From 494f0274ba45d8f29659ee8aea598c33e5d66294 Mon Sep 17 00:00:00 2001 From: idk Date: Sun, 28 Feb 2021 14:54:48 -0500 Subject: [PATCH] Add TLS Options --- config/dest.go | 2 +- config/tls.go | 82 +++++++++++++++++++++++++++++++++++++++++++++++ config/tunconf.go | 8 +++-- handler/pages.go | 6 +++- tcp/forwarder.go | 2 +- 5 files changed, 94 insertions(+), 6 deletions(-) diff --git a/config/dest.go b/config/dest.go index c68be90..6634850 100644 --- a/config/dest.go +++ b/config/dest.go @@ -22,6 +22,6 @@ func (c *Conf) SetClientDest(label ...string) { if v, ok := c.Get("destination", label...); ok { c.ClientDest = v } else { - c.ClientDest = v + c.ClientDest = "" } } diff --git a/config/tls.go b/config/tls.go index 5f1594b..25d8582 100644 --- a/config/tls.go +++ b/config/tls.go @@ -1,5 +1,10 @@ package i2ptunconf +import ( + "crypto/tls" + "log" +) + // GetPort443 takes an argument and a default. If the argument differs from the // default, the argument is always returned. If the argument and default are // the same and the key exists, the key is returned. If the key is absent, the @@ -25,3 +30,80 @@ func (c *Conf) SetTargetPort443(label ...string) { c.TargetForPort443 = "" } } + +// Get +func (c *Conf) GetUseTLS(arg, def bool, label ...string) bool { + if arg != def { + return arg + } + if c.Config == nil { + return arg + } + if x, o := c.GetBool("usetls", label...); o { + return x + } + return arg +} + +// SetAllowZeroHopOut sets the config to allow zero-hop tunnels +func (c *Conf) SetUseTLS(label ...string) { + if v, ok := c.GetBool("usetls", label...); ok { + c.UseTLS = v + } else { + c.UseTLS = false + } +} + +// GetTLSConfig +func (c *Conf) GetTLSConfig(arg, def string, label ...string) string { + if arg != def { + return arg + } + if c.Config == nil { + return arg + } + if x, o := c.Get("cert", label...); o { + return x + } + return arg +} + +// SetClientDest sets the key name from the config file +func (c *Conf) SetTLSConfig(label ...string) { + if v, ok := c.Get("cert", label...); ok { + c.Cert = v + } else { + c.Cert = "" + } +} + +// GetTLSConfig +func (c *Conf) GetTLSConfigPem(arg, def string, label ...string) string { + if arg != def { + return arg + } + if c.Config == nil { + return arg + } + if x, o := c.Get("pem", label...); o { + return x + } + return arg +} + +// SetClientDest sets the key name from the config file +func (c *Conf) SetTLSConfigPem(label ...string) { + if v, ok := c.Get("pem", label...); ok { + c.Pem = v + } else { + c.Pem = "" + } +} + +func (c *Conf) TLSConfig() *tls.Config { + cert, err := tls.LoadX509KeyPair(c.Cert, c.Pem) + if err != nil { + log.Fatal(err) + } + return &tls.Config{Certificates: []tls.Certificate{cert}} +} diff --git a/config/tunconf.go b/config/tunconf.go index 0c3c341..56145b4 100644 --- a/config/tunconf.go +++ b/config/tunconf.go @@ -1,7 +1,7 @@ package i2ptunconf import ( - "crypto/tls" + // "crypto/tls" "io/ioutil" "log" "os" @@ -68,8 +68,10 @@ type Conf struct { UserName string `default:""` Password string `default:""` UseTLS bool `default:false` - TLSConf *tls.Config - LoadedKeys i2pkeys.I2PKeys + Cert string `default:""` + Pem string `default:""` + //TLSConf *tls.Config + LoadedKeys i2pkeys.I2PKeys } // PrintSlice returns and prints a formatted list of configured tunnel settings. diff --git a/handler/pages.go b/handler/pages.go index ae4e3de..f5a0f15 100644 --- a/handler/pages.go +++ b/handler/pages.go @@ -1,6 +1,10 @@ package samtunnelhandler -import "fmt" +import ( + "fmt" + "net/http" + "strings" +) func DefaultCSS() string { return `.server { diff --git a/tcp/forwarder.go b/tcp/forwarder.go index ce36061..b8ac38c 100644 --- a/tcp/forwarder.go +++ b/tcp/forwarder.go @@ -361,7 +361,7 @@ func (f *SAMForwarder) Serve() error { log.Println("SAM Listener created,", f.Base32()) log.Println("Human-readable hash:\n ", f.Base32Readable()) if f.Conf.UseTLS { - f.publishListen = tls.NewListener(publishListen, f.Conf.TLSConf) + f.publishListen = tls.NewListener(publishListen, f.Conf.TLSConfig()) } else { f.publishListen = publishListen }