gecko/network/upgrader.go

// (c) 2019-2020, Ava Labs, Inc. All rights reserved.
// See the file LICENSE for licensing terms.

package network

import (
	"crypto/tls"
	"errors"
	"net"

	"github.com/ava-labs/gecko/ids"
	"github.com/ava-labs/gecko/utils/hashing"
)

var (
	errNoCert = errors.New("tls handshake finished with no peer certificate")
)

// Upgrader ...
type Upgrader interface {
	// Must be thread safe
	Upgrade(net.Conn) (ids.ShortID, net.Conn, error)
}

type ipUpgrader struct{}

// NewIPUpgrader ...
func NewIPUpgrader() Upgrader { return ipUpgrader{} }

func (ipUpgrader) Upgrade(conn net.Conn) (ids.ShortID, net.Conn, error) {
	addr := conn.RemoteAddr()
	str := addr.String()
	id := ids.NewShortID(hashing.ComputeHash160Array([]byte(str)))
	return id, conn, nil
}

type tlsServerUpgrader struct {
	config *tls.Config
}

// NewTLSServerUpgrader ...
func NewTLSServerUpgrader(config *tls.Config) Upgrader {
	return tlsServerUpgrader{
		config: config,
	}
}

func (t tlsServerUpgrader) Upgrade(conn net.Conn) (ids.ShortID, net.Conn, error) {
	encConn := tls.Server(conn, t.config)
	if err := encConn.Handshake(); err != nil {
		return ids.ShortID{}, nil, err
	}

	connState := encConn.ConnectionState()
	if len(connState.PeerCertificates) == 0 {
		return ids.ShortID{}, nil, errNoCert
	}
	peerCert := connState.PeerCertificates[0]
	id := ids.NewShortID(
		hashing.ComputeHash160Array(
			hashing.ComputeHash256(peerCert.Raw)))
	return id, encConn, nil
}

type tlsClientUpgrader struct {
	config *tls.Config
}

// NewTLSClientUpgrader ...
func NewTLSClientUpgrader(config *tls.Config) Upgrader {
	return tlsClientUpgrader{
		config: config,
	}
}

func (t tlsClientUpgrader) Upgrade(conn net.Conn) (ids.ShortID, net.Conn, error) {
	encConn := tls.Client(conn, t.config)
	if err := encConn.Handshake(); err != nil {
		return ids.ShortID{}, nil, err
	}

	connState := encConn.ConnectionState()
	if len(connState.PeerCertificates) == 0 {
		return ids.ShortID{}, nil, errNoCert
	}
	peerCert := connState.PeerCertificates[0]
	id := ids.NewShortID(
		hashing.ComputeHash160Array(
			hashing.ComputeHash256(peerCert.Raw)))
	return id, encConn, nil
}