2021-12-15 13:12:17 +00:00
|
|
|
//go:build !no_namecoin_tls
|
2019-10-04 03:10:40 +00:00
|
|
|
// +build !no_namecoin_tls
|
|
|
|
|
|
2015-11-12 05:18:02 +00:00
|
|
|
package tlshook
|
|
|
|
|
|
|
|
|
|
import (
|
2017-11-04 08:00:09 +00:00
|
|
|
"github.com/hlandau/xlog"
|
2015-11-12 05:18:02 +00:00
|
|
|
"github.com/namecoin/ncdns/certdehydrate"
|
|
|
|
|
"github.com/namecoin/ncdns/certinject"
|
|
|
|
|
"github.com/namecoin/ncdns/ncdomain"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
var log, Log = xlog.New("ncdns.tlshook")
|
|
|
|
|
|
|
|
|
|
func DomainValueHookTLS(qname string, ncv *ncdomain.Value) (err error) {
|
2017-11-04 08:00:09 +00:00
|
|
|
|
2015-11-12 05:18:02 +00:00
|
|
|
log.Info("Intercepted a Value for ", qname)
|
|
|
|
|
if protocol, ok := ncv.Map["_tcp"]; ok { // TODO: look into allowing non-TCP protocols
|
|
|
|
|
log.Info("Saw a request with TCP")
|
|
|
|
|
if port, ok := protocol.Map["_443"]; ok { // TODO: check all ports, not just 443
|
|
|
|
|
log.Info("Saw a request with TCP port 443")
|
2017-11-04 08:00:09 +00:00
|
|
|
|
2015-11-12 05:18:02 +00:00
|
|
|
// For dehydrated certificates
|
|
|
|
|
if len(port.TLSAGenerated) > 0 {
|
2017-11-04 08:00:09 +00:00
|
|
|
|
2015-11-12 05:18:02 +00:00
|
|
|
log.Info("Just saw a TLS port 443 capable domain request for ", qname, "!")
|
2017-11-04 08:00:09 +00:00
|
|
|
|
2015-11-12 05:18:02 +00:00
|
|
|
for index, cert := range port.TLSAGenerated {
|
2017-11-04 08:00:09 +00:00
|
|
|
|
2015-11-12 05:18:02 +00:00
|
|
|
log.Info("Using dehydrated certificate # ", index)
|
2017-11-04 08:00:09 +00:00
|
|
|
|
2015-11-12 05:18:02 +00:00
|
|
|
template := cert
|
2017-11-04 08:00:09 +00:00
|
|
|
|
2017-07-28 02:48:44 +00:00
|
|
|
var derBytes []byte
|
2017-11-04 08:00:09 +00:00
|
|
|
|
2017-07-28 02:48:44 +00:00
|
|
|
derBytes, err = certdehydrate.FillRehydratedCertTemplate(template, qname)
|
2015-11-12 05:18:02 +00:00
|
|
|
if err != nil {
|
|
|
|
|
log.Info("Failed to create certificate: ", err)
|
|
|
|
|
continue
|
|
|
|
|
}
|
2017-11-04 08:00:09 +00:00
|
|
|
|
2015-11-12 05:18:02 +00:00
|
|
|
// TODO: check return value
|
|
|
|
|
certinject.InjectCert(derBytes)
|
2017-11-04 08:00:09 +00:00
|
|
|
|
2015-11-12 05:18:02 +00:00
|
|
|
}
|
2017-11-04 08:00:09 +00:00
|
|
|
|
2015-11-12 05:18:02 +00:00
|
|
|
}
|
2017-11-04 08:00:09 +00:00
|
|
|
|
2017-07-21 04:53:12 +00:00
|
|
|
// TODO: support non-dehydrated certificates
|
2015-11-12 05:18:02 +00:00
|
|
|
}
|
|
|
|
|
}
|
2017-11-04 08:00:09 +00:00
|
|
|
|
2015-11-12 05:18:02 +00:00
|
|
|
// remove any certs that aren't valid anymore
|
|
|
|
|
certinject.CleanCerts()
|
2017-11-04 08:00:09 +00:00
|
|
|
|
2015-11-12 05:18:02 +00:00
|
|
|
err = nil
|
2017-11-04 08:00:09 +00:00
|
|
|
|
2015-11-12 05:18:02 +00:00
|
|
|
return
|
|
|
|
|
|
2017-11-04 08:00:09 +00:00
|
|
|
}
|
