tlsexamps/tlsuc3/tlsuc3.go

   1 //
   2 // Copyright © 2013-2018 Guy M. Allard
   3 //
   4 // Licensed under the Apache License, Version 2.0 (the "License");
   5 // you may not use this file except in compliance with the License.
   6 // You may obtain a copy of the License at
   7 //
   8 //     http://www.apache.org/licenses/LICENSE-2.0
   9 //
  10 // Unless required by applicable law or agreed to in writing, software
  11 // distributed under the License is distributed on an "AS IS" BASIS,
  12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13 // See the License for the specific language governing permissions and
  14 // limitations under the License.
  15 //
  16
  17 /*
  18 Connect and Disconnect from a STOMP broker with a TLS connection, use case 3.
  19
  20         TLS Use Case 3 - broker *does* authenticate client, client does *not* authenticate broker
  21
  22         Subcase 3.A - Message broker configuration does *not* require client authentication
  23
  24         - Expect connection success
  25
  26         Subcase 3.B - Message broker configuration *does* require client authentication
  27
  28         - Expect connection success if the broker can authenticate the client certificate
  29
  30         Example use might be:
  31
  32                 go build
  33                 STOMP_PORT=61611 ./tlsuc3 -cliCertFile=/ad3/gma/sslwork/2016-02/client.crt -cliKeyFile=/ad3/gma/sslwork/2016-02/client.key
  34
  35 */
  36 package main
  37
  38 import (
  39         "crypto/tls"
  40         "flag"
  41         "log"
  42         "os"
  43         "time"
  44         // senv methods could be used in general by stompngo clients.
  45         "github.com/gmallard/stompngo/senv"
  46         // sngecomm methods are used specifically for these example clients.
  47         "github.com/gmallard/stompngo_examples/sngecomm"
  48 )
  49
  50 var (
  51         exampid     = "tlsuc3:"
  52         tc          *tls.Config
  53         cliCertFile string
  54         cliKeyFile  string
  55         ll          = log.New(os.Stdout, "TLSU3 ", log.Ldate|log.Lmicroseconds|log.Lshortfile)
  56
  57         tag = "tuc3main"
  58 )
  59
  60 func init() {
  61         flag.StringVar(&cliCertFile, "cliCertFile", "DUMMY_CERT", "Name of client cert file")
  62         flag.StringVar(&cliKeyFile, "cliKeyFile", "DUMMY_KEY", "Name of client key file")
  63 }
  64
  65 // Connect to a STOMP broker using TLS and disconnect.
  66 func main() {
  67
  68         st := time.Now()
  69
  70         ll.Printf("%stag:%s connsess:%s starts\n",
  71                 exampid, tag, sngecomm.Lcs)
  72
  73         flag.Parse() // Parse flags
  74         ll.Printf("%stag:%s connsess:%s main_using_cliCertFile:%s\n",
  75                 exampid, tag, sngecomm.Lcs,
  76                 cliCertFile)
  77         ll.Printf("%stag:%s connsess:%s main_using_cliKeyFile:%s\n",
  78                 exampid, tag, sngecomm.Lcs,
  79                 cliKeyFile)
  80
  81         // TLS Configuration.
  82         tc = new(tls.Config)
  83         tc.InsecureSkipVerify = true // Do *not* check the broker's certificate
  84         // Be polite, allow SNI (Server Virtual Hosting)
  85         tc.ServerName = senv.Host()
  86
  87         // Usually one will use the default cipher suites that go provides.
  88         // However, if a custom cipher squite list is needed/required this
  89         // is how it is accomplished.
  90         if sngecomm.UseCustomCiphers() { // Set custom cipher suite list
  91                 tc.CipherSuites = append(tc.CipherSuites, sngecomm.CustomCiphers()...)
  92         }
  93
  94         // Finish TLS Config initialization, so broker can authenticate client.
  95         // cc -> tls.Certificate
  96         cc, e := tls.LoadX509KeyPair(cliCertFile, cliKeyFile)
  97         if e != nil {
  98                 ll.Fatalf("%stag:%s connsess:%s main_load_pair error:%v",
  99                         exampid, tag, sngecomm.Lcs,
 100                         e.Error()) // Handle this ......
 101         }
 102         // Add cert to config
 103         tc.Certificates = append(tc.Certificates, cc)
 104         // This is OK, but does not seem to be required
 105         tc.BuildNameToCertificate() // Build names map
 106
 107         // Standard example TLS connect sequence
 108         n, conn, e := sngecomm.CommonTLSConnect(exampid, tag, ll, tc)
 109         if e != nil {
 110                 ll.Fatalf("%stag:%s connsess:%s main_on_connect error:%v",
 111                         exampid, tag, sngecomm.Lcs,
 112                         e.Error()) // Handle this ......
 113         }
 114
 115         nc := n.(*tls.Conn)
 116         sngecomm.DumpTLSConfig(exampid, tc, nc)
 117
 118         // *NOTE* application specific functionaltiy starts here!
 119         // For you to add.
 120         // *NOTE* application specific functionaltiy ends here!
 121
 122         // Standard example disconnect sequence
 123         e = sngecomm.CommonDisconnect(n, conn, exampid, tag, ll)
 124         if e != nil {
 125                 ll.Fatalf("%s %s\n", exampid, e.Error()) // Handle this ......
 126         }
 127
 128         ll.Printf("%stag:%s connsess:%s main_elapsed:%v\n",
 129                 exampid, tag, conn.Session(),
 130                 time.Now().Sub(st))
 131
 132 }