add list-ciphers option

2021-02-26 09:09:55 +02:00 · 2021-02-26 09:09:55 +02:00 · 0725d27faf
parent 6dd28baf6b
commit 0725d27faf
6 changed files with 510 additions and 498 deletions
--- a/auth.go
+++ b/auth.go
@ -1,16 +1,16 @@
 package main

 import (
-    "os"
+	"bufio"
+	"crypto/subtle"
+	"encoding/base64"
+	"errors"
+	"golang.org/x/crypto/bcrypt"
 	"net/http"
 	"net/url"
-    "errors"
-    "strings"
+	"os"
 	"strconv"
-    "encoding/base64"
-    "crypto/subtle"
-    "golang.org/x/crypto/bcrypt"
-    "bufio"
+	"strings"
 )

 const AUTH_REQUIRED_MSG = "Proxy authentication required.\n"
@ -182,14 +182,13 @@ func (auth *BasicAuth) Validate(wr http.ResponseWriter, req *http.Request) bool
 	return false
 }

-type NoAuth struct {}
+type NoAuth struct{}

 func (_ NoAuth) Validate(wr http.ResponseWriter, req *http.Request) bool {
 	return true
 }

-
-type CertAuth struct {}
+type CertAuth struct{}

 func (_ CertAuth) Validate(wr http.ResponseWriter, req *http.Request) bool {
 	if req.TLS == nil || len(req.TLS.VerifiedChains) < 1 {
--- a/condlog.go
+++ b/condlog.go
@ -1,8 +1,8 @@
 package main

 import (
-    "log"
 	"fmt"
+	"log"
 )

 const (
@ -34,23 +34,23 @@ func (cl *CondLogger) log(verb int, format string, v ...interface{}) error {
 }

 func (cl *CondLogger) Critical(s string, v ...interface{}) error {
-    return cl.log(CRITICAL, "CRITICAL " + s, v...)
+	return cl.log(CRITICAL, "CRITICAL "+s, v...)
 }

 func (cl *CondLogger) Error(s string, v ...interface{}) error {
-    return cl.log(ERROR, "ERROR    " + s, v...)
+	return cl.log(ERROR, "ERROR    "+s, v...)
 }

 func (cl *CondLogger) Warning(s string, v ...interface{}) error {
-    return cl.log(WARNING, "WARNING  " + s, v...)
+	return cl.log(WARNING, "WARNING  "+s, v...)
 }

 func (cl *CondLogger) Info(s string, v ...interface{}) error {
-    return cl.log(INFO, "INFO     " + s, v...)
+	return cl.log(INFO, "INFO     "+s, v...)
 }

 func (cl *CondLogger) Debug(s string, v ...interface{}) error {
-    return cl.log(DEBUG, "DEBUG    " + s, v...)
+	return cl.log(DEBUG, "DEBUG    "+s, v...)
 }

 func NewCondLogger(logger *log.Logger, verbosity int) *CondLogger {
--- a/handler.go
+++ b/handler.go
@ -1,13 +1,13 @@
 package main

 import (
-    "net"
+	"context"
 	"fmt"
-    "time"
+	"net"
 	"net/http"
 	"strings"
-    "context"
 	"sync"
+	"time"
 )

 type ProxyHandler struct {
@ -108,8 +108,8 @@ func (s *ProxyHandler) isLoopback(req *http.Request) (string, bool) {
 func (s *ProxyHandler) ServeHTTP(wr http.ResponseWriter, req *http.Request) {
 	s.logger.Info("Request: %v %v %v %v", req.RemoteAddr, req.Proto, req.Method, req.URL)

-    if originator, isLoopback := s.isLoopback(req) ; isLoopback {
-        s.logger.Critical("Loopback tunnel detected: %s is an outbound " +
+	if originator, isLoopback := s.isLoopback(req); isLoopback {
+		s.logger.Critical("Loopback tunnel detected: %s is an outbound "+
 			"address for another request from %s", req.RemoteAddr, originator)
 		http.Error(wr, BAD_REQ_MSG, http.StatusBadRequest)
 		return
--- a/logwriter.go
+++ b/logwriter.go
@ -1,8 +1,8 @@
 package main

 import (
-    "io"
 	"errors"
+	"io"
 	"time"
 )

--- a/main.go
+++ b/main.go
@ -1,12 +1,13 @@
 package main

 import (
-    "log"
-    "os"
-    "fmt"
+	"crypto/tls"
 	"flag"
-    "time"
+	"fmt"
+	"log"
 	"net/http"
+	"os"
+	"time"
 )

 func perror(msg string) {
@ -27,19 +28,26 @@ type CLIArgs struct {
 	verbosity         int
 	timeout           time.Duration
 	cert, key, cafile string
+	list_suites       bool
 }

+func list_suites() {
+	for _, cipher := range tls.CipherSuites() {
+		fmt.Println(cipher.Name)
+	}
+}

 func parse_args() CLIArgs {
 	var args CLIArgs
 	flag.StringVar(&args.bind_address, "bind-address", ":8080", "HTTP proxy listen address")
 	flag.StringVar(&args.auth, "auth", "none://", "auth parameters")
-    flag.IntVar(&args.verbosity, "verbosity", 20, "logging verbosity " +
+	flag.IntVar(&args.verbosity, "verbosity", 20, "logging verbosity "+
 		"(10 - debug, 20 - info, 30 - warning, 40 - error, 50 - critical)")
-    flag.DurationVar(&args.timeout, "timeout", 10 * time.Second, "timeout for network operations")
+	flag.DurationVar(&args.timeout, "timeout", 10*time.Second, "timeout for network operations")
 	flag.StringVar(&args.cert, "cert", "", "enable TLS and use certificate")
 	flag.StringVar(&args.key, "key", "", "key for TLS certificate")
 	flag.StringVar(&args.cafile, "cafile", "", "CA file to authenticate clients with certificates")
+	flag.BoolVar(&args.list_suites, "list-ciphers", false, "list ciphersuites")
 	flag.Parse()
 	return args
 }
@ -47,14 +55,19 @@ func parse_args() CLIArgs {
 func run() int {
 	args := parse_args()

+	if args.list_suites {
+		list_suites()
+		return 0
+	}
+
 	logWriter := NewLogWriter(os.Stderr)
 	defer logWriter.Close()

 	mainLogger := NewCondLogger(log.New(logWriter, "MAIN    : ",
-                                log.LstdFlags | log.Lshortfile),
+		log.LstdFlags|log.Lshortfile),
 		args.verbosity)
 	proxyLogger := NewCondLogger(log.New(logWriter, "PROXY   : ",
-                                log.LstdFlags | log.Lshortfile),
+		log.LstdFlags|log.Lshortfile),
 		args.verbosity)

 	auth, err := NewAuth(args.auth)
@ -66,7 +79,7 @@ func run() int {
 	server := http.Server{
 		Addr:              args.bind_address,
 		Handler:           NewProxyHandler(args.timeout, auth, proxyLogger),
-        ErrorLog: log.New(logWriter, "HTTPSRV : ", log.LstdFlags | log.Lshortfile),
+		ErrorLog:          log.New(logWriter, "HTTPSRV : ", log.LstdFlags|log.Lshortfile),
 		ReadTimeout:       0,
 		ReadHeaderTimeout: 0,
 		WriteTimeout:      0,
--- a/utils.go
+++ b/utils.go
@ -1,24 +1,24 @@
 package main

 import (
-    "context"
-    "net"
-    "sync"
-    "io"
-    "time"
-    "errors"
-    "net/http"
 	"bufio"
+	"context"
 	"crypto/tls"
 	"crypto/x509"
+	"errors"
+	"io"
 	"io/ioutil"
+	"net"
+	"net/http"
+	"sync"
+	"time"
 )

 const COPY_BUF = 128 * 1024

 func proxy(ctx context.Context, left, right net.Conn) {
 	wg := sync.WaitGroup{}
-    cpy := func (dst, src net.Conn) {
+	cpy := func(dst, src net.Conn) {
 		defer wg.Done()
 		io.Copy(dst, src)
 		dst.Close()
@ -29,7 +29,7 @@ func proxy(ctx context.Context, left, right net.Conn) {
 	groupdone := make(chan struct{}, 1)
 	go func() {
 		wg.Wait()
-        groupdone <-struct{}{}
+		groupdone <- struct{}{}
 	}()
 	select {
 	case <-ctx.Done():
@ -44,12 +44,12 @@ func proxy(ctx context.Context, left, right net.Conn) {

 func proxyh2(ctx context.Context, leftreader io.ReadCloser, leftwriter io.Writer, right net.Conn) {
 	wg := sync.WaitGroup{}
-    ltr := func (dst net.Conn, src io.Reader) {
+	ltr := func(dst net.Conn, src io.Reader) {
 		defer wg.Done()
 		io.Copy(dst, src)
 		dst.Close()
 	}
-    rtl := func (dst io.Writer, src io.Reader) {
+	rtl := func(dst io.Writer, src io.Reader) {
 		defer wg.Done()
 		copyBody(dst, src)
 	}
@ -59,7 +59,7 @@ func proxyh2(ctx context.Context, leftreader io.ReadCloser, leftwriter io.Writer
 	groupdone := make(chan struct{}, 1)
 	go func() {
 		wg.Wait()
-        groupdone <-struct{}{}
+		groupdone <- struct{}{}
 	}()
 	select {
 	case <-ctx.Done():