telebit/connwrap.go

package telebit

import (
	"bufio"
	"fmt"
	"net"
	"os"
	"time"

	"git.rootprojects.org/root/telebit/dbg"
	"git.rootprojects.org/root/telebit/sni"
)

// ConnWrap is just a cheap way to DRY up some switch conn.(type) statements to handle special features of Conn
type ConnWrap struct {
	// TODO use io.MultiReader to unbuffer the peeker
	//Conn  net.Conn
	peeker     *bufio.Reader
	servername string
	scheme     string
	Conn       net.Conn
	Plain      net.Conn
	encrypted  *bool
}

type Peeker interface {
	Peek(n int) ([]byte, error)
}

func (c *ConnWrap) Peek(n int) ([]byte, error) {
	if nil != c.peeker {
		return c.peeker.Peek(n)
	}

	switch conn := c.Conn.(type) {
	case *ConnWrap:
		return conn.Peek(n)
	case *Conn:
		return conn.Peek(n)
	default:
		// *net.UDPConn,*net.TCPConn,*net.IPConn,*net.UnixConn
		if nil == c.peeker {
			c.peeker = bufio.NewReaderSize(c.Conn, defaultPeekerSize)
		}
		return c.peeker.Peek(n)
	}
}

func (c *ConnWrap) Read(b []byte) (n int, err error) {
	if nil != c.peeker {
		return c.peeker.Read(b)
	}
	return c.Conn.Read(b)
}

// Write writes data to the connection.
// Write can be made to time out and return an Error with Timeout() == true
// after a fixed time limit; see SetDeadline and SetWriteDeadline.
func (c *ConnWrap) Write(b []byte) (n int, err error) {
	return c.Conn.Write(b)
}

// Close closes the connection.
// Any blocked Read or Write operations will be unblocked and return errors.
func (c *ConnWrap) Close() error {
	return c.Conn.Close()
}

// Scheme returns one of "https", "http", "tcp", "tls", or ""
func (c *ConnWrap) Scheme() string {
	if "" != c.scheme {
		return c.scheme
	}

	/*
		if nil != c.Plain {
			tlsConn := &ConnWrap{Conn: c.Plain}
			// TODO upgrade tls+http => https
			c.scheme = tlsConn.Scheme()
			return c.scheme
		}
	*/

	switch conn := c.Conn.(type) {
	case *ConnWrap:
		return conn.Scheme()
	case *Conn:
		return string(conn.relayTargetAddr.scheme)
	}
	return ""
}

// CheckServername returns the servername without detection
func (c *ConnWrap) CheckServername() string {
	return c.servername
}

// SetServername sets the servername without detection
func (c *ConnWrap) SetServername(name string) {
	c.servername = name
}

// Servername may return Servername or Hostname as hinted by a tunnel or buffered peeking
func (c *ConnWrap) Servername() string {
	if "" != c.servername {
		return c.servername
	}

	if nil != c.Plain {
		tlsConn := &ConnWrap{Conn: c.Plain}
		c.servername = tlsConn.Servername()
		return c.servername
	}

	switch conn := c.Conn.(type) {
	case *ConnWrap:
		//c.servername = conn.Servername()
		return conn.Servername()
	case *Conn:
		// TODO XXX
		//c.servername = string(conn.relayTargetAddr.addr)
		return string(conn.relayTargetAddr.addr)
	}

	// this will get the servername
	_ = c.isEncrypted()
	return c.servername
}

// isEncrypted returns true if peeking at net.Conn reveals that it is TLS-encrypted
func (c *ConnWrap) isEncrypted() bool {
	if nil != c.encrypted {
		return *c.encrypted
	}

	var encrypted bool

	// TODO: how to allow / detect / handle protocols where the server hello happens first?
	c.SetDeadline(time.Now().Add(5 * time.Second))
	n := 6
	b, err := c.Peek(n)
	if dbg.Debug {
		fmt.Fprintf(os.Stderr, "[debug] [wrap] Peek(%d): %s %v\n", n, string(b), err)
	}
	if nil != err {
		// TODO return error on error?
		return encrypted
	}
	defer c.SetDeadline(time.Time{})
	if len(b) >= n {
		// SSL v3.x / TLS v1.x
		// 0: TLS Byte
		// 1: Major Version
		// 2: Minor Version - 1
		// 3-4: Header Length

		// Payload
		// 5: TLS Client Hello Marker Byte
		if 0x16 == b[0] && 0x03 == b[1] && 0x01 == b[5] {
			length := (int(b[3]) << 8) + int(b[4])
			b, err := c.Peek(n - 1 + length)
			if nil != err {
				c.encrypted = &encrypted
				return *c.encrypted
			}
			c.servername, _ = sni.GetHostname(b)
			encrypted = true
			c.encrypted = &encrypted
			return *c.encrypted
		}
	}
	c.encrypted = &encrypted
	return *c.encrypted
}

// LocalAddr returns the local network address.
func (c *ConnWrap) LocalAddr() net.Addr {
	// TODO is this the right one?
	return c.Conn.LocalAddr()
}

// RemoteAddr returns the remote network address.
func (c *ConnWrap) RemoteAddr() net.Addr {
	// TODO is this the right one?
	return c.Conn.RemoteAddr()
}

// SetDeadline sets the read and write deadlines associated
// with the connection. It is equivalent to calling both
// SetReadDeadline and SetWriteDeadline.
//
// A deadline is an absolute time after which I/O operations
// fail with a timeout (see type Error) instead of
// blocking. The deadline applies to all future and pending
// I/O, not just the immediately following call to Read or
// Write. After a deadline has been exceeded, the connection
// can be refreshed by setting a deadline in the future.
//
// An idle timeout can be implemented by repeatedly extending
// the deadline after successful Read or Write calls.
//
// A zero value for t means I/O operations will not time out.
//
// Note that if a TCP connection has keep-alive turned on,
// which is the default unless overridden by Dialer.KeepAlive
// or ListenConfig.KeepAlive, then a keep-alive failure may
// also return a timeout error. On Unix systems a keep-alive
// failure on I/O can be detected using
// errors.Is(err, syscall.ETIMEDOUT).
func (c *ConnWrap) SetDeadline(t time.Time) error {
	return c.Conn.SetDeadline(t)
}

// SetReadDeadline sets the deadline for future Read calls
// and any currently-blocked Read call.
// A zero value for t means Read will not time out.
func (c *ConnWrap) SetReadDeadline(t time.Time) error {
	return c.Conn.SetReadDeadline(t)
}

// SetWriteDeadline sets the deadline for future Write calls
// and any currently-blocked Write call.
// Even if write times out, it may return n > 0, indicating that
// some of the data was successfully written.
// A zero value for t means Write will not time out.
func (c *ConnWrap) SetWriteDeadline(t time.Time) error {
	return c.Conn.SetWriteDeadline(t)
}