Improve messages logging

2022-09-02 15:40:00 +02:00 · 2022-09-02 15:40:00 +02:00 · 1321cf79c6
commit 1321cf79c6
parent 391d0facd2
7 changed files with 58 additions and 35 deletions
--- a/src/main.rs
+++ b/src/main.rs
@ -8,7 +8,7 @@ use tcp_over_http::tcp_relay_server::server_config::ServerConfig;
    author,
    version,
    about,
-    long_about = "Encapsulate TCP sockets inside HTTP WebSockets"
+    long_about = "Encapsulate TCP sockets inside HTTP WebSockets\nSource code: https://gitea.communiquons.org/pierre/tcp-over-http"
 )]
 struct CliArgs {
    #[clap(subcommand)]
--- a/src/tcp_relay_server/relay_ws.rs
+++ b/src/tcp_relay_server/relay_ws.rs
@ -196,11 +196,16 @@ pub async fn relay_ws(
        tcp_write,
        hb: Instant::now(),
    };
+
    let resp = ws::start(relay, &req, stream);
    log::info!(
-        "Opening new WS connection for {:?} to {}",
+        "Opening new WS connection:\
+         * for {:?}\
+         * to {}\
+         * token {:?}",
        req.peer_addr(),
-        upstream_addr
+        upstream_addr,
+        query.token
    );
    resp
 }
--- a/src/tcp_relay_server/tls_cert_client_verifier.rs
+++ b/src/tcp_relay_server/tls_cert_client_verifier.rs
@ -1,9 +1,9 @@
 use std::sync::Arc;
 use std::time::SystemTime;

+use rustls::{Certificate, DistinguishedNames, Error, RootCertStore};
 use rustls::internal::msgs::enums::AlertDescription;
 use rustls::server::{AllowAnyAuthenticatedClient, ClientCertVerified, ClientCertVerifier};
-use rustls::{Certificate, DistinguishedNames, Error, RootCertStore};
 use x509_parser::prelude::{CertificateRevocationList, FromDer, X509Certificate};

 use crate::base::cert_utils::parse_pem_certificates;
@ -86,14 +86,14 @@ impl ClientCertVerifier for CustomCertClientVerifier {
        intermediates: &[Certificate],
        now: SystemTime,
    ) -> Result<ClientCertVerified, Error> {
+        let (_rem, cert) =
+            X509Certificate::from_der(&end_entity.0).expect("Failed to read certificate!");
+
        // Check the certificates sent by the client has been revoked
        if let Some(crl) = &self.crl {
            let (_rem, crl) =
                CertificateRevocationList::from_der(crl).expect("Failed to read CRL!");

-            let (_rem, cert) =
-                X509Certificate::from_der(&end_entity.0).expect("Failed to read certificate!");
-
            for revoked in crl.iter_revoked_certificates() {
                if revoked.user_certificate == cert.serial {
                    log::error!(
@ -106,7 +106,24 @@ impl ClientCertVerifier for CustomCertClientVerifier {
            }
        }

-        self.upstream_cert_verifier
-            .verify_client_cert(end_entity, intermediates, now)
+        let result = self
+            .upstream_cert_verifier
+            .verify_client_cert(end_entity, intermediates, now);
+
+        match result.as_ref() {
+            Err(e) => log::error!(
+                "FAILED authentication attempt from Serial={} / Subject={} : {}",
+                cert.serial,
+                cert.subject,
+                e
+            ),
+            Ok(_) => log::info!(
+                "SUCCESSFUL authentication attempt from Serial={} / Subject={}",
+                cert.serial,
+                cert.subject
+            ),
+        }
+
+        result
    }
 }
--- a/src/test/client_invalid_tls_configuration.rs
+++ b/src/test/client_invalid_tls_configuration.rs
@ -2,10 +2,10 @@ use tokio::task;

 use crate::tcp_relay_client::client_config::ClientConfig;
 use crate::tcp_relay_server::server_config::ServerConfig;
-use crate::test::{BAD_PATH, get_port_number, LOCALHOST_IP, PortsAllocation};
 use crate::test::dummy_tcp_sockets::wait_for_port;
 use crate::test::pki::Pki;
 use crate::test::test_files_utils::create_temp_file_with_random_content;
+use crate::test::{get_port_number, PortsAllocation, BAD_PATH, LOCALHOST_IP};

 fn port(index: u16) -> u16 {
    get_port_number(PortsAllocation::ClientInvalidTlsConfiguration, index)
@ -155,5 +155,6 @@ async fn unmatched_key_cert_pair() {
            })
            .await
            .unwrap_err();
-        }).await;
+        })
+        .await;
 }
--- a/src/test/client_invalid_tls_root_certificate_file.rs
+++ b/src/test/client_invalid_tls_root_certificate_file.rs
@ -1,7 +1,7 @@
 use crate::tcp_relay_client::client_config::ClientConfig;
-use crate::test::{BAD_PATH, get_port_number, LOCALHOST_IP, PortsAllocation};
 use crate::test::pki::Pki;
 use crate::test::test_files_utils::create_temp_file_with_random_content;
+use crate::test::{get_port_number, PortsAllocation, BAD_PATH, LOCALHOST_IP};

 const VALID_TOKEN: &str = "AvalidTOKEN";

--- a/src/test/mod.rs
+++ b/src/test/mod.rs
@ -30,9 +30,9 @@ mod dummy_tcp_sockets;
 mod pki;
 mod test_files_utils;

+mod client_invalid_tls_configuration;
 mod client_invalid_tls_root_certificate_file;
 mod client_try_tls_while_there_is_no_tls;
-mod client_invalid_tls_configuration;
 mod invalid_with_token_auth;
 mod server_invalid_tls_config_invalid_cert;
 mod server_invalid_tls_config_invalid_client_crl;