Merge pull request #1 from k8spacket/tls-certificates

Show server TLS certificate chain

go.mod

@@ -3,10 +3,13 @@ module github.com/k8spacket/plugins
 go 1.19
 
 require (
+	github.com/HouzuoGuo/tiedot v0.0.0-20210905174726-ae1e16866d06
+	github.com/fatih/structs v1.1.0
+	github.com/grantae/certinfo v0.0.0-20170412194111-59d56a35515b
 	github.com/inhies/go-bytesize v0.0.0-20220417184213-4913239db9cf
 	github.com/k8spacket/k8s-api v1.0.1
 	github.com/k8spacket/plugin-api v1.0.1
-	github.com/k8spacket/tls-api v1.0.1
+	github.com/k8spacket/tls-api v1.1.0
 	github.com/prometheus/client_golang v1.13.0
 )
 

go.sum

@@ -33,6 +33,8 @@ cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
+github.com/HouzuoGuo/tiedot v0.0.0-20210905174726-ae1e16866d06 h1:FSsxozhq5B9sstCWB1WMvZU/j0zKFFga0F6Wo5+9DGg=
+github.com/HouzuoGuo/tiedot v0.0.0-20210905174726-ae1e16866d06/go.mod h1:J2FcoVwTshOscfh8D4LCCVRoHJJQTeCAEkeRSVGnLQs=
 github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
 github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
 github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
@@ -69,6 +71,8 @@ github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1m
 github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
 github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ=
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
+github.com/fatih/structs v1.1.0 h1:Q7juDM0QtcnhCpeyLGQKyg4TOIghuNXrkL32pHAUMxo=
+github.com/fatih/structs v1.1.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga6PJ7M=
 github.com/flowstack/go-jsonschema v0.1.1/go.mod h1:yL7fNggx1o8rm9RlgXv7hTBWxdBM0rVwpMwimd3F3N0=
 github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
 github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
@@ -156,6 +160,8 @@ github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm4
 github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
 github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
+github.com/grantae/certinfo v0.0.0-20170412194111-59d56a35515b h1:NGgE5ELokSf2tZ/bydyDUKrvd/jP8lrAoPNeBuMOTOk=
+github.com/grantae/certinfo v0.0.0-20170412194111-59d56a35515b/go.mod h1:zT/uzhdQGTqlwTq7Lpbj3JoJQWfPfIJ1tE0OidAmih8=
 github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw=
 github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
@@ -178,8 +184,8 @@ github.com/k8spacket/k8s-api v1.0.1 h1:Zhkc6euzAUrD6FlifAH5xbqOrwLXdgJIqEjk0/1KE
 github.com/k8spacket/k8s-api v1.0.1/go.mod h1:MqV2Is7Xh4d2lWw78+FfbGR4450LKC0tFLN4Wmmwj8k=
 github.com/k8spacket/plugin-api v1.0.1 h1:5fDKq8qMsaaM29dQut55nK6is5ziGfiutT1ve1NldfM=
 github.com/k8spacket/plugin-api v1.0.1/go.mod h1:iFuvZBsxRjfksSFq7OH/v2xF4JeweadfFGYdMH3G0nw=
-github.com/k8spacket/tls-api v1.0.1 h1:Ylak2MjqXbxPHUJ5mZz5hmAYpjkbt+V0knB+4BpxJ4g=
-github.com/k8spacket/tls-api v1.0.1/go.mod h1:wUltWxHamge/bAKQQGfm60eL0brUSBYUIxJ65W1sP1k=
+github.com/k8spacket/tls-api v1.1.0 h1:0qWZ8oR90GVSW0bkbgYN6eQdZpUAgqLwsa6M1n8WKpw=
+github.com/k8spacket/tls-api v1.1.0/go.mod h1:wUltWxHamge/bAKQQGfm60eL0brUSBYUIxJ65W1sP1k=
 github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=

tls-parser/main.go

@@ -5,23 +5,26 @@ import (
 	"github.com/k8spacket/plugins/tls-parser/log"
 	"github.com/k8spacket/plugins/tls-parser/metrics"
 	"github.com/k8spacket/plugins/tls-parser/metrics/connections"
+	"github.com/k8spacket/tls-api/model"
 )
 
 type stream plugin_api.ReassembledStream
 
 func (s stream) InitPlugin(manager plugin_api.PluginManager) {
 	tls_parser_log.BuildLogger()
 	manager.RegisterPlugin(s)
-	manager.RegisterHttpHandler("/tlsparser/connections", connections.TLSConnectionHandler)
-	manager.RegisterHttpHandler("/tlsparser/api/data", connections.TLSParserHandler)
+	manager.RegisterHttpHandler("/tlsparser/connections/", connections.TLSConnectionHandler)
+	manager.RegisterHttpHandler("/tlsparser/api/data/", connections.TLSParserConnectionsHandler)
 }
 
 func (s stream) DistributeReassembledStream(reassembledStream plugin_api.ReassembledStream) {
 	metrics.StoreStreamMetrics(reassembledStream)
 }
 
 func (s stream) DistributeTCPPacketPayload(tcpPacketPayload plugin_api.TCPPacketPayload) {
-	metrics.CollectTCPPacketPayload(tcpPacketPayload)
+	if len(tcpPacketPayload.Payload) > 5 && tcpPacketPayload.Payload[0] == model.TLSRecord {
+		metrics.CollectTCPPacketPayload(tcpPacketPayload.StreamId, tcpPacketPayload.Payload)
+	}
 }
 
 func init() {}

tls-parser/metrics/connections/controller.go

@@ -2,35 +2,28 @@ package connections
 
 import (
 	"encoding/json"
-	"fmt"
+	"github.com/k8spacket/plugins/tls-parser/metrics/db"
 	"github.com/k8spacket/plugins/tls-parser/metrics/model"
 	"net/http"
-	"sync"
+	"reflect"
+	"strconv"
+	"strings"
 )
 
-var (
-	tlsConnectionItems      = make(map[string]metrics.TLSConnection)
-	tlsConnectionItemsMutex = sync.RWMutex{}
-)
-
-func TLSConnectionHandler(w http.ResponseWriter, _ *http.Request) {
-	tlsConnectionItemsMutex.RLock()
-	values := make([]metrics.TLSConnection, 0, len(tlsConnectionItems))
-	for _, v := range tlsConnectionItems {
-		values = append(values, v)
-	}
-	tlsConnectionItemsMutex.RUnlock()
-
-	w.Header().Set("Content-Type", "application/json")
-	err := json.NewEncoder(w).Encode(values)
-	if err != nil {
-		panic(err)
+func TLSConnectionHandler(w http.ResponseWriter, req *http.Request) {
+	idParam := strings.TrimPrefix(req.URL.Path, "/tlsparser/connections/")
+	var id, _ = strconv.Atoi(idParam)
+	if id > 0 {
+		w.Header().Set("Content-Type", "application/json")
+		var tlsDetails = db.Read(id, metrics.TLSDetails{})
+		if !reflect.DeepEqual(tlsDetails, metrics.TLSDetails{}) {
+			_ = json.NewEncoder(w).Encode(db.Read(id, metrics.TLSDetails{}))
+		} else {
+			w.WriteHeader(http.StatusNotFound)
+			w.Write([]byte("Not Found 404"))
+		}
+	} else {
+		w.Header().Set("Content-Type", "application/json")
+		_ = json.NewEncoder(w).Encode(db.ReadAll(metrics.TLSConnection{}))
 	}
 }
-
-func AddTLSConnection(tlsConnection metrics.TLSConnection) {
-	tlsConnectionItemsMutex.Lock()
-	var key = fmt.Sprintf("%s-%s", tlsConnection.Src, tlsConnection.Dst)
-	tlsConnectionItems[key] = tlsConnection
-	tlsConnectionItemsMutex.Unlock()
-}

tls-parser/metrics/connections/o11y_controller.go

@@ -8,20 +8,40 @@ import (
 	"io"
 	"net/http"
 	"os"
+	"reflect"
+	"strings"
 )
 
-func TLSParserHandler(w http.ResponseWriter, r *http.Request) {
+func TLSParserConnectionsHandler(w http.ResponseWriter, req *http.Request) {
+	idParam := strings.TrimPrefix(req.URL.Path, "/tlsparser/api/data/")
+	if len(strings.TrimSpace(idParam)) > 0 {
+		resultFunc := func(destination, source metrics.TLSDetails) metrics.TLSDetails {
+			if !reflect.DeepEqual(source, metrics.TLSDetails{}) {
+				return source
+			} else {
+				return destination
+			}
+		}
+		buildResponse(w, fmt.Sprintf("http://%%s:%s/tlsparser/connections/%s?%s", os.Getenv("K8S_PACKET_TCP_LISTENER_PORT"), idParam, req.URL.Query().Encode()), metrics.TLSDetails{}, resultFunc)
+	} else {
+		resultFunc := func(destination, source []metrics.TLSConnection) []metrics.TLSConnection {
+			return append(destination, source...)
+		}
+		buildResponse(w, fmt.Sprintf("http://%%s:%s/tlsparser/connections/?%s", os.Getenv("K8S_PACKET_TCP_LISTENER_PORT"), req.URL.Query().Encode()), []metrics.TLSConnection{}, resultFunc)
+	}
+}
+
+func buildResponse[T metrics.TLSDetails | []metrics.TLSConnection](w http.ResponseWriter, url string, t T, resultFunc func(d T, s T) T) {
 	var k8spacketIps = k8s.GetPodIPsByLabel("name", os.Getenv("K8S_PACKET_NAME_LABEL_VALUE"))
 
-	var in []metrics.TLSConnection
-	var tlsConnectionItems []metrics.TLSConnection
+	var in T
+	out := t
 
 	for _, ip := range k8spacketIps {
-		resp, err := http.Get(fmt.Sprintf("http://%s:%s/tlsparser/connections?%s", ip, os.Getenv("K8S_PACKET_TCP_LISTENER_PORT"), r.URL.Query().Encode()))
+		resp, err := http.Get(fmt.Sprintf(url, ip))
 
 		if err != nil {
-			fmt.Print(err.Error())
-			os.Exit(1)
+			continue
 		}
 
 		responseData, err := io.ReadAll(resp.Body)
@@ -31,16 +51,12 @@ func TLSParserHandler(w http.ResponseWriter, r *http.Request) {
 
 		err = json.Unmarshal(responseData, &in)
 		if err != nil {
-			panic(err)
+			continue
 		}
 
-		tlsConnectionItems = append(tlsConnectionItems, in...)
+		out = resultFunc(out, in)
 	}
 
 	w.Header().Set("Content-Type", "application/json")
-	err := json.NewEncoder(w).Encode(tlsConnectionItems)
-	if err != nil {
-		panic(err)
-	}
-
+	_ = json.NewEncoder(w).Encode(out)
 }

tls-parser/metrics/db/db.go

@@ -0,0 +1,90 @@
+package db
+
+import (
+	"encoding/json"
+	"github.com/HouzuoGuo/tiedot/db"
+	"github.com/fatih/structs"
+	"github.com/k8spacket/plugins/tls-parser/metrics/model"
+)
+
+const connectionColName = "TLSConnections"
+const detailsColName = "TLSDetails"
+
+var connectionsCol, detailsCol = buildDatabase()
+
+func buildDatabase() (*db.Col, *db.Col) {
+
+	dbDir := "./Database"
+
+	database, err := db.OpenDB(dbDir)
+	if err != nil {
+		panic(err)
+	}
+
+	if database.ColExists(connectionColName) == false {
+		if err := database.Create(connectionColName); err != nil {
+			panic(err)
+		}
+		if err := database.Use(connectionColName).Index([]string{"id"}); err != nil {
+			panic(err)
+		}
+	}
+	if database.ColExists(detailsColName) == false {
+		if err := database.Create(detailsColName); err != nil {
+			panic(err)
+		}
+		if err := database.Use(detailsColName).Index([]string{"id"}); err != nil {
+			panic(err)
+		}
+	}
+
+	return database.Use(connectionColName), database.Use(detailsColName)
+}
+
+func Insert[T metrics.TLSDetails | metrics.TLSConnection](id int, document T) {
+	var col = getCol(document)
+	var doc, _ = col.Read(id)
+	if len(doc) > 0 {
+		_ = col.Update(id, structs.Map(document))
+	} else {
+		_ = col.InsertRecovery(id, structs.Map(document))
+	}
+}
+
+func Read[T metrics.TLSDetails | metrics.TLSConnection](docId int, s T) T {
+	var document, _ = getCol(s).Read(docId)
+	var jsonBytes, _ = json.Marshal(document)
+	_ = json.Unmarshal(jsonBytes, &s)
+	return s
+}
+
+func ReadAll[T metrics.TLSDetails | metrics.TLSConnection](s T) []T {
+	col := getCol(s)
+
+	var query interface{}
+	err := json.Unmarshal([]byte(`["all"]`), &query)
+	if err != nil {
+		return nil
+	}
+
+	queryResult := make(map[int]struct{})
+	if err := db.EvalQuery(query, col, &queryResult); err != nil {
+		panic(err)
+	}
+
+	var result []T
+	for id := range queryResult {
+		result = append(result, Read(id, s))
+	}
+	return result
+}
+
+func getCol[T metrics.TLSDetails | metrics.TLSConnection](s T) *db.Col {
+	switch any(s).(type) {
+	case metrics.TLSConnection:
+		return connectionsCol
+	case metrics.TLSDetails:
+		return detailsCol
+	}
+	return nil
+}