Tls (#32)

wybiral · web-flow · commit 1217c5f4251a · 2019-04-29T13:54:09.000-05:00
* add tls, tls-listen

* add wss-listen

* version bump
diff --git a/hookah.go b/hookah.go
@@ -12,7 +12,7 @@ import (
 )
 
 // Version of hookah API.
-const Version = "2.0.0"
+const Version = "2.1.0"
 
 // API is an instance of the Hookah API.
 type API struct {
@@ -86,11 +86,14 @@ func (a *API) registerProtocols() {
 	a.RegisterProtocol("stdout", "stdout", protocols.Stdout)
 	a.RegisterProtocol("tcp", "tcp://address", protocols.TCP)
 	a.RegisterProtocol("tcp-listen", "tcp-listen://address", protocols.TCPListen)
+	a.RegisterProtocol("tls", "tls://address?cert=path&insecure=false", protocols.TLS)
+	a.RegisterProtocol("tls-listen", "tls-listen://address?cert=path&key=path", protocols.TLSListen)
 	a.RegisterProtocol("unix", "unix://path/to/sock", protocols.Unix)
 	a.RegisterProtocol("unix-listen", "unix-listen://path/to/sock", protocols.UnixListen)
 	a.RegisterProtocol("ws", "ws://address", protocols.WS)
 	a.RegisterProtocol("wss", "wss://address", protocols.WSS)
 	a.RegisterProtocol("ws-listen", "ws-listen://address", protocols.WSListen)
+	a.RegisterProtocol("wss-listen", "wss-listen://address?cert=path&key=path", protocols.WSSListen)
 }
 
 func parseOptions(op string) (string, string) {
diff --git a/internal/protocols/tls.go b/internal/protocols/tls.go
@@ -0,0 +1,52 @@
+package protocols
+
+import (
+	"crypto/tls"
+	"crypto/x509"
+	"errors"
+	"io/ioutil"
+	"net/url"
+	"strings"
+
+	"github.com/wybiral/hookah/pkg/node"
+)
+
+// TLS creates a TLS client node
+func TLS(arg string) (*node.Node, error) {
+	var opts url.Values
+	// Parse options
+	addrOpts := strings.SplitN(arg, "?", 2)
+	addr := addrOpts[0]
+	if len(addrOpts) == 2 {
+		op, err := url.ParseQuery(addrOpts[1])
+		if err != nil {
+			return nil, err
+		}
+		opts = op
+	}
+	cfg := &tls.Config{}
+	// Handle cert option
+	cert := opts.Get("cert")
+	if len(cert) != 0 {
+		pem, err := ioutil.ReadFile(cert)
+		if err != nil {
+			return nil, err
+		}
+		certPool := x509.NewCertPool()
+		certPool.AppendCertsFromPEM(pem)
+		cfg.RootCAs = certPool
+	}
+	// Handle insecure option
+	insecure := opts.Get("insecure")
+	if insecure == "true" {
+		cfg.InsecureSkipVerify = true
+	} else if insecure != "false" && len(insecure) > 0 {
+		return nil, errors.New("invalid option for insecure")
+	}
+	// Open connection with config
+	rwc, err := tls.Dial("tcp", addr, cfg)
+	if err != nil {
+		return nil, err
+	}
+	return node.New(rwc), nil
+}
diff --git a/internal/protocols/tlslisten.go b/internal/protocols/tlslisten.go
@@ -0,0 +1,44 @@
+package protocols
+
+import (
+	"crypto/tls"
+	"net/url"
+	"strings"
+
+	"github.com/wybiral/hookah/pkg/fanout"
+	"github.com/wybiral/hookah/pkg/node"
+)
+
+// TLSListen creates a TLS listener Node
+func TLSListen(arg string) (*node.Node, error) {
+	var opts url.Values
+	// Parse options
+	addrOpts := strings.SplitN(arg, "?", 2)
+	addr := addrOpts[0]
+	if len(addrOpts) == 2 {
+		op, err := url.ParseQuery(addrOpts[1])
+		if err != nil {
+			return nil, err
+		}
+		opts = op
+	}
+	// Load cert and key files
+	cert := opts.Get("cert")
+	key := opts.Get("key")
+	app := &listenApp{}
+	c, err := tls.LoadX509KeyPair(cert, key)
+	if err != nil {
+		return nil, err
+	}
+	cfg := &tls.Config{Certificates: []tls.Certificate{c}}
+	// Create listener from config
+	ln, err := tls.Listen("tcp", addr, cfg)
+	if err != nil {
+		return nil, err
+	}
+	app.ln = ln
+	app.fan = fanout.New()
+	app.ch = make(chan []byte)
+	go app.serve()
+	return node.New(app), nil
+}
diff --git a/internal/protocols/wslisten.go b/internal/protocols/wslisten.go
@@ -3,6 +3,8 @@ package protocols
 import (
 	"errors"
 	"net/http"
+	"net/url"
+	"strings"
 	"sync"
 
 	"github.com/gorilla/websocket"
@@ -41,6 +43,33 @@ func WSListen(addr string) (*node.Node, error) {
 	return node.New(app), nil
 }
 
+// WSSListen creates a wss WebSocket listener Node
+func WSSListen(arg string) (*node.Node, error) {
+	var opts url.Values
+	// Parse options
+	addrOpts := strings.SplitN(arg, "?", 2)
+	addr := addrOpts[0]
+	if len(addrOpts) == 2 {
+		op, err := url.ParseQuery(addrOpts[1])
+		if err != nil {
+			return nil, err
+		}
+		opts = op
+	}
+	// Load cert and key files
+	cert := opts.Get("cert")
+	key := opts.Get("key")
+	app := &wsListenApp{}
+	app.server = &http.Server{
+		Addr:    addr,
+		Handler: http.HandlerFunc(app.handle),
+	}
+	app.fan = fanout.New()
+	app.ch = make(chan []byte)
+	go app.server.ListenAndServeTLS(cert, key)
+	return node.New(app), nil
+}
+
 func (app *wsListenApp) Read(b []byte) (int, error) {
 	app.Lock()
 	defer app.Unlock()
