client just use cert file when build wss connection

03f1fd31 · AlexStocks · 92f8562c · 03f1fd31 · 03f1fd31 · 03f1fd31
Commit 03f1fd31 authored Apr 27, 2017 by AlexStocks
Hide whitespace changes
Inline Side-by-side

Showing with 45 additions and 38 deletions

change_log.md change_log.md +8 -2

client.go client.go +27 -31

conn.go conn.go +7 -2

version.go version.go +3 -3

No files found.
--- a/change_log.md
+++ b/change_log.md
@@ -11,11 +11,17 @@
 ## develop history ##
 ---

+- 2017/04/27
+    > bug fix
+    * 1 client connect wss server just using the cert file.
+
+    > version: 0.7.03
+
 - 2017/04/21
    > bug fix
    * 1 client can not connect wss server because of getty does not verify whether cert&key is nil or not in client.go:dialWSS
-    
-    > version: 0.7.02 
+
+    > version: 0.7.02

 - 2017/02/08
    > improvement

--- a/client.go
+++ b/client.go
@@ -21,7 +21,7 @@ import (
 )

 import (
-	"github.com/AlexStocks/goext/log"
+	"encoding/pem"
 	"github.com/AlexStocks/goext/sync"
 	log "github.com/AlexStocks/log4go"
 	"github.com/gorilla/websocket"
@@ -51,9 +51,7 @@ type Client struct {
 	wg   sync.WaitGroup

 	// for wss client
-	cert       string // 客户端的证书
-	privateKey string // 客户端的私钥(包含了它的public key)
-	caCert     string // 用于验证服务端的合法性
+	cert string // 服务端的证书文件（包含了公钥以及服务端其他一些验证信息：服务端域名、服务端ip、起始有效日期、有效时长、hash算法、秘钥长度等）
 }

 // NewClient function builds a tcp & ws client.
@@ -89,8 +87,6 @@ func NewWSSClient(
 	connInterval time.Duration,
 	serverAddr string,
 	cert string,
-	privateKey string,
-	caCert string,
 ) *Client {

 	if connNum < 0 {
@@ -101,14 +97,12 @@ func NewWSSClient(
 	}

 	return &Client{
-		number:     connNum,
-		interval:   connInterval,
-		addr:       serverAddr,
-		ssMap:      make(map[Session]gxsync.Empty, connNum),
-		done:       make(chan gxsync.Empty),
-		caCert:     caCert,
-		cert:       cert,
-		privateKey: privateKey,
+		number:   connNum,
+		interval: connInterval,
+		addr:     serverAddr,
+		ssMap:    make(map[Session]gxsync.Empty, connNum),
+		done:     make(chan gxsync.Empty),
+		cert:     cert,
 	}
 }

@@ -172,7 +166,6 @@ func (c *Client) dialWS() Session {
 func (c *Client) dialWSS() Session {
 	var (
 		err      error
-		certPem  []byte
 		root     *x509.Certificate
 		roots    []*x509.Certificate
 		certPool *x509.CertPool
@@ -188,11 +181,25 @@ func (c *Client) dialWSS() Session {
 		InsecureSkipVerify: true,
 	}

-	if c.cert != "" && c.privateKey != "" {
-		config.Certificates = make([]tls.Certificate, 1)
-		if config.Certificates[0], err = tls.LoadX509KeyPair(c.cert, c.privateKey); err != nil {
-			panic(fmt.Sprintf("tls.LoadX509KeyPair(cert{%s}, privateKey{%s}) = err{%#v}", c.cert, c.privateKey, err))
+	if c.cert != "" {
+		certPEMBlock, err := ioutil.ReadFile(c.cert)
+		if err != nil {
+			panic(fmt.Sprintf("ioutil.ReadFile(cert:%s) = error{%#v}", c.cert, err))
 		}
+
+		var cert tls.Certificate
+		for {
+			var certDERBlock *pem.Block
+			certDERBlock, certPEMBlock = pem.Decode(certPEMBlock)
+			if certDERBlock == nil {
+				break
+			}
+			if certDERBlock.Type == "CERTIFICATE" {
+				cert.Certificate = append(cert.Certificate, certDERBlock.Bytes)
+			}
+		}
+		config.Certificates = make([]tls.Certificate, 1)
+		config.Certificates[0] = cert
 	}

 	certPool = x509.NewCertPool()
@@ -205,18 +212,7 @@ func (c *Client) dialWSS() Session {
 			certPool.AddCert(root)
 		}
 	}
-
-	gxlog.CInfo("client cert:%s, key:%s, caCert:%s", c.cert, c.privateKey, c.caCert)
-	if c.caCert != "" {
-		certPem, err = ioutil.ReadFile(c.caCert)
-		if err != nil {
-			panic(fmt.Errorf("ioutil.ReadFile(caCert{%s}) = err{%#v}", c.caCert, err))
-		}
-		if ok := certPool.AppendCertsFromPEM(certPem); !ok {
-			panic("failed to parse root certificate file.")
-		}
-		config.InsecureSkipVerify = false
-	}
+	config.InsecureSkipVerify = true
 	config.RootCAs = certPool

 	// dialer.EnableCompression = true

--- a/conn.go
+++ b/conn.go
@@ -12,6 +12,7 @@ package getty
 import (
 	// "errors"
 	"compress/flate"
+	"crypto/tls"
 	"fmt"
 	"io"
 	"net"
@@ -21,7 +22,6 @@ import (

 import (
 	log "github.com/AlexStocks/log4go"
-
 	"github.com/golang/snappy"
 	"github.com/gorilla/websocket"
 )
@@ -386,6 +386,11 @@ func (w *gettyWSConn) writePing() error {
 // close websocket connection
 func (w *gettyWSConn) close(waitSec int) {
 	w.conn.WriteMessage(websocket.CloseMessage, []byte("bye-bye!!!"))
-	w.conn.UnderlyingConn().(*net.TCPConn).SetLinger(waitSec)
+	conn := w.conn.UnderlyingConn()
+	if tcpConn, ok := conn.(*net.TCPConn); ok {
+		tcpConn.SetLinger(waitSec)
+	} else if wsConn, ok := conn.(*tls.Conn); ok {
+		wsConn.CloseWrite()
+	}
 	w.conn.Close()
 }
--- a/version.go
+++ b/version.go
@@ -10,9 +10,9 @@
 package getty

 const (
-	Version     = "0.7.02"
-	DATE        = "2017/04/21"
+	Version     = "0.7.03"
+	DATE        = "2017/04/27"
 	GETTY_MAJOR = 0
 	GETTY_MINOR = 7
-	GETTY_BUILD = 2
+	GETTY_BUILD = 3
 )