|
@@ -6,11 +6,20 @@ package irc
|
6
|
6
|
|
7
|
7
|
import (
|
8
|
8
|
"bufio"
|
|
9
|
+ "crypto/sha256"
|
|
10
|
+ "crypto/tls"
|
|
11
|
+ "encoding/hex"
|
|
12
|
+ "errors"
|
9
|
13
|
"io"
|
10
|
14
|
"net"
|
11
|
15
|
"strings"
|
12
|
16
|
)
|
13
|
17
|
|
|
18
|
+var (
|
|
19
|
+ errNotTls = errors.New("Not a TLS connection")
|
|
20
|
+ errNoPeerCerts = errors.New("Client did not provide a certificate")
|
|
21
|
+)
|
|
22
|
+
|
14
|
23
|
// Socket represents an IRC socket.
|
15
|
24
|
type Socket struct {
|
16
|
25
|
Closed bool
|
|
@@ -35,6 +44,24 @@ func (socket *Socket) Close() {
|
35
|
44
|
socket.conn.Close()
|
36
|
45
|
}
|
37
|
46
|
|
|
47
|
+// CertFP returns the fingerprint of the certificate provided by the client.
|
|
48
|
+func (socket *Socket) CertFP() (string, error) {
|
|
49
|
+ var tlsConn, isTLS = socket.conn.(*tls.Conn)
|
|
50
|
+ if !isTLS {
|
|
51
|
+ return "", errNotTls
|
|
52
|
+ }
|
|
53
|
+
|
|
54
|
+ peerCerts := tlsConn.ConnectionState().PeerCertificates
|
|
55
|
+ if len(peerCerts) < 1 {
|
|
56
|
+ return "", errNoPeerCerts
|
|
57
|
+ }
|
|
58
|
+
|
|
59
|
+ rawCert := sha256.Sum256(peerCerts[0].Raw)
|
|
60
|
+ fingerprint := hex.EncodeToString(rawCert[:])
|
|
61
|
+
|
|
62
|
+ return fingerprint, nil
|
|
63
|
+}
|
|
64
|
+
|
38
|
65
|
// Read returns a single IRC line from a Socket.
|
39
|
66
|
func (socket *Socket) Read() (string, error) {
|
40
|
67
|
if socket.Closed {
|