more work on websocket support

2020-05-04 22:29:10 -04:00 · 2020-05-04 22:29:10 -04:00 · 3dc5c8de78
commit 3dc5c8de78
parent 25813f6d3a
17 changed files with 830 additions and 444 deletions
--- a/irc/utils/crypto.go
+++ b/irc/utils/crypto.go
@ -5,12 +5,16 @@ package utils

 import (
 	"crypto/rand"
+	"crypto/sha256"
 	"crypto/subtle"
+	"crypto/tls"
 	"encoding/base32"
 	"encoding/base64"
 	"encoding/hex"
 	"errors"
+	"net"
 	"strings"
+	"time"
 )

 var (
@ -18,6 +22,10 @@ var (
 	B32Encoder = base32.NewEncoding("abcdefghijkmnpqrstuvwxyz23456789").WithPadding(base32.NoPadding)

 	ErrInvalidCertfp = errors.New("Invalid certfp")
+
+	ErrNoPeerCerts = errors.New("No certfp available")
+
+	ErrNotTLS = errors.New("Connection is not TLS")
 )

 const (
@ -83,3 +91,29 @@ func NormalizeCertfp(certfp string) (result string, err error) {
 	}
 	return
 }
+
+func GetCertFP(conn net.Conn, handshakeTimeout time.Duration) (result string, err error) {
+	tlsConn, isTLS := conn.(*tls.Conn)
+	if !isTLS {
+		return "", ErrNotTLS
+	}
+
+	// ensure handshake is performed
+	tlsConn.SetDeadline(time.Now().Add(handshakeTimeout))
+	err = tlsConn.Handshake()
+	tlsConn.SetDeadline(time.Time{})
+
+	if err != nil {
+		return "", err
+	}
+
+	peerCerts := tlsConn.ConnectionState().PeerCertificates
+	if len(peerCerts) < 1 {
+		return "", ErrNoPeerCerts
+	}
+
+	rawCert := sha256.Sum256(peerCerts[0].Raw)
+	fingerprint := hex.EncodeToString(rawCert[:])
+
+	return fingerprint, nil
+}