tlsexamps/tlsuc2/tlsuc2.go

   1 //
   2 // Copyright © 2013-2016 Guy M. Allard
   3 //
   4 // Licensed under the Apache License, Version 2.0 (the "License");
   5 // you may not use this file except in compliance with the License.
   6 // You may obtain a copy of the License at
   7 //
   8 //     http://www.apache.org/licenses/LICENSE-2.0
   9 //
  10 // Unless required by applicable law or agreed to in writing, software
  11 // distributed under the License is distributed on an "AS IS" BASIS,
  12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13 // See the License for the specific language governing permissions and
  14 // limitations under the License.
  15 //
  16
  17 /*
  18 Connect and Disconnect from a STOMP broker with a TLS connection, use case 2.
  19
  20         TLS Use Case 2 - client *does* authenticate broker.
  21
  22         Subcase 2.A - Message broker configuration does *not* require client authentication
  23
  24                 - Expect connection success because  the client did authenticate the
  25                 broker's certificate.
  26
  27         Subcase 2.B - Message broker configuration *does* require client authentication
  28
  29         - Expect connection failure (broker must be sent a valid client certificate)
  30
  31         Example use might be:
  32
  33                 go build
  34                 ./tlsuc2 -srvCAFile=/ad3/gma/sslwork/2013/TestCA.crt # PEM format file
  35
  36 */
  37 package main
  38
  39 import (
  40         "crypto/tls"
  41         "crypto/x509"
  42         "encoding/pem"
  43         "flag"
  44         "io/ioutil"
  45         "log"
  46         "os"
  47         "time"
  48         //
  49         "github.com/gmallard/stompngo/senv"
  50         // sngecomm methods are used specifically for these example clients.
  51         "github.com/gmallard/stompngo_examples/sngecomm"
  52 )
  53
  54 var (
  55         exampid   = "tlsuc2: "
  56         tc        *tls.Config
  57         srvCAFile string // Name of file with broker's CA certificate, PEM format
  58
  59         ll = log.New(os.Stdout, "TLSU2 ", log.Ldate|log.Lmicroseconds|log.Lshortfile)
  60
  61         tag = "tuc2main"
  62 )
  63
  64 func init() {
  65         flag.StringVar(&srvCAFile, "srvCAFile", "DUMMY", "Name of file with broker CA certificate")
  66 }
  67
  68 // Connect to a STOMP broker using TLS and disconnect.
  69 func main() {
  70
  71         st := time.Now()
  72
  73         ll.Printf("%stag:%s connsess:%s starts\n",
  74                 exampid, tag, sngecomm.Lcs)
  75
  76         flag.Parse() // Parse flags
  77         ll.Printf("%stag:%s connsess:%s main_using_srvCAFile:%s\n",
  78                 exampid, tag, sngecomm.Lcs,
  79                 srvCAFile)
  80
  81         // TLS Configuration.
  82         tc = new(tls.Config)
  83         tc.InsecureSkipVerify = false // *Do* check the broker's certificate
  84         // Be polite, allow SNI (Server Virtual Hosting)
  85         tc.ServerName = senv.Host()
  86         // Finish TLS Config initialization, so client can authenticate broker.
  87         b, e := ioutil.ReadFile(srvCAFile) // Read broker's CA cert (PEM)
  88         if e != nil {
  89                 ll.Fatalf("%stag:%s connsess:%s main_read_file error:%v",
  90                         exampid, tag, sngecomm.Lcs,
  91                         e.Error()) // Handle this ......
  92         }
  93         k, _ := pem.Decode(b) // Decode PEM format (*pem.Block)
  94         if k == nil {
  95                 ll.Fatalf("%stag:%s connsess:%s main_decode error:%v",
  96                         exampid, tag, sngecomm.Lcs,
  97                         e.Error()) // Handle this ......
  98         }
  99         c, e := x509.ParseCertificate(k.Bytes) // Create *x509.Certificate
 100         if e != nil {
 101                 ll.Fatalf("%stag:%s connsess:%s main_parse_cert error:%v",
 102                         exampid, tag, sngecomm.Lcs,
 103                         e.Error()) // Handle this ......
 104         }
 105
 106         tc.RootCAs = x509.NewCertPool() // Create a cert "pool"
 107         tc.RootCAs.AddCert(c)           // Add the CA cert to the pool
 108
 109         // Standard example TLS connect sequence
 110         n, conn, e := sngecomm.CommonTLSConnect(exampid, tag, ll, tc)
 111         if e != nil {
 112                 ll.Fatalf("%stag:%s connsess:%s main_on_connect error:%v",
 113                         exampid, tag, sngecomm.Lcs,
 114                         e.Error()) // Handle this ......
 115         }
 116
 117         nc := n.(*tls.Conn)
 118         sngecomm.DumpTLSConfig(exampid, tc, nc)
 119
 120         // *NOTE* application specific functionaltiy starts here!
 121         // For you to add.
 122         // *NOTE* application specific functionaltiy ends here!
 123
 124         // Standard example disconnect sequence
 125         e = sngecomm.CommonDisconnect(n, conn, exampid, tag, ll)
 126         if e != nil {
 127                 ll.Fatalf("%s %s\n", exampid, e.Error()) // Handle this ......
 128         }
 129
 130         ll.Printf("%stag:%s connsess:%s main_elapsed:%v\n",
 131                 exampid, tag, conn.Session(),
 132                 time.Now().Sub(st))
 133
 134 }