt.Printf("INFO: Connection State: CLOSED\n") + default: + fmt.Printf("INFO: Connection State: UNKNOWN\n") } - fmt.Printf("INFO: Connection accepted from %s\n", conn.RemoteAddr()) - tlsConn, ok := conn.(*tls.Conn) + _, ok := conn.(*tls.Conn) if ok { fmt.Printf("INFO: Connection is TLS\n") } - go handleClient(tlsConn) + fmt.Print("\n") } + http2.ConfigureServer(server, nil) + http.HandleFunc("/", handler) + + fmt.Printf("INFO: Server listening...\n") + server.ListenAndServeTLS("", "") } -func handleClient(conn *tls.Conn) { - fmt.Printf("INFO: Handling connection\n\n") +func handler(w http.ResponseWriter, r *http.Request) { + w.Header().Set("Content-Type", "text") - buf := []byte("Connected!\n\n") - conn.Write(buf) + state := r.TLS - state := conn.ConnectionState() - conn.Write([]byte(fmt.Sprintf("HandshakeComplete : %v\n", state.HandshakeComplete))) - conn.Write([]byte(fmt.Sprintf("Version : %s(%v)\n", tlsVersionToString(state.Version), state.Version))) - conn.Write([]byte(fmt.Sprintf("CipherSuite : %s(%v)\n", cipherSuiteToString(state.CipherSuite), state.CipherSuite))) - conn.Write([]byte(fmt.Sprintf("NegotiatedProtocol : %s\n", state.NegotiatedProtocol))) + io.WriteString(w, "Connected!\n\n") - for i, cert := range state.PeerCertificates { - conn.Write([]byte(fmt.Sprintf("Peer Certificate %d\n", i+1))) - conn.Write([]byte(fmt.Sprintf("- Subject: %s\n", cert.Subject))) - conn.Write([]byte(fmt.Sprintf("- %s\n", x509ToString(cert)))) - } + io.WriteString(w, "=========== TLS Connection State ===========\n") + io.WriteString(w, "HandshakeComplete : "+fmt.Sprintf("%v", state.HandshakeComplete)+"\n") + io.WriteString(w, "Version : "+tlsVersionToString(state.Version)+"("+fmt.Sprintf("%v", state.Version)+")\n") + io.WriteString(w, "CipherSuite : "+tlsVersionToString(state.CipherSuite)+"("+fmt.Sprintf("%v", state.CipherSuite)+")\n") + io.WriteString(w, "NegotiatedProtocol : "+state.NegotiatedProtocol+"\n\n") + + io.WriteString(w, "=========== Request State ===========\n") + io.WriteString(w, "Protocol : "+r.Proto+"\n") + io.WriteString(w, "Remote : "+r.RemoteAddr+"\n") + io.WriteString(w, "RequestURI : "+r.RequestURI+"\n\n") - conn.Close() - fmt.Printf("INFO: Connection closed\n\n") + io.WriteString(w, "=========== Peer Certificate ===========\n") + if len(state.PeerCertificates) > 0 { + io.WriteString(w, "Subject : "+state.PeerCertificates[0].Subject.CommonName+"\n") + io.WriteString(w, "Cert : "+x509ToString(state.PeerCertificates[0])+"\n\n") + } }