mmarcel/derohe-miniblock-mod
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
derohe-miniblock-mod/p2p/controller.go
Captain a66d3d5051
Release62: P2P Improvements
2022-03-31 04:30:56 +00:00

746 lines
24 KiB
Go
Raw Blame History

// Copyright 2017-2021 DERO Project. All rights reserved.
// Use of this source code in any form is governed by RESEARCH license.
// license can be found in the LICENSE file.
// GPG: 0F39 E425 8C65 3947 702A 8234 08B2 0360 A03A 9DE8
//
//
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
package p2p
import "fmt"
import "net"
import "os"
import "time"
import "sort"
import "sync"
import "strings"
import "math/big"
import "strconv"
import "crypto/sha1"
import "crypto/ecdsa"
import "crypto/elliptic"
import "crypto/tls"
import "crypto/rand"
import "crypto/x509"
import "encoding/pem"
import "sync/atomic"
import "runtime/debug"
import "github.com/go-logr/logr"
import "github.com/deroproject/derohe/config"
import "github.com/deroproject/derohe/globals"
import "github.com/deroproject/derohe/metrics"
import "github.com/deroproject/derohe/blockchain"
import "github.com/xtaci/kcp-go/v5"
import "golang.org/x/crypto/pbkdf2"
import "golang.org/x/time/rate"
import "github.com/cenkalti/rpc2"
//import "github.com/txthinking/socks5"
var chain *blockchain.Blockchain // external reference to chain
var P2P_Port int // this will be exported while doing handshake
var Exit_Event = make(chan bool) // causes all threads to exit
var Exit_In_Progress bool // marks we are doing exit
var logger logr.Logger // global logger, every logger in this package is a child of this
var sync_node bool // whether sync mode is activated
var nonbanlist []string // any ips in this list will never be banned
// the list will include seed nodes, any nodes provided at command prompt
var ClockOffset time.Duration //Clock Offset related to all the peer2 connected
// also backoff is used if we have initiated a connect we will not connect to it again for another 10 secs
var backoff = map[string]int64{} // if server receives a connection, then it will not initiate connection to that ip for another 60 secs
var backoff_mutex = sync.Mutex{}
var Min_Peers = int64(31) // we need to expose this to be modifieable at runtime without taking daemon offline
// return true if we should back off else we can connect
func shouldwebackoff(ip string) bool {
backoff_mutex.Lock()
defer backoff_mutex.Unlock()
now := time.Now().Unix()
for k, v := range backoff { // random backing off
if v < now {
delete(backoff, k)
}
}
if backoff[ip] != 0 { // now lets do the test
return true
}
return false
}
// Initialize P2P subsystem
func P2P_Init(params map[string]interface{}) error {
logger = globals.Logger.WithName("P2P") // all components must use this logger
// register_handlers()
GetPeerID() // Initialize peer id once
// parse node tag if availble
if _, ok := globals.Arguments["--node-tag"]; ok {
if globals.Arguments["--node-tag"] != nil {
node_tag = globals.Arguments["--node-tag"].(string)
}
}
if os.Getenv("TURBO") == "0" {
logger.Info("P2P is in normal mode")
} else {
logger.Info("P2P is in turbo mode")
}
// permanently unban any seed nodes
if globals.IsMainnet() {
for i := range config.Mainnet_seed_nodes {
nonbanlist = append(nonbanlist, strings.ToLower(config.Mainnet_seed_nodes[i]))
}
} else { // initial bootstrap
for i := range config.Testnet_seed_nodes {
nonbanlist = append(nonbanlist, strings.ToLower(config.Testnet_seed_nodes[i]))
}
}
chain = params["chain"].(*blockchain.Blockchain)
load_ban_list() // load ban list
load_peer_list() // load old list if availble
// if user provided a sync node, connect with it
if _, ok := globals.Arguments["--sync-node"]; ok { // check if parameter is supported
if globals.Arguments["--sync-node"].(bool) {
sync_node = true
// disable p2p port
globals.Arguments["--p2p-bind"] = ":0"
// disable all connections except seed nodes
globals.Arguments["--add-exclusive-node"] = []string{"0.0.0.0:0"}
globals.Arguments["--add-priority-node"] = []string{"0.0.0.0:0"}
go maintain_seed_node_connection()
logger.Info("Sync mode is enabled. Please remove this option after chain syncs successfully")
}
}
go P2P_Server_v2() // start accepting connections
go P2P_engine() // start outgoing engine
globals.Cron.AddFunc("@every 4s", syncroniser) // start sync engine
globals.Cron.AddFunc("@every 5s", Connection_Pending_Clear) // clean dead connections
globals.Cron.AddFunc("@every 10s", ping_loop) // ping every one
globals.Cron.AddFunc("@every 10s", chunks_clean_up) // clean chunks
go time_check_routine() // check whether server time is in sync using ntp
metrics.Set.NewGauge("p2p_peer_count", func() float64 { // set a new gauge
count := float64(0)
connection_map.Range(func(k, value interface{}) bool {
if v := value.(*Connection); atomic.LoadUint32(&v.State) != HANDSHAKE_PENDING {
count++
}
return true
})
return count
})
metrics.Set.NewGauge("p2p_peer_incoming_count", func() float64 { // set a new gauge
count := float64(0)
connection_map.Range(func(k, value interface{}) bool {
if v := value.(*Connection); atomic.LoadUint32(&v.State) != HANDSHAKE_PENDING && v.Incoming {
count++
}
return true
})
return count
})
metrics.Set.NewGauge("p2p_peer_outgoing_count", func() float64 { // set a new gauge
count := float64(0)
connection_map.Range(func(k, value interface{}) bool {
if v := value.(*Connection); atomic.LoadUint32(&v.State) != HANDSHAKE_PENDING && !v.Incoming {
count++
}
return true
})
return count
})
logger.Info("P2P started")
atomic.AddUint32(&globals.Subsystem_Active, 1) // increment subsystem
return nil
}
// TODO we need to make sure that exclusive/priority nodes are never banned
func P2P_engine() {
var end_point_list []string
if _, ok := globals.Arguments["--add-exclusive-node"]; ok { // check if parameter is supported
if globals.Arguments["--add-exclusive-node"] != nil {
tmp_list := globals.Arguments["--add-exclusive-node"].([]string)
for i := range tmp_list {
end_point_list = append(end_point_list, tmp_list[i])
nonbanlist = append(nonbanlist, tmp_list[i])
}
}
}
// all prority nodes will be always connected
if _, ok := globals.Arguments["--add-priority-node"]; ok { // check if parameter is supported
if globals.Arguments["--add-priority-node"] != nil {
tmp_list := globals.Arguments["--add-priority-node"].([]string)
for i := range tmp_list {
end_point_list = append(end_point_list, tmp_list[i])
nonbanlist = append(nonbanlist, tmp_list[i])
}
}
}
{ // remove duplicates if any
sort.Strings(end_point_list)
start_again: // this list is expected to be less than 100
for i := range end_point_list {
if i > 0 && end_point_list[i-1] == end_point_list[i] {
end_point_list = append(end_point_list[:i-1], end_point_list[i:]...)
goto start_again
}
}
}
//logger.Debugf("Priority list %+v", end_point_list)
// maintain connection to exclusive/priority nodes
for i := range end_point_list {
go maintain_outgoing_priority_connection(end_point_list[i], false)
}
// do not create connections to peers , if requested
if _, ok := globals.Arguments["--add-exclusive-node"]; ok && len(globals.Arguments["--add-exclusive-node"].([]string)) == 0 { // check if parameter is supported
go maintain_connection_to_peers() // maintain certain number of connections for peer to peers
go maintain_seed_node_connection() // maintain connection with atleast 1 seed node
// this code only triggers when we do not have peer list
if find_peer_to_connect(1) == nil { // either we donot have a peer list or everyone is banned
// trigger connection to all seed nodes hoping some will be up
if globals.IsMainnet() { // initial boot strap should be quick
for i := range config.Mainnet_seed_nodes {
go connect_with_endpoint(config.Mainnet_seed_nodes[i], true)
}
} else { // initial bootstrap
for i := range config.Testnet_seed_nodes {
go connect_with_endpoint(config.Testnet_seed_nodes[i], true)
}
}
}
}
}
func tunekcp(conn *kcp.UDPSession) {
conn.SetACKNoDelay(true)
if os.Getenv("TURBO") == "0" {
conn.SetNoDelay(1, 10, 2, 1) // tuning paramters for local stack for fast retransmission stack
} else {
conn.SetNoDelay(0, 40, 0, 0) // tuning paramters for local
}
}
// will try to connect with given endpoint
// will block until the connection dies or is killed
func connect_with_endpoint(endpoint string, sync_node bool) {
defer globals.Recover(2)
remote_ip, err := net.ResolveUDPAddr("udp", endpoint)
if err != nil {
logger.V(3).Error(err, "Resolve address failed:", "endpoint", endpoint)
return
}
if IsAddressInBanList(ParseIPNoError(remote_ip.IP.String())) {
logger.V(2).Info("Connecting to banned IP is prohibited", "IP", remote_ip.IP.String())
return
}
// check whether are already connected to this address if yes, return
if IsAddressConnected(ParseIPNoError(remote_ip.String())) {
logger.V(4).Info("outgoing address is already connected", "ip", remote_ip.String())
return //nil, fmt.Errorf("Already connected")
}
if shouldwebackoff(ParseIPNoError(remote_ip.String())) {
logger.V(1).Info("backing off from this connection", "ip", remote_ip.String())
return
} else {
backoff_mutex.Lock()
backoff[ParseIPNoError(remote_ip.String())] = time.Now().Unix() + 10
backoff_mutex.Unlock()
}
var masterkey = pbkdf2.Key(globals.Config.Network_ID.Bytes(), globals.Config.Network_ID.Bytes(), 1024, 32, sha1.New)
var blockcipher, _ = kcp.NewAESBlockCrypt(masterkey)
var conn *kcp.UDPSession
// since we may be connecting through socks, grab the remote ip for our purpose rightnow
//conn, err := globals.Dialer.Dial("tcp", remote_ip.String())
if globals.Arguments["--socks-proxy"] == nil {
conn, err = kcp.DialWithOptions(remote_ip.String(), blockcipher, 10, 3)
} else { // we must move through a socks 5 UDP ASSOCIATE supporting proxy, ssh implementation is partial
err = fmt.Errorf("socks proxying is not supported")
logger.V(0).Error(err, "Not suported", "server", globals.Arguments["--socks-proxy"])
return
/*uri, err := url.Parse("socks5://" + globals.Arguments["--socks-proxy"].(string)) // "socks5://demo:demo@192.168.99.100:1080"
if err != nil {
logger.V(0).Error(err, "Error parsing socks proxy", "server", globals.Arguments["--socks-proxy"])
return
}
_ = uri
sserver := uri.Host
if uri.Port() != "" {
host, _, err := net.SplitHostPort(uri.Host)
if err != nil {
logger.V(0).Error(err, "Error parsing socks proxy", "server", globals.Arguments["--socks-proxy"])
return
}
sserver = host + ":"+ uri.Port()
}
fmt.Printf("sserver %s host %s port %s\n", sserver, uri.Host, uri.Port())
username := ""
password := ""
if uri.User != nil {
username = uri.User.Username()
password,_ = uri.User.Password()
}
tcpTimeout := 10
udpTimeout := 10
c, err := socks5.NewClient(sserver, username, password, tcpTimeout, udpTimeout)
if err != nil {
logger.V(0).Error(err, "Error connecting to socks proxy", "server", globals.Arguments["--socks-proxy"])
return
}
udpconn, err := c.Dial("udp", remote_ip.String())
if err != nil {
logger.V(0).Error(err, "Error connecting to remote host using socks proxy", "socks", globals.Arguments["--socks-proxy"],"remote",remote_ip.String())
return
}
conn,err = kcp.NewConn(remote_ip.String(),blockcipher,10,3,udpconn)
*/
}
if err != nil {
logger.V(3).Error(err, "Dial failed", "endpoint", endpoint)
Peer_SetFail(ParseIPNoError(remote_ip.String())) // update peer list as we see
conn.Close()
return //nil, fmt.Errorf("Dial failed err %s", err.Error())
}
tunekcp(conn) // set tunings for low latency
// TODO we need to choose fastest cipher here ( so both clients/servers are not loaded)
conntls := tls.Client(conn, &tls.Config{InsecureSkipVerify: true})
process_outgoing_connection(conn, conntls, remote_ip, false, sync_node)
}
// maintains a persistant connection to endpoint
// if connection drops, tries again after 4 secs
func maintain_outgoing_priority_connection(endpoint string, sync_node bool) {
delay := time.NewTicker(4 * time.Second)
for {
select {
case <-Exit_Event:
return
case <-delay.C:
}
connect_with_endpoint(endpoint, sync_node)
}
}
// this will maintain connection to 1 seed node randomly
func maintain_seed_node_connection() {
delay := time.NewTicker(2 * time.Second)
for {
select {
case <-Exit_Event:
return
case <-delay.C:
}
endpoint := ""
if globals.IsMainnet() { // choose mainnet seed node
r, _ := rand.Int(rand.Reader, big.NewInt(10240))
endpoint = config.Mainnet_seed_nodes[r.Int64()%int64(len(config.Mainnet_seed_nodes))]
} else { // choose testnet peer node
r, _ := rand.Int(rand.Reader, big.NewInt(10240))
endpoint = config.Testnet_seed_nodes[r.Int64()%int64(len(config.Testnet_seed_nodes))]
}
if endpoint != "" {
//connect_with_endpoint(endpoint, sync_node)
connect_with_endpoint(endpoint, true) // seed nodes always have sync mode
}
}
}
// keep building connections to network, we are talking outgoing connections
func maintain_connection_to_peers() {
// check how many connections are active
if _, ok := globals.Arguments["--min-peers"]; ok && globals.Arguments["--min-peers"] != nil { // user specified a limit, use it if possible
i, err := strconv.ParseInt(globals.Arguments["--min-peers"].(string), 10, 64)
if err != nil {
logger.Error(err, "Error Parsing --min-peers")
} else {
if i <= 1 {
logger.Error(fmt.Errorf("--min-peers should be positive and more than 1"), "")
} else {
Min_Peers = i
}
}
logger.Info("Min outgoing peers", "min-peers", Min_Peers)
}
delay := time.NewTicker(200 * time.Millisecond)
for {
select {
case <-Exit_Event:
return
case <-delay.C:
}
// check number of connections, if limit is reached, trigger new connections if we have peers
// if we have more do nothing
_, out := Peer_Direction_Count()
if out >= uint64(Min_Peers) { // we already have required number of peers, donot connect to more peers
continue
}
peer := find_peer_to_connect(1)
if peer != nil && !IsAddressConnected(ParseIPNoError(peer.Address)) {
go connect_with_endpoint(peer.Address, false)
}
}
}
func P2P_Server_v2() {
var accept_limiter = rate.NewLimiter(10.0, 40) // 10 incoming per sec, burst of 40 is okay
default_address := "0.0.0.0:0" // be default choose a random port
if _, ok := globals.Arguments["--p2p-bind"]; ok && globals.Arguments["--p2p-bind"] != nil {
addr, err := net.ResolveTCPAddr("tcp", globals.Arguments["--p2p-bind"].(string))
if err != nil {
logger.Error(err, "--p2p-bind address is invalid")
} else {
if addr.Port == 0 {
logger.Info("P2P server is disabled, No ports will be opened for P2P activity")
return
} else {
default_address = addr.String()
P2P_Port = addr.Port
}
}
}
srv := rpc2.NewServer()
srv.OnConnect(func(c *rpc2.Client) {
remote_addr_interface, _ := c.State.Get("addr")
remote_addr := remote_addr_interface.(net.Addr)
conn_interface, _ := c.State.Get("conn")
conn := conn_interface.(net.Conn)
tlsconn_interface, _ := c.State.Get("tlsconn")
tlsconn := tlsconn_interface.(net.Conn)
connection := &Connection{Client: c, Conn: conn, ConnTls: tlsconn, Addr: remote_addr, State: HANDSHAKE_PENDING, Incoming: true}
connection.logger = logger.WithName("incoming").WithName(remote_addr.String())
in, out := Peer_Direction_Count()
if int64(in+out) > Min_Peers { // do not allow incoming ddos
connection.exit()
return
}
c.State.Set("c", connection) // set pointer to connection
//connection.logger.Info("connected OnConnect")
go func() {
time.Sleep(2 * time.Second)
connection.dispatch_test_handshake()
}()
})
set_handlers(srv)
tlsconfig := &tls.Config{Certificates: []tls.Certificate{generate_random_tls_cert()}}
//l, err := tls.Listen("tcp", default_address, tlsconfig) // listen as TLS server
_ = tlsconfig
var masterkey = pbkdf2.Key(globals.Config.Network_ID.Bytes(), globals.Config.Network_ID.Bytes(), 1024, 32, sha1.New)
var blockcipher, _ = kcp.NewAESBlockCrypt(masterkey)
// listen to incoming tcp connections tls style
l, err := kcp.ListenWithOptions(default_address, blockcipher, 10, 3)
if err != nil {
logger.Error(err, "Could not listen", "address", default_address)
return
}
defer l.Close()
_, P2P_Port_str, _ := net.SplitHostPort(l.Addr().String())
P2P_Port, _ = strconv.Atoi(P2P_Port_str)
logger.Info("P2P is listening", "address", l.Addr().String())
// A common pattern is to start a loop to continously accept connections
for {
conn, err := l.AcceptKCP() //accept connections using Listener.Accept()
if err != nil {
select {
case <-Exit_Event:
l.Close() // p2p is shutting down, close the listening socket
return
default:
}
logger.V(1).Error(err, "Err while accepting incoming connection")
continue
}
if !accept_limiter.Allow() { // if rate limiter allows, then only add else drop the connection
conn.Close()
continue
}
raddr := conn.RemoteAddr().(*net.UDPAddr)
backoff_mutex.Lock()
backoff[ParseIPNoError(raddr.String())] = time.Now().Unix() + globals.Global_Random.Int63n(200) // random backing of upto 200 secs
backoff_mutex.Unlock()
logger.V(3).Info("accepting incoming connection", "raddr", raddr.String())
if IsAddressConnected(ParseIPNoError(raddr.String())) {
logger.V(4).Info("incoming address is already connected", "ip", raddr.String())
conn.Close()
} else if IsAddressInBanList(ParseIPNoError(raddr.IP.String())) { //if incoming IP is banned, disconnect now
logger.V(2).Info("Incoming IP is banned, disconnecting now", "IP", raddr.IP.String())
conn.Close()
}
tunekcp(conn) // tuning paramters for local stack
tlsconn := tls.Server(conn, tlsconfig)
state := rpc2.NewState()
state.Set("addr", raddr)
state.Set("conn", conn)
state.Set("tlsconn", tlsconn)
go srv.ServeCodecWithState(NewCBORCodec(tlsconn), state)
}
}
func handle_connection_panic(c *Connection) {
defer globals.Recover(2)
if r := recover(); r != nil {
logger.V(2).Error(nil, "Recovered while handling connection", "r", r, "stack", string(debug.Stack()))
c.exit()
}
}
func set_handler(base interface{}, methodname string, handler interface{}) {
switch o := base.(type) {
case *rpc2.Client:
o.Handle(methodname, handler)
//fmt.Printf("setting client handler %s\n", methodname)
case *rpc2.Server:
o.Handle(methodname, handler)
//fmt.Printf("setting server handler %s\n", methodname)
default:
panic(fmt.Sprintf("object cannot handle such handler %T", base))
}
}
func getc(client *rpc2.Client) *Connection {
if ci, found := client.State.Get("c"); found {
return ci.(*Connection)
} else {
panic("no connection attached")
return nil
}
}
// we need the following RPCS to work
func set_handlers(o interface{}) {
set_handler(o, "Peer.Handshake", func(client *rpc2.Client, args Handshake_Struct, reply *Handshake_Struct) error {
return getc(client).Handshake(args, reply)
})
set_handler(o, "Peer.Chain", func(client *rpc2.Client, args Chain_Request_Struct, reply *Chain_Response_Struct) error {
return getc(client).Chain(args, reply)
})
set_handler(o, "Peer.ChangeSet", func(client *rpc2.Client, args ChangeList, reply *Changes) error {
return getc(client).ChangeSet(args, reply)
})
set_handler(o, "Peer.NotifyINV", func(client *rpc2.Client, args ObjectList, reply *Dummy) error {
return getc(client).NotifyINV(args, reply)
})
set_handler(o, "Peer.GetObject", func(client *rpc2.Client, args ObjectList, reply *Objects) error {
return getc(client).GetObject(args, reply)
})
set_handler(o, "Peer.TreeSection", func(client *rpc2.Client, args Request_Tree_Section_Struct, reply *Response_Tree_Section_Struct) error {
return getc(client).TreeSection(args, reply)
})
set_handler(o, "Peer.NotifyMiniBlock", func(client *rpc2.Client, args Objects, reply *Dummy) error {
return getc(client).NotifyMiniBlock(args, reply)
})
set_handler(o, "Peer.Ping", func(client *rpc2.Client, args Dummy, reply *Dummy) error {
return getc(client).Ping(args, reply)
})
}
func process_outgoing_connection(conn net.Conn, tlsconn net.Conn, remote_addr net.Addr, incoming, sync_node bool) {
defer globals.Recover(0)
client := rpc2.NewClientWithCodec(NewCBORCodec(tlsconn))
c := &Connection{Client: client, Conn: conn, ConnTls: tlsconn, Addr: remote_addr, State: HANDSHAKE_PENDING, Incoming: incoming, SyncNode: sync_node}
defer c.exit()
c.logger = logger.WithName("outgoing").WithName(remote_addr.String())
set_handlers(client)
client.State = rpc2.NewState()
client.State.Set("c", c)
go func() {
time.Sleep(2 * time.Second)
c.dispatch_test_handshake()
}()
// c.logger.V(4).Info("client running loop")
client.Run() // see the original
c.logger.V(4).Info("process_connection finished")
}
// shutdown the p2p component
func P2P_Shutdown() {
//close(Exit_Event) // send signal to all connections to exit
save_peer_list() // save peer list
save_ban_list() // save ban list
// TODO we must wait for connections to kill themselves
logger.Info("P2P Shutdown")
atomic.AddUint32(&globals.Subsystem_Active, ^uint32(0)) // this decrement 1 fom subsystem
}
// generate default tls cert to encrypt everything
// NOTE: this does NOT protect from individual active man-in-the-middle attacks
func generate_random_tls_cert() tls.Certificate {
/* RSA can do only 500 exchange per second, we need to be faster
* reference https://github.com/golang/go/issues/20058
key, err := rsa.GenerateKey(rand.Reader, 512) // current using minimum size
if err != nil {
log.Fatal("Private key cannot be created.", err.Error())
}
// Generate a pem block with the private key
keyPem := pem.EncodeToMemory(&pem.Block{
Type: "RSA PRIVATE KEY",
Bytes: x509.MarshalPKCS1PrivateKey(key),
})
*/
// EC256 does roughly 20000 exchanges per second
key, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
b, err := x509.MarshalECPrivateKey(key)
if err != nil {
logger.Error(err, "Unable to marshal ECDSA private key")
panic(err)
}
// Generate a pem block with the private key
keyPem := pem.EncodeToMemory(&pem.Block{Type: "EC PRIVATE KEY", Bytes: b})
tml := x509.Certificate{
SerialNumber: big.NewInt(int64(GetPeerID()) ^ int64(time.Now().UnixNano())),
// TODO do we need to add more parameters to make our certificate more authentic
// and thwart traffic identification as a mass scale
/*
// you can add any attr that you need
NotBefore: time.Now(),
NotAfter: time.Now().AddDate(5, 0, 0),
// you have to generate a different serial number each execution
Subject: pkix.Name{
CommonName: "New Name",
Organization: []string{"New Org."},
},
BasicConstraintsValid: true, // even basic constraints are not required
*/
}
cert, err := x509.CreateCertificate(rand.Reader, &tml, &tml, &key.PublicKey, key)
if err != nil {
logger.Error(err, "Certificate cannot be created.")
panic(err)
}
// Generate a pem block with the certificate
certPem := pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: cert})
tlsCert, err := tls.X509KeyPair(certPem, keyPem)
if err != nil {
logger.Error(err, "Certificate cannot be loaded.")
panic(err)
}
return tlsCert
}
func ParseIP(s string) (string, error) {
ip, _, err := net.SplitHostPort(s)
if err == nil {
return ip, nil
}
ip2 := net.ParseIP(s)
if ip2 == nil {
return "", fmt.Errorf("invalid IP")
}
return ip2.String(), nil
}
func ParseIPNoError(s string) string {
ip, _ := ParseIP(s)
return ip
}
Reference in New Issue View Git Blame Copy Permalink