mike/chronoscope
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
ee863033eb
chronoscope/lib/chronoscope/nts/key_establishment_client.ex

69 lines
2.1 KiB
Elixir
Raw Blame History

defmodule Chronoscope.NTS.KeyEstablishmentClient do
require Logger
alias Chronoscope.NTS.Certificate
alias Chronoscope.NTS.KeyEstablishmentRequest
alias Chronoscope.NTS.KeyEstablishmentResponse
@timeout_in_milliseconds 3000
def key_establishment(%{host: host, port: port}) do
case ssl_connect(host, port) do
{:ok, socket} -> perform_key_establishment(socket)
{:error, {:tls_alert, {:handshake_failure, error}}} -> handshake_failure_message("#{error}")
{:error, {:tls_alert, {:no_application_protocol, error}}} -> {:error, String.trim("#{error}")}
{:error, :timeout} -> {:error, :timeout}
{:error, error} -> {:error, inspect(error)}
error -> {:error, inspect(error)}
end
end
defp ssl_connect(host, port) do
host
|> String.to_charlist()
|> :ssl.connect(port, tls_options(host), @timeout_in_milliseconds)
end
defp tls_options(host) do
host
|> :tls_certificate_check.options()
|> Keyword.put(:alpn_advertised_protocols, ["ntske/1"])
end
defp perform_key_establishment(socket) do
:ok = :ssl.send(socket, KeyEstablishmentRequest.create())
{:ok, peercert} = :ssl.peercert(socket)
receive do
{:ssl, _socket, response} ->
:ssl.close(socket)
case KeyEstablishmentResponse.parse(response) do
{:ok, parsed_response} -> {:ok, Map.put(parsed_response, :cert_expiration, Certificate.expiration_date(peercert))}
# todo - indicate errors in server response
error -> error
end
msg ->
:ssl.close(socket)
Logger.error("received unexpected message: #{inspect(msg)}")
{:error, :no_response}
after
@timeout_in_milliseconds ->
:ssl.close(socket)
Logger.error("timed out waiting for response")
{:error, :timeout}
end
end
defp handshake_failure_message(error) do
cond do
error =~ ~r/\{bad_cert,hostname_check_failed\}$/ ->
{:error, "The certificate is NOT trusted. The name in the certificate does not match the expected."}
true ->
{:error, String.trim(error)}
end
end
end
Reference in New Issue View Git Blame Copy Permalink