Allow self-signed certificates for gemini

2024-05-04 15:06:40 -04:00 · 2024-05-04 15:06:40 -04:00 · fe2000600a
parent 53bfdbd75d
commit fe2000600a
8 changed files with 37 additions and 5 deletions
--- a/lib/chronoscope/gemini/client.ex
+++ b/lib/chronoscope/gemini/client.ex
@ -5,6 +5,7 @@ defmodule Chronoscope.Gemini.Client do
  alias Chronoscope.Gemini.ConnectionClient

  @interval_in_seconds 30
+
  @date_time Application.compile_env(:chronoscope, :date_time, DateTime)

  def start_link(resource: resource, name: name) do
--- a/lib/chronoscope/gemini/connection_client.ex
+++ b/lib/chronoscope/gemini/connection_client.ex
@ -6,6 +6,7 @@ defmodule Chronoscope.Gemini.ConnectionClient do
  alias Chronoscope.Gemini.Response

  @timeout_in_milliseconds 3000
+
  @ssl Application.compile_env(:chronoscope, :ssl, :ssl)

  def connect(%{host: host, port: port, path: _} = resource) do
@ -25,9 +26,24 @@ defmodule Chronoscope.Gemini.ConnectionClient do
    |> @ssl.connect(port, tls_options(host), @timeout_in_milliseconds)
  end

-  defp tls_options(_host) do
-    # TODO
-    []
+  defp tls_options(host) do
+    host
+    |> :tls_certificate_check.options()
+    |> Keyword.put(:verify_fun, {verify_fun(host), nil})
+  end
+
+  defp verify_fun(hostname) do
+    hostname_charlist = String.to_charlist(hostname)
+
+    fn
+      certificate, {:bad_cert, :selfsigned_peer}, _state ->
+        :ssl_verify_hostname.verify_fun(certificate, :valid_peer, check_hostname: hostname_charlist)
+        {:valid, :selfsigned_peer}
+
+      certificate, event, _state ->
+        IO.inspect(event)
+        :ssl_verify_hostname.verify_fun(certificate, event, check_hostname: hostname_charlist)
+    end
  end

  defp make_request(socket, url) do
--- a/lib/chronoscope/nts.ex
+++ b/lib/chronoscope/nts.ex
@ -2,6 +2,7 @@ defmodule Chronoscope.NTS.Behaviour do
  @callback(key_establishment(host :: String.t(), port :: integer()) :: {:ok, Map.t()}, {:error, any()})
 end

+# TODO - create macro
 defmodule Chronoscope.NTS do
  @behaviour Chronoscope.NTS.Behaviour

--- a/lib/chronoscope/nts/client.ex
+++ b/lib/chronoscope/nts/client.ex
@ -5,6 +5,7 @@ defmodule Chronoscope.NTS.Client do
  alias Chronoscope.NTS.KeyEstablishmentClient

  @interval_in_seconds 30
+
  @date_time Application.compile_env(:chronoscope, :date_time, DateTime)

  def start_link(server: server, name: name) do
--- a/lib/chronoscope/nts/key_establishment_client.ex
+++ b/lib/chronoscope/nts/key_establishment_client.ex
@ -6,6 +6,7 @@ defmodule Chronoscope.NTS.KeyEstablishmentClient do
  alias Chronoscope.NTS.KeyEstablishmentResponse

  @timeout_in_milliseconds 3000
+
  @ssl Application.compile_env(:chronoscope, :ssl, :ssl)

  def key_establishment(%{host: host, port: port}) do
@ -35,6 +36,7 @@ defmodule Chronoscope.NTS.KeyEstablishmentClient do
    :ok = @ssl.send(socket, KeyEstablishmentRequest.create())
    {:ok, peercert} = @ssl.peercert(socket)

+    # TODO - refactor?
    receive do
      {:ssl, _socket, response} ->
        @ssl.close(socket)
--- a/lib/chronoscope_web/controllers/api/v1/gemini/connection_controller.ex
+++ b/lib/chronoscope_web/controllers/api/v1/gemini/connection_controller.ex
@ -8,6 +8,7 @@ defmodule ChronoscopeWeb.API.V1.Gemini.ConnectionController do
  @default_port 1965
  @default_path "/"
  @max_host_length 255
+
  @gemini Application.compile_env(:chronoscope, :gemini, Gemini)

  def get(conn, %{"host" => host, "port" => port, "path" => path}) do
@ -23,7 +24,11 @@ defmodule ChronoscopeWeb.API.V1.Gemini.ConnectionController do
  end

  def get(conn, %{"host" => host, "port" => port}) do
-    handle_get(conn, %{host: host, port: port, path: @default_path})
+    try do
+      handle_get(conn, %{host: host, port: String.to_integer(port), path: @default_path})
+    rescue
+      ArgumentError -> bad_request_response(conn, "invalid port")
+    end
  end

  def get(conn, %{"host" => host}) do
--- a/lib/chronoscope_web/controllers/api/v1/health_controller.ex
+++ b/lib/chronoscope_web/controllers/api/v1/health_controller.ex
@ -1,9 +1,14 @@
 defmodule ChronoscopeWeb.API.V1.HealthController do
  use ChronoscopeWeb, :controller

+  alias Chronoscope.Gemini
  alias Chronoscope.NTS

  def get(conn, _params) do
-    json(conn, %{healthy: NTS.healthy?()})
+    json(conn, %{healthy: healthy?()})
+  end
+
+  defp healthy?() do
+    NTS.healthy?() && Gemini.healthy?()
  end
 end
--- a/lib/chronoscope_web/controllers/api/v1/nts/key_establishment_controller.ex
+++ b/lib/chronoscope_web/controllers/api/v1/nts/key_establishment_controller.ex
@ -7,6 +7,7 @@ defmodule ChronoscopeWeb.API.V1.NTS.KeyEstablishmentController do

  @default_port 4460
  @max_host_length 255
+
  @nts Application.compile_env(:chronoscope, :nts, NTS)

  def get(conn, %{"host" => host, "port" => port}) do