1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
|
// Copyright 2009 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
// This package partially implements the TLS 1.1 protocol, as specified in RFC 4346.
package tls
import (
"io"
"os"
"net"
"time"
)
// A Conn represents a secure connection.
type Conn struct {
net.Conn
writeChan chan<- []byte
readChan <-chan []byte
requestChan chan<- interface{}
readBuf []byte
eof bool
readTimeout, writeTimeout int64
}
func timeout(c chan<- bool, nsecs int64) {
time.Sleep(nsecs)
c <- true
}
func (tls *Conn) Read(p []byte) (int, os.Error) {
if len(tls.readBuf) == 0 {
if tls.eof {
return 0, os.EOF
}
var timeoutChan chan bool
if tls.readTimeout > 0 {
timeoutChan = make(chan bool)
go timeout(timeoutChan, tls.readTimeout)
}
select {
case b := <-tls.readChan:
tls.readBuf = b
case <-timeoutChan:
return 0, os.EAGAIN
}
// TLS distinguishes between orderly closes and truncations. An
// orderly close is represented by a zero length slice.
if closed(tls.readChan) {
return 0, io.ErrUnexpectedEOF
}
if len(tls.readBuf) == 0 {
tls.eof = true
return 0, os.EOF
}
}
n := copy(p, tls.readBuf)
tls.readBuf = tls.readBuf[n:]
return n, nil
}
func (tls *Conn) Write(p []byte) (int, os.Error) {
if tls.eof || closed(tls.readChan) {
return 0, os.EOF
}
var timeoutChan chan bool
if tls.writeTimeout > 0 {
timeoutChan = make(chan bool)
go timeout(timeoutChan, tls.writeTimeout)
}
select {
case tls.writeChan <- p:
case <-timeoutChan:
return 0, os.EAGAIN
}
return len(p), nil
}
func (tls *Conn) Close() os.Error {
close(tls.writeChan)
close(tls.requestChan)
tls.eof = true
return nil
}
func (tls *Conn) SetTimeout(nsec int64) os.Error {
tls.readTimeout = nsec
tls.writeTimeout = nsec
return nil
}
func (tls *Conn) SetReadTimeout(nsec int64) os.Error {
tls.readTimeout = nsec
return nil
}
func (tls *Conn) SetWriteTimeout(nsec int64) os.Error {
tls.writeTimeout = nsec
return nil
}
func (tls *Conn) GetConnectionState() ConnectionState {
replyChan := make(chan ConnectionState)
tls.requestChan <- getConnectionState{replyChan}
return <-replyChan
}
func (tls *Conn) WaitConnectionState() ConnectionState {
replyChan := make(chan ConnectionState)
tls.requestChan <- waitConnectionState{replyChan}
return <-replyChan
}
type handshaker interface {
loop(writeChan chan<- interface{}, controlChan chan<- interface{}, msgChan <-chan interface{}, config *Config)
}
// Server establishes a secure connection over the given connection and acts
// as a TLS server.
func startTLSGoroutines(conn net.Conn, h handshaker, config *Config) *Conn {
tls := new(Conn)
tls.Conn = conn
writeChan := make(chan []byte)
readChan := make(chan []byte)
requestChan := make(chan interface{})
tls.writeChan = writeChan
tls.readChan = readChan
tls.requestChan = requestChan
handshakeWriterChan := make(chan interface{})
processorHandshakeChan := make(chan interface{})
handshakeProcessorChan := make(chan interface{})
readerProcessorChan := make(chan *record)
go new(recordWriter).loop(conn, writeChan, handshakeWriterChan)
go recordReader(readerProcessorChan, conn)
go new(recordProcessor).loop(readChan, requestChan, handshakeProcessorChan, readerProcessorChan, processorHandshakeChan)
go h.loop(handshakeWriterChan, handshakeProcessorChan, processorHandshakeChan, config)
return tls
}
func Server(conn net.Conn, config *Config) *Conn {
return startTLSGoroutines(conn, new(serverHandshake), config)
}
func Client(conn net.Conn, config *Config) *Conn {
return startTLSGoroutines(conn, new(clientHandshake), config)
}
type Listener struct {
listener net.Listener
config *Config
}
func (l *Listener) Accept() (c net.Conn, err os.Error) {
c, err = l.listener.Accept()
if err != nil {
return
}
c = Server(c, l.config)
return
}
func (l *Listener) Close() os.Error { return l.listener.Close() }
func (l *Listener) Addr() net.Addr { return l.listener.Addr() }
// NewListener creates a Listener which accepts connections from an inner
// Listener and wraps each connection with Server.
func NewListener(listener net.Listener, config *Config) (l *Listener) {
l = new(Listener)
l.listener = listener
l.config = config
return
}
|
