tlsexamps/tlsuc2/tlsuc2.go

   1 //
   2 // Copyright © 2013-2016 Guy M. Allard
   3 //
   4 // Licensed under the Apache License, Version 2.0 (the "License");
   5 // you may not use this file except in compliance with the License.
   6 // You may obtain a copy of the License at
   7 //
   8 //     http://www.apache.org/licenses/LICENSE-2.0
   9 //
  10 // Unless required by applicable law or agreed to in writing, software
  11 // distributed under the License is distributed on an "AS IS" BASIS,
  12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13 // See the License for the specific language governing permissions and
  14 // limitations under the License.
  15 //
  16
  17 /*
  18 Connect and Disconnect from a STOMP broker with a TLS connection, use case 2.
  19
  20         TLS Use Case 2 - client *does* authenticate broker.
  21
  22         Subcase 2.A - Message broker configuration does *not* require client authentication
  23
  24                 - Expect connection success because  the client did authenticate the
  25                 broker's certificate.
  26
  27         Subcase 2.B - Message broker configuration *does* require client authentication
  28
  29         - Expect connection failure (broker must be sent a valid client certificate)
  30
  31         Example use might be:
  32
  33                 go build
  34                 ./tlsuc2 -srvCAFile=/ad3/gma/sslwork/2013/TestCA.crt # PEM format file
  35
  36 */
  37 package main
  38
  39 import (
  40         "crypto/tls"
  41         "crypto/x509"
  42         "encoding/pem"
  43         "flag"
  44         "io/ioutil"
  45         "log"
  46         "net"
  47         //
  48         "github.com/gmallard/stompngo"
  49         "github.com/gmallard/stompngo_examples/sngecomm"
  50 )
  51
  52 var (
  53         exampid    = "tlsuc2:"
  54         testConfig *tls.Config
  55         srvCAFile  string // Name of file with broker's CA certificate, PEM format
  56 )
  57
  58 func init() {
  59         flag.StringVar(&srvCAFile, "srvCAFile", "DUMMY", "Name of file with broker CA certificate")
  60 }
  61
  62 // Connect to a STOMP broker using TLS and disconnect.
  63 func main() {
  64         log.Println(exampid, "starts ...")
  65
  66         flag.Parse() // Parse flags
  67
  68         log.Println(exampid, "using srvCAFile", srvCAFile)
  69
  70         // TLS Configuration.
  71         testConfig = new(tls.Config)
  72         testConfig.InsecureSkipVerify = false // *Do* check the broker's certificate
  73
  74         // Get host and port
  75         h, p := sngecomm.HostAndPort()
  76         log.Println(exampid, "host", h, "port", p)
  77
  78         // Be polite, allow SNI (Server Virtual Hosting)
  79         testConfig.ServerName = h
  80
  81         // Finish TLS Config initialization, so client can authenticate broker.
  82         b, e := ioutil.ReadFile(srvCAFile) // Read broker's CA cert (PEM)
  83         if e != nil {
  84                 log.Fatalln(e)
  85         }
  86         k, _ := pem.Decode(b) // Decode PEM format
  87         if e != nil {
  88                 log.Fatalln(e)
  89         }
  90         //
  91         c, e := x509.ParseCertificate(k.Bytes) // Create *x509.Certificate
  92         if e != nil {
  93                 log.Fatalln(e)
  94         }
  95         testConfig.RootCAs = x509.NewCertPool() // Create a cert "pool"
  96         testConfig.RootCAs.AddCert(c)           // Add the CA cert to the pool
  97
  98         // Connect logic: use net.Dial and tls.Client
  99         t, e := net.Dial("tcp", net.JoinHostPort(h, p))
 100         if e != nil {
 101                 log.Fatalln(e) // Handle this ......
 102         }
 103         log.Println(exampid, "dial complete ...")
 104         n := tls.Client(t, testConfig)
 105         e = n.Handshake()
 106         if e != nil {
 107                 log.Fatalln(e) // Handle this ......
 108         }
 109         log.Println(exampid, "handshake complete ...")
 110
 111         sngecomm.DumpTLSConfig(exampid, testConfig, n)
 112
 113         // Connect Headers
 114         ch := sngecomm.ConnectHeaders()
 115
 116         // Get a stomp connection.  Parameters are:
 117         // a) the opened net connection
 118         // b) the connect Headers
 119         conn, e := stompngo.Connect(n, ch)
 120         if e != nil {
 121                 log.Fatalln(e) // Handle this ......
 122         }
 123         log.Println(exampid, "stomp connect complete ...")
 124
 125         // *NOTE* your application functionaltiy goes here!
 126
 127         // Polite Stomp disconnects are not required, but highly recommended.
 128         // Empty headers here.
 129         e = conn.Disconnect(stompngo.Headers{})
 130         if e != nil {
 131                 log.Fatalln(e) // Handle this ......
 132         }
 133         log.Println(exampid, "stomp disconnect complete ...")
 134
 135         // Close the net connection.
 136         e = n.Close()
 137         if e != nil {
 138                 log.Fatalln(e) // Handle this ......
 139         }
 140         log.Println(exampid, "network close complete ...")
 141
 142         log.Println(exampid, "ends ...")
 143 }