aboutsummaryrefslogtreecommitdiff
path: root/osp/go/quic.go
blob: 1ec2224c5f5f1e410b27a35cf517e082533bf7e1 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85

// Copyright 2018 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

package osp

// TODO(jophba):
// - avoid NetworkIdleTimeout
// - make a client object that can send and receive more than one stream
// - make a server object that can send and receive more than one stream

import (
	"context"
	"crypto/rand"
	"crypto/rsa"
	"crypto/tls"
	"crypto/x509"
	"encoding/pem"
	"fmt"
	"io"
	"log"
	"math/big"

	quic "github.com/lucas-clemente/quic-go"
)

func GenerateTlsCert() (*tls.Certificate, error) {
	key, err := rsa.GenerateKey(rand.Reader, 1024)
	if err != nil {
		return nil, err
	}
	template := x509.Certificate{SerialNumber: big.NewInt(1)}
	certDER, err := x509.CreateCertificate(rand.Reader, &template, &template, &key.PublicKey, key)
	if err != nil {
		return nil, err
	}
	keyPEM := pem.EncodeToMemory(&pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(key)})
	certPEM := pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: certDER})

	tlsCert, err := tls.X509KeyPair(certPEM, keyPEM)
	if err != nil {
		return nil, err
	}
	return &tlsCert, nil
}

func readAllStreams(ctx context.Context, session quic.Session, streams chan<- io.ReadWriteCloser) {
	for !done(ctx) {
		stream, err := session.AcceptStream()
		if err != nil && !done(ctx) {
			log.Println("Failed to accept stream with QUIC", err.Error())
		}
		streams <- stream
	}
}

// Returns a quic.Session object with a .OpenStreamSync method to send streams
func DialAsQuicClient(ctx context.Context, hostname string, port int) (quic.Session, error) {
	// TODO(jophba): Change InsecureSkipVerify
	tlsConfig := &tls.Config{InsecureSkipVerify: true}
	addr := fmt.Sprintf("%s:%d", hostname, port)
	session, err := quic.DialAddrContext(ctx, addr, tlsConfig, nil)
	return session, err
}

// Reads in streams
func RunQuicServer(ctx context.Context, port int, cert tls.Certificate, streams chan<- io.ReadWriteCloser) error {
	addr := fmt.Sprintf(":%d", port)
	tlsConfig := &tls.Config{Certificates: []tls.Certificate{cert}}
	listener, err := quic.ListenAddr(addr, tlsConfig, nil)
	if err != nil {
		return err
	}
	go func() {
		waitUntilDone(ctx)
		listener.Close()
	}()
	for {
		session, err := listener.Accept()
		if err != nil && !done(ctx) {
			log.Println("Failed to accept session with QUIC:", err.Error())
		}
		go readAllStreams(ctx, session, streams)
	}
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-10 07:54:16 +0000