api/plugins/tls_interceptor/main.go

package main

import (
	"crypto/tls"
	"fmt"
	"github.com/baez90/inetmock/pkg/api"
	"github.com/baez90/inetmock/pkg/cert"
	"github.com/baez90/inetmock/pkg/config"
	"github.com/baez90/inetmock/pkg/logging"
	"github.com/google/uuid"
	"go.uber.org/zap"
	"net"
	"sync"
	"time"
)

const (
	name = "tls_interceptor"
)

type tlsInterceptor struct {
	options                 tlsOptions
	logger                  logging.Logger
	listener                net.Listener
	certStore               cert.Store
	shutdownRequested       bool
	currentConnectionsCount *sync.WaitGroup
	currentConnections      map[uuid.UUID]*proxyConn
}

func (t *tlsInterceptor) Start(config config.HandlerConfig) (err error) {
	t.options = loadFromConfig(config.Options)
	addr := fmt.Sprintf("%s:%d", config.ListenAddress, config.Port)

	t.logger = t.logger.With(
		zap.String("address", addr),
		zap.String("target", t.options.redirectionTarget.address()),
	)

	if t.listener, err = tls.Listen("tcp", addr, api.ServicesInstance().CertStore().TLSConfig()); err != nil {
		t.logger.Fatal(
			"failed to create tls listener",
			zap.Error(err),
		)
		err = fmt.Errorf(
			"failed to create tls listener: %w",
			err,
		)
		return
	}

	go t.startListener()
	return
}

func (t *tlsInterceptor) Shutdown() (err error) {
	t.logger.Info("Shutting down TLS interceptor")
	t.shutdownRequested = true
	done := make(chan struct{})
	go func() {
		t.currentConnectionsCount.Wait()
		close(done)
	}()

	select {
	case <-done:
		return
	case <-time.After(5 * time.Second):
		for _, proxyConn := range t.currentConnections {
			if err = proxyConn.Close(); err != nil {
				t.logger.Error(
					"error while closing remaining proxy connections",
					zap.Error(err),
				)
				err = fmt.Errorf(
					"error while closing remaining proxy connections: %w",
					err,
				)
			}
		}
		return
	}
}

func (t *tlsInterceptor) startListener() {
	for !t.shutdownRequested {
		conn, err := t.listener.Accept()
		if err != nil {
			t.logger.Error(
				"error during accept",
				zap.Error(err),
			)
			continue
		}

		t.currentConnectionsCount.Add(1)
		go t.proxyConn(conn)
	}
}

func (t *tlsInterceptor) proxyConn(conn net.Conn) {
	defer conn.Close()
	defer t.currentConnectionsCount.Done()

	rAddr, err := net.ResolveTCPAddr("tcp", t.options.redirectionTarget.address())
	if err != nil {
		t.logger.Error(
			"failed to resolve proxy target",
			zap.Error(err),
		)
	}

	targetConn, err := net.DialTCP("tcp", nil, rAddr)
	if err != nil {
		t.logger.Error(
			"failed to connect to proxy target",
			zap.Error(err),
		)
		return
	}
	defer targetConn.Close()

	proxyCon := &proxyConn{
		source: conn,
		target: targetConn,
	}

	conUID := uuid.New()
	t.currentConnections[conUID] = proxyCon
	Pipe(conn, targetConn)
	delete(t.currentConnections, conUID)

	t.logger.Info(
		"connection closed",
		zap.String("remoteAddr", conn.RemoteAddr().String()),
	)
}
Initial working version * supports HTTP * support TLS interception e.g. for HTTPS * support CA generation via cli * first draft of plugin API * support commands from plugins * includes Dockerfile * includes basic configuration 2020-04-01 02:08:21 +00:00			`package main`

			`import (`
			`"crypto/tls"`
			`"fmt"`
Move TLS/cert handling to main app - apply changes in proxy plugin and TLS interceptor - add HTTPS proxy support - move ca-generation command to main app - minor refactoring to improve API stability - move mocks to extra packages to avoid cycling imports - fix bug in multi-port configuration - change HTTP proxy to redirect to HTTP mock instead of maintaining custom rules 2020-04-25 22:22:45 +00:00			`"github.com/baez90/inetmock/pkg/api"`
			`"github.com/baez90/inetmock/pkg/cert"`
Improve config and startup handling - use `Unmarshal` method of viper - move config loading, defaulting and stuff to config package - move serve to an extra command and move keep only global flags in root command - add startup logic to onInit method in root command - update mocks - clean config structs - adopt changes in plugins - update default config 2020-04-27 22:26:15 +00:00			`"github.com/baez90/inetmock/pkg/config"`
Moved endpoint handling to new module - introduce new endpoints module - introduce Endpoint and EndpointManager - introduce new Logging abstraction API to allow proper mocking - add error return value to Start and Shutdown of endpoints - add mocks of some internals to allow easier testing - add generate target to take care of all code generation 2020-04-13 22:14:56 +00:00			`"github.com/baez90/inetmock/pkg/logging"`
Improve TLS connection tracking to avoid memory or connection leaks 2020-04-25 23:18:35 +00:00			`"github.com/google/uuid"`
Initial working version * supports HTTP * support TLS interception e.g. for HTTPS * support CA generation via cli * first draft of plugin API * support commands from plugins * includes Dockerfile * includes basic configuration 2020-04-01 02:08:21 +00:00			`"go.uber.org/zap"`
			`"net"`
			`"sync"`
			`"time"`
			`)`

			`const (`
			`name = "tls_interceptor"`
			`)`

			`type tlsInterceptor struct {`
Move TLS/cert handling to main app - apply changes in proxy plugin and TLS interceptor - add HTTPS proxy support - move ca-generation command to main app - minor refactoring to improve API stability - move mocks to extra packages to avoid cycling imports - fix bug in multi-port configuration - change HTTP proxy to redirect to HTTP mock instead of maintaining custom rules 2020-04-25 22:22:45 +00:00			`options tlsOptions`
Moved endpoint handling to new module - introduce new endpoints module - introduce Endpoint and EndpointManager - introduce new Logging abstraction API to allow proper mocking - add error return value to Start and Shutdown of endpoints - add mocks of some internals to allow easier testing - add generate target to take care of all code generation 2020-04-13 22:14:56 +00:00			`logger logging.Logger`
Initial working version * supports HTTP * support TLS interception e.g. for HTTPS * support CA generation via cli * first draft of plugin API * support commands from plugins * includes Dockerfile * includes basic configuration 2020-04-01 02:08:21 +00:00			`listener net.Listener`
Move TLS/cert handling to main app - apply changes in proxy plugin and TLS interceptor - add HTTPS proxy support - move ca-generation command to main app - minor refactoring to improve API stability - move mocks to extra packages to avoid cycling imports - fix bug in multi-port configuration - change HTTP proxy to redirect to HTTP mock instead of maintaining custom rules 2020-04-25 22:22:45 +00:00			`certStore cert.Store`
Initial working version * supports HTTP * support TLS interception e.g. for HTTPS * support CA generation via cli * first draft of plugin API * support commands from plugins * includes Dockerfile * includes basic configuration 2020-04-01 02:08:21 +00:00			`shutdownRequested bool`
			`currentConnectionsCount *sync.WaitGroup`
Improve TLS connection tracking to avoid memory or connection leaks 2020-04-25 23:18:35 +00:00			`currentConnections map[uuid.UUID]*proxyConn`
Initial working version * supports HTTP * support TLS interception e.g. for HTTPS * support CA generation via cli * first draft of plugin API * support commands from plugins * includes Dockerfile * includes basic configuration 2020-04-01 02:08:21 +00:00			`}`

Improve config and startup handling - use `Unmarshal` method of viper - move config loading, defaulting and stuff to config package - move serve to an extra command and move keep only global flags in root command - add startup logic to onInit method in root command - update mocks - clean config structs - adopt changes in plugins - update default config 2020-04-27 22:26:15 +00:00			`func (t *tlsInterceptor) Start(config config.HandlerConfig) (err error) {`
			`t.options = loadFromConfig(config.Options)`
			`addr := fmt.Sprintf("%s:%d", config.ListenAddress, config.Port)`
Initial working version * supports HTTP * support TLS interception e.g. for HTTPS * support CA generation via cli * first draft of plugin API * support commands from plugins * includes Dockerfile * includes basic configuration 2020-04-01 02:08:21 +00:00
			`t.logger = t.logger.With(`
			`zap.String("address", addr),`
			`zap.String("target", t.options.redirectionTarget.address()),`
			`)`

Move TLS/cert handling to main app - apply changes in proxy plugin and TLS interceptor - add HTTPS proxy support - move ca-generation command to main app - minor refactoring to improve API stability - move mocks to extra packages to avoid cycling imports - fix bug in multi-port configuration - change HTTP proxy to redirect to HTTP mock instead of maintaining custom rules 2020-04-25 22:22:45 +00:00			`if t.listener, err = tls.Listen("tcp", addr, api.ServicesInstance().CertStore().TLSConfig()); err != nil {`
Initial working version * supports HTTP * support TLS interception e.g. for HTTPS * support CA generation via cli * first draft of plugin API * support commands from plugins * includes Dockerfile * includes basic configuration 2020-04-01 02:08:21 +00:00			`t.logger.Fatal(`
			`"failed to create tls listener",`
			`zap.Error(err),`
			`)`
Moved endpoint handling to new module - introduce new endpoints module - introduce Endpoint and EndpointManager - introduce new Logging abstraction API to allow proper mocking - add error return value to Start and Shutdown of endpoints - add mocks of some internals to allow easier testing - add generate target to take care of all code generation 2020-04-13 22:14:56 +00:00			`err = fmt.Errorf(`
			`"failed to create tls listener: %w",`
			`err,`
			`)`
Initial working version * supports HTTP * support TLS interception e.g. for HTTPS * support CA generation via cli * first draft of plugin API * support commands from plugins * includes Dockerfile * includes basic configuration 2020-04-01 02:08:21 +00:00			`return`
			`}`

			`go t.startListener()`
Moved endpoint handling to new module - introduce new endpoints module - introduce Endpoint and EndpointManager - introduce new Logging abstraction API to allow proper mocking - add error return value to Start and Shutdown of endpoints - add mocks of some internals to allow easier testing - add generate target to take care of all code generation 2020-04-13 22:14:56 +00:00			`return`
Initial working version * supports HTTP * support TLS interception e.g. for HTTPS * support CA generation via cli * first draft of plugin API * support commands from plugins * includes Dockerfile * includes basic configuration 2020-04-01 02:08:21 +00:00			`}`

Moved endpoint handling to new module - introduce new endpoints module - introduce Endpoint and EndpointManager - introduce new Logging abstraction API to allow proper mocking - add error return value to Start and Shutdown of endpoints - add mocks of some internals to allow easier testing - add generate target to take care of all code generation 2020-04-13 22:14:56 +00:00			`func (t *tlsInterceptor) Shutdown() (err error) {`
Complete first naive HTTP proxy implementation - HTTPS configuration is till missing - fix a few minor things in other plugins - cleanup of config to reduce repeating of the same values multiple times 2020-04-12 01:51:41 +00:00			`t.logger.Info("Shutting down TLS interceptor")`
Initial working version * supports HTTP * support TLS interception e.g. for HTTPS * support CA generation via cli * first draft of plugin API * support commands from plugins * includes Dockerfile * includes basic configuration 2020-04-01 02:08:21 +00:00			`t.shutdownRequested = true`
			`done := make(chan struct{})`
			`go func() {`
			`t.currentConnectionsCount.Wait()`
			`close(done)`
			`}()`

			`select {`
			`case <-done:`
Moved endpoint handling to new module - introduce new endpoints module - introduce Endpoint and EndpointManager - introduce new Logging abstraction API to allow proper mocking - add error return value to Start and Shutdown of endpoints - add mocks of some internals to allow easier testing - add generate target to take care of all code generation 2020-04-13 22:14:56 +00:00			`return`
Initial working version * supports HTTP * support TLS interception e.g. for HTTPS * support CA generation via cli * first draft of plugin API * support commands from plugins * includes Dockerfile * includes basic configuration 2020-04-01 02:08:21 +00:00			`case <-time.After(5 * time.Second):`
			`for _, proxyConn := range t.currentConnections {`
Moved endpoint handling to new module - introduce new endpoints module - introduce Endpoint and EndpointManager - introduce new Logging abstraction API to allow proper mocking - add error return value to Start and Shutdown of endpoints - add mocks of some internals to allow easier testing - add generate target to take care of all code generation 2020-04-13 22:14:56 +00:00			`if err = proxyConn.Close(); err != nil {`
Initial working version * supports HTTP * support TLS interception e.g. for HTTPS * support CA generation via cli * first draft of plugin API * support commands from plugins * includes Dockerfile * includes basic configuration 2020-04-01 02:08:21 +00:00			`t.logger.Error(`
			`"error while closing remaining proxy connections",`
			`zap.Error(err),`
			`)`
Moved endpoint handling to new module - introduce new endpoints module - introduce Endpoint and EndpointManager - introduce new Logging abstraction API to allow proper mocking - add error return value to Start and Shutdown of endpoints - add mocks of some internals to allow easier testing - add generate target to take care of all code generation 2020-04-13 22:14:56 +00:00			`err = fmt.Errorf(`
			`"error while closing remaining proxy connections: %w",`
			`err,`
			`)`
Initial working version * supports HTTP * support TLS interception e.g. for HTTPS * support CA generation via cli * first draft of plugin API * support commands from plugins * includes Dockerfile * includes basic configuration 2020-04-01 02:08:21 +00:00			`}`
			`}`
Moved endpoint handling to new module - introduce new endpoints module - introduce Endpoint and EndpointManager - introduce new Logging abstraction API to allow proper mocking - add error return value to Start and Shutdown of endpoints - add mocks of some internals to allow easier testing - add generate target to take care of all code generation 2020-04-13 22:14:56 +00:00			`return`
Initial working version * supports HTTP * support TLS interception e.g. for HTTPS * support CA generation via cli * first draft of plugin API * support commands from plugins * includes Dockerfile * includes basic configuration 2020-04-01 02:08:21 +00:00			`}`
			`}`

			`func (t *tlsInterceptor) startListener() {`
			`for !t.shutdownRequested {`
			`conn, err := t.listener.Accept()`
			`if err != nil {`
			`t.logger.Error(`
			`"error during accept",`
			`zap.Error(err),`
			`)`
			`continue`
			`}`

			`t.currentConnectionsCount.Add(1)`
			`go t.proxyConn(conn)`
			`}`
			`}`

			`func (t *tlsInterceptor) proxyConn(conn net.Conn) {`
			`defer conn.Close()`
Improve TLS connection tracking to avoid memory or connection leaks 2020-04-25 23:18:35 +00:00			`defer t.currentConnectionsCount.Done()`
Initial working version * supports HTTP * support TLS interception e.g. for HTTPS * support CA generation via cli * first draft of plugin API * support commands from plugins * includes Dockerfile * includes basic configuration 2020-04-01 02:08:21 +00:00
			`rAddr, err := net.ResolveTCPAddr("tcp", t.options.redirectionTarget.address())`
			`if err != nil {`
			`t.logger.Error(`
			`"failed to resolve proxy target",`
			`zap.Error(err),`
			`)`
			`}`

			`targetConn, err := net.DialTCP("tcp", nil, rAddr)`
			`if err != nil {`
			`t.logger.Error(`
			`"failed to connect to proxy target",`
			`zap.Error(err),`
			`)`
			`return`
			`}`
			`defer targetConn.Close()`

Improve TLS connection tracking to avoid memory or connection leaks 2020-04-25 23:18:35 +00:00			`proxyCon := &proxyConn{`
Initial working version * supports HTTP * support TLS interception e.g. for HTTPS * support CA generation via cli * first draft of plugin API * support commands from plugins * includes Dockerfile * includes basic configuration 2020-04-01 02:08:21 +00:00			`source: conn,`
			`target: targetConn,`
Improve TLS connection tracking to avoid memory or connection leaks 2020-04-25 23:18:35 +00:00			`}`
Initial working version * supports HTTP * support TLS interception e.g. for HTTPS * support CA generation via cli * first draft of plugin API * support commands from plugins * includes Dockerfile * includes basic configuration 2020-04-01 02:08:21 +00:00
Improve TLS connection tracking to avoid memory or connection leaks 2020-04-25 23:18:35 +00:00			`conUID := uuid.New()`
			`t.currentConnections[conUID] = proxyCon`
Initial working version * supports HTTP * support TLS interception e.g. for HTTPS * support CA generation via cli * first draft of plugin API * support commands from plugins * includes Dockerfile * includes basic configuration 2020-04-01 02:08:21 +00:00			`Pipe(conn, targetConn)`
Improve TLS connection tracking to avoid memory or connection leaks 2020-04-25 23:18:35 +00:00			`delete(t.currentConnections, conUID)`
Initial working version * supports HTTP * support TLS interception e.g. for HTTPS * support CA generation via cli * first draft of plugin API * support commands from plugins * includes Dockerfile * includes basic configuration 2020-04-01 02:08:21 +00:00
			`t.logger.Info(`
			`"connection closed",`
			`zap.String("remoteAddr", conn.RemoteAddr().String()),`
			`)`
			`}`