Improve messages logging
This commit is contained in:
parent
391d0facd2
commit
1321cf79c6
@ -8,7 +8,7 @@ use tcp_over_http::tcp_relay_server::server_config::ServerConfig;
|
||||
author,
|
||||
version,
|
||||
about,
|
||||
long_about = "Encapsulate TCP sockets inside HTTP WebSockets"
|
||||
long_about = "Encapsulate TCP sockets inside HTTP WebSockets\nSource code: https://gitea.communiquons.org/pierre/tcp-over-http"
|
||||
)]
|
||||
struct CliArgs {
|
||||
#[clap(subcommand)]
|
||||
|
@ -94,7 +94,7 @@ pub async fn run_app(mut args: ClientConfig) -> std::io::Result<()> {
|
||||
port.id,
|
||||
urlencoding::encode(args.get_auth_token())
|
||||
)
|
||||
.replace("http", "ws"),
|
||||
.replace("http", "ws"),
|
||||
listen_address,
|
||||
args.clone(),
|
||||
));
|
||||
|
@ -196,11 +196,16 @@ pub async fn relay_ws(
|
||||
tcp_write,
|
||||
hb: Instant::now(),
|
||||
};
|
||||
|
||||
let resp = ws::start(relay, &req, stream);
|
||||
log::info!(
|
||||
"Opening new WS connection for {:?} to {}",
|
||||
"Opening new WS connection:\
|
||||
* for {:?}\
|
||||
* to {}\
|
||||
* token {:?}",
|
||||
req.peer_addr(),
|
||||
upstream_addr
|
||||
upstream_addr,
|
||||
query.token
|
||||
);
|
||||
resp
|
||||
}
|
||||
|
@ -1,9 +1,9 @@
|
||||
use std::sync::Arc;
|
||||
use std::time::SystemTime;
|
||||
|
||||
use rustls::{Certificate, DistinguishedNames, Error, RootCertStore};
|
||||
use rustls::internal::msgs::enums::AlertDescription;
|
||||
use rustls::server::{AllowAnyAuthenticatedClient, ClientCertVerified, ClientCertVerifier};
|
||||
use rustls::{Certificate, DistinguishedNames, Error, RootCertStore};
|
||||
use x509_parser::prelude::{CertificateRevocationList, FromDer, X509Certificate};
|
||||
|
||||
use crate::base::cert_utils::parse_pem_certificates;
|
||||
@ -86,14 +86,14 @@ impl ClientCertVerifier for CustomCertClientVerifier {
|
||||
intermediates: &[Certificate],
|
||||
now: SystemTime,
|
||||
) -> Result<ClientCertVerified, Error> {
|
||||
let (_rem, cert) =
|
||||
X509Certificate::from_der(&end_entity.0).expect("Failed to read certificate!");
|
||||
|
||||
// Check the certificates sent by the client has been revoked
|
||||
if let Some(crl) = &self.crl {
|
||||
let (_rem, crl) =
|
||||
CertificateRevocationList::from_der(crl).expect("Failed to read CRL!");
|
||||
|
||||
let (_rem, cert) =
|
||||
X509Certificate::from_der(&end_entity.0).expect("Failed to read certificate!");
|
||||
|
||||
for revoked in crl.iter_revoked_certificates() {
|
||||
if revoked.user_certificate == cert.serial {
|
||||
log::error!(
|
||||
@ -106,7 +106,24 @@ impl ClientCertVerifier for CustomCertClientVerifier {
|
||||
}
|
||||
}
|
||||
|
||||
self.upstream_cert_verifier
|
||||
.verify_client_cert(end_entity, intermediates, now)
|
||||
let result = self
|
||||
.upstream_cert_verifier
|
||||
.verify_client_cert(end_entity, intermediates, now);
|
||||
|
||||
match result.as_ref() {
|
||||
Err(e) => log::error!(
|
||||
"FAILED authentication attempt from Serial={} / Subject={} : {}",
|
||||
cert.serial,
|
||||
cert.subject,
|
||||
e
|
||||
),
|
||||
Ok(_) => log::info!(
|
||||
"SUCCESSFUL authentication attempt from Serial={} / Subject={}",
|
||||
cert.serial,
|
||||
cert.subject
|
||||
),
|
||||
}
|
||||
|
||||
result
|
||||
}
|
||||
}
|
||||
|
@ -2,10 +2,10 @@ use tokio::task;
|
||||
|
||||
use crate::tcp_relay_client::client_config::ClientConfig;
|
||||
use crate::tcp_relay_server::server_config::ServerConfig;
|
||||
use crate::test::{BAD_PATH, get_port_number, LOCALHOST_IP, PortsAllocation};
|
||||
use crate::test::dummy_tcp_sockets::wait_for_port;
|
||||
use crate::test::pki::Pki;
|
||||
use crate::test::test_files_utils::create_temp_file_with_random_content;
|
||||
use crate::test::{get_port_number, PortsAllocation, BAD_PATH, LOCALHOST_IP};
|
||||
|
||||
fn port(index: u16) -> u16 {
|
||||
get_port_number(PortsAllocation::ClientInvalidTlsConfiguration, index)
|
||||
@ -26,8 +26,8 @@ async fn random_file_for_cert() {
|
||||
tls_key: Some(pki.valid_client_key.file_path()),
|
||||
..Default::default()
|
||||
})
|
||||
.await
|
||||
.unwrap_err();
|
||||
.await
|
||||
.unwrap_err();
|
||||
}
|
||||
|
||||
#[tokio::test()]
|
||||
@ -45,8 +45,8 @@ async fn random_file_for_key() {
|
||||
tls_key: Some(random_file.to_string_lossy().to_string()),
|
||||
..Default::default()
|
||||
})
|
||||
.await
|
||||
.unwrap_err();
|
||||
.await
|
||||
.unwrap_err();
|
||||
}
|
||||
|
||||
#[tokio::test()]
|
||||
@ -63,8 +63,8 @@ async fn bad_pem_file_for_cert() {
|
||||
tls_key: Some(pki.valid_client_key.file_path()),
|
||||
..Default::default()
|
||||
})
|
||||
.await
|
||||
.unwrap_err();
|
||||
.await
|
||||
.unwrap_err();
|
||||
}
|
||||
|
||||
#[tokio::test()]
|
||||
@ -81,8 +81,8 @@ async fn bad_pem_file_for_key() {
|
||||
tls_key: Some(pki.root_ca_crl.file_path()),
|
||||
..Default::default()
|
||||
})
|
||||
.await
|
||||
.unwrap_err();
|
||||
.await
|
||||
.unwrap_err();
|
||||
}
|
||||
|
||||
#[tokio::test()]
|
||||
@ -99,8 +99,8 @@ async fn non_existing_cert() {
|
||||
tls_key: Some(pki.valid_client_key.file_path()),
|
||||
..Default::default()
|
||||
})
|
||||
.await
|
||||
.unwrap_err();
|
||||
.await
|
||||
.unwrap_err();
|
||||
}
|
||||
|
||||
#[tokio::test()]
|
||||
@ -117,8 +117,8 @@ async fn non_existing_key() {
|
||||
tls_key: Some(BAD_PATH.to_string()),
|
||||
..Default::default()
|
||||
})
|
||||
.await
|
||||
.unwrap_err();
|
||||
.await
|
||||
.unwrap_err();
|
||||
}
|
||||
|
||||
#[tokio::test()]
|
||||
@ -153,7 +153,8 @@ async fn unmatched_key_cert_pair() {
|
||||
root_certificate: Some(pki.root_ca_crt.file_path()),
|
||||
..Default::default()
|
||||
})
|
||||
.await
|
||||
.unwrap_err();
|
||||
}).await;
|
||||
}
|
||||
.await
|
||||
.unwrap_err();
|
||||
})
|
||||
.await;
|
||||
}
|
||||
|
@ -1,7 +1,7 @@
|
||||
use crate::tcp_relay_client::client_config::ClientConfig;
|
||||
use crate::test::{BAD_PATH, get_port_number, LOCALHOST_IP, PortsAllocation};
|
||||
use crate::test::pki::Pki;
|
||||
use crate::test::test_files_utils::create_temp_file_with_random_content;
|
||||
use crate::test::{get_port_number, PortsAllocation, BAD_PATH, LOCALHOST_IP};
|
||||
|
||||
const VALID_TOKEN: &str = "AvalidTOKEN";
|
||||
|
||||
@ -22,8 +22,8 @@ async fn invalid_file_type() {
|
||||
root_certificate: Some(pki.expired_client_key.file_path()),
|
||||
..Default::default()
|
||||
})
|
||||
.await
|
||||
.unwrap_err();
|
||||
.await
|
||||
.unwrap_err();
|
||||
}
|
||||
|
||||
#[tokio::test()]
|
||||
@ -37,8 +37,8 @@ async fn non_existing_file() {
|
||||
root_certificate: Some(BAD_PATH.to_string()),
|
||||
..Default::default()
|
||||
})
|
||||
.await
|
||||
.unwrap_err();
|
||||
.await
|
||||
.unwrap_err();
|
||||
}
|
||||
|
||||
#[tokio::test()]
|
||||
@ -54,6 +54,6 @@ async fn random_file() {
|
||||
root_certificate: Some(random_file.to_string_lossy().to_string()),
|
||||
..Default::default()
|
||||
})
|
||||
.await
|
||||
.unwrap_err();
|
||||
.await
|
||||
.unwrap_err();
|
||||
}
|
||||
|
@ -30,9 +30,9 @@ mod dummy_tcp_sockets;
|
||||
mod pki;
|
||||
mod test_files_utils;
|
||||
|
||||
mod client_invalid_tls_configuration;
|
||||
mod client_invalid_tls_root_certificate_file;
|
||||
mod client_try_tls_while_there_is_no_tls;
|
||||
mod client_invalid_tls_configuration;
|
||||
mod invalid_with_token_auth;
|
||||
mod server_invalid_tls_config_invalid_cert;
|
||||
mod server_invalid_tls_config_invalid_client_crl;
|
||||
|
Loading…
Reference in New Issue
Block a user