-
Notifications
You must be signed in to change notification settings - Fork 32
/
server.go
113 lines (98 loc) · 3.31 KB
/
server.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
package main
import (
"crypto/tls"
"crypto/x509"
"fmt"
"io"
"io/ioutil"
"log"
"net/http"
)
func printHeader(r *http.Request) {
log.Print(">>>>>>>>>>>>>>>> Header <<<<<<<<<<<<<<<<")
// Loop over header names
for name, values := range r.Header {
// Loop over all values for the name.
for _, value := range values {
log.Printf("%v:%v", name, value)
}
}
}
func printConnState(state *tls.ConnectionState) {
log.Print(">>>>>>>>>>>>>>>> State <<<<<<<<<<<<<<<<")
log.Printf("Version: %x", state.Version)
log.Printf("HandshakeComplete: %t", state.HandshakeComplete)
log.Printf("DidResume: %t", state.DidResume)
log.Printf("CipherSuite: %x", state.CipherSuite)
log.Printf("NegotiatedProtocol: %s", state.NegotiatedProtocol)
log.Printf("NegotiatedProtocolIsMutual: %t", state.NegotiatedProtocolIsMutual)
log.Print("Certificate chain:")
for i, cert := range state.PeerCertificates {
subject := cert.Subject
issuer := cert.Issuer
log.Printf(" %d s:/C=%v/ST=%v/L=%v/O=%v/OU=%v/CN=%s", i, subject.Country, subject.Province, subject.Locality, subject.Organization, subject.OrganizationalUnit, subject.CommonName)
log.Printf(" i:/C=%v/ST=%v/L=%v/O=%v/OU=%v/CN=%s", issuer.Country, issuer.Province, issuer.Locality, issuer.Organization, issuer.OrganizationalUnit, issuer.CommonName)
}
}
func helloHandler(w http.ResponseWriter, r *http.Request) {
printHeader(r)
if r.TLS != nil {
printConnState(r.TLS)
}
log.Print(">>>>>>>>>>>>>>>>> End <<<<<<<<<<<<<<<<<<")
fmt.Println("")
// Write "Hello, world!" to the response body
io.WriteString(w, "Hello, world!\n")
}
func main() {
port := 8080
sslPort := 8443
// Set up a /hello resource handler
handler := http.NewServeMux()
handler.HandleFunc("/hello", helloHandler)
// Listen to port 8080 and wait
go func() {
server := http.Server{
Addr: fmt.Sprintf(":%d", port),
Handler: handler,
}
fmt.Printf("(HTTP) Listen on :%d\n", port)
if err := server.ListenAndServe(); err != nil {
log.Fatalf("(HTTP) error listening to port: %v", err)
}
}()
// load CA certificate file and add it to list of client CAs
caCertFile, err := ioutil.ReadFile("./certs/ca.crt")
if err != nil {
log.Fatalf("error reading CA certificate: %v", err)
}
caCertPool := x509.NewCertPool()
caCertPool.AppendCertsFromPEM(caCertFile)
// Create the TLS Config with the CA pool and enable Client certificate validation
tlsConfig := &tls.Config{
ClientCAs: caCertPool,
ClientAuth: tls.RequireAndVerifyClientCert,
MinVersion: tls.VersionTLS12,
CurvePreferences: []tls.CurveID{tls.CurveP521, tls.CurveP384, tls.CurveP256},
PreferServerCipherSuites: true,
CipherSuites: []uint16{
tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
tls.TLS_RSA_WITH_AES_256_CBC_SHA,
tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
},
}
tlsConfig.BuildNameToCertificate()
// serve on port 8443 of local host
server := http.Server{
Addr: fmt.Sprintf(":%d", sslPort),
Handler: handler,
TLSConfig: tlsConfig,
}
fmt.Printf("(HTTPS) Listen on :%d\n", sslPort)
if err := server.ListenAndServeTLS("./certs/server.crt", "./certs/server.key"); err != nil {
log.Fatalf("(HTTPS) error listening to port: %v", err)
}
}