This repository has been archived by the owner on Feb 17, 2023. It is now read-only.
/
deceive.go
104 lines (91 loc) · 2.98 KB
/
deceive.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
/* {{{ Copyright (c) Paul R. Tagliamonte <paultag@gmail.com>, 2015
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE. }}} */
package main
import (
"crypto/tls"
"crypto/x509"
"fmt"
"io/ioutil"
"log"
"net/http"
"os"
"path"
"pault.ag/go/config"
)
type Deceive struct {
Host string `flag:"host" description:"host to serve on behalf on"`
Port int `flag:"port" description:"server port to host on"`
Cert string `flag:"cert" description:"server tls cert"`
Key string `flag:"key" description:"server tls key"`
CaCert string `flag:"ca" description:"ca cert"`
Root string `flag:"root" description:"filesystem root"`
}
func GetConfig() Deceive {
conf := Deceive{
Host: "localhost",
Port: 1984,
Cert: "/etc/deceive/deceive.crt",
Key: "/etc/deceive/deceive.key",
CaCert: "/etc/deceive/ca.crt",
Root: "/var/lib/deceive/",
}
flags, err := config.LoadFlags("deceive", &conf)
if err != nil {
panic(err)
}
flags.Parse(os.Args[1:])
if !path.IsAbs(conf.Root) {
cwd, err := os.Getwd()
if err != nil {
panic(err)
}
conf.Root = path.Clean(path.Join(cwd, conf.Root))
}
return conf
}
func main() {
conf := GetConfig()
caPool := x509.NewCertPool()
x509CaCrt, err := ioutil.ReadFile(conf.CaCert)
if err != nil {
panic(err)
}
if ok := caPool.AppendCertsFromPEM(x509CaCrt); !ok {
panic(fmt.Errorf("Error appending CA cert from PEM!"))
}
s := &http.Server{
Addr: fmt.Sprintf("%s:%d", conf.Host, conf.Port),
Handler: http.DefaultServeMux,
TLSConfig: &tls.Config{
ClientAuth: tls.RequireAndVerifyClientCert,
ClientCAs: caPool,
},
}
http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
clientName := r.TLS.PeerCertificates[0].Subject.CommonName
l := func(message string, args ...interface{}) {
log.Printf("%s: %s", clientName, fmt.Sprintf(message, args...))
}
HandleUpload(l, conf, w, r, clientName)
})
log.Printf("Listening...\n")
log.Fatal(s.ListenAndServeTLS(conf.Cert, conf.Key))
}
// vim: foldmethod=marker