Improve messages logging

This commit is contained in:
Pierre HUBERT 2022-09-02 15:40:00 +02:00
parent 391d0facd2
commit 1321cf79c6
7 changed files with 58 additions and 35 deletions

View File

@ -8,7 +8,7 @@ use tcp_over_http::tcp_relay_server::server_config::ServerConfig;
author,
version,
about,
long_about = "Encapsulate TCP sockets inside HTTP WebSockets"
long_about = "Encapsulate TCP sockets inside HTTP WebSockets\nSource code: https://gitea.communiquons.org/pierre/tcp-over-http"
)]
struct CliArgs {
#[clap(subcommand)]

View File

@ -94,7 +94,7 @@ pub async fn run_app(mut args: ClientConfig) -> std::io::Result<()> {
port.id,
urlencoding::encode(args.get_auth_token())
)
.replace("http", "ws"),
.replace("http", "ws"),
listen_address,
args.clone(),
));

View File

@ -196,11 +196,16 @@ pub async fn relay_ws(
tcp_write,
hb: Instant::now(),
};
let resp = ws::start(relay, &req, stream);
log::info!(
"Opening new WS connection for {:?} to {}",
"Opening new WS connection:\
* for {:?}\
* to {}\
* token {:?}",
req.peer_addr(),
upstream_addr
upstream_addr,
query.token
);
resp
}

View File

@ -1,9 +1,9 @@
use std::sync::Arc;
use std::time::SystemTime;
use rustls::{Certificate, DistinguishedNames, Error, RootCertStore};
use rustls::internal::msgs::enums::AlertDescription;
use rustls::server::{AllowAnyAuthenticatedClient, ClientCertVerified, ClientCertVerifier};
use rustls::{Certificate, DistinguishedNames, Error, RootCertStore};
use x509_parser::prelude::{CertificateRevocationList, FromDer, X509Certificate};
use crate::base::cert_utils::parse_pem_certificates;
@ -86,14 +86,14 @@ impl ClientCertVerifier for CustomCertClientVerifier {
intermediates: &[Certificate],
now: SystemTime,
) -> Result<ClientCertVerified, Error> {
let (_rem, cert) =
X509Certificate::from_der(&end_entity.0).expect("Failed to read certificate!");
// Check the certificates sent by the client has been revoked
if let Some(crl) = &self.crl {
let (_rem, crl) =
CertificateRevocationList::from_der(crl).expect("Failed to read CRL!");
let (_rem, cert) =
X509Certificate::from_der(&end_entity.0).expect("Failed to read certificate!");
for revoked in crl.iter_revoked_certificates() {
if revoked.user_certificate == cert.serial {
log::error!(
@ -106,7 +106,24 @@ impl ClientCertVerifier for CustomCertClientVerifier {
}
}
self.upstream_cert_verifier
.verify_client_cert(end_entity, intermediates, now)
let result = self
.upstream_cert_verifier
.verify_client_cert(end_entity, intermediates, now);
match result.as_ref() {
Err(e) => log::error!(
"FAILED authentication attempt from Serial={} / Subject={} : {}",
cert.serial,
cert.subject,
e
),
Ok(_) => log::info!(
"SUCCESSFUL authentication attempt from Serial={} / Subject={}",
cert.serial,
cert.subject
),
}
result
}
}

View File

@ -2,10 +2,10 @@ use tokio::task;
use crate::tcp_relay_client::client_config::ClientConfig;
use crate::tcp_relay_server::server_config::ServerConfig;
use crate::test::{BAD_PATH, get_port_number, LOCALHOST_IP, PortsAllocation};
use crate::test::dummy_tcp_sockets::wait_for_port;
use crate::test::pki::Pki;
use crate::test::test_files_utils::create_temp_file_with_random_content;
use crate::test::{get_port_number, PortsAllocation, BAD_PATH, LOCALHOST_IP};
fn port(index: u16) -> u16 {
get_port_number(PortsAllocation::ClientInvalidTlsConfiguration, index)
@ -26,8 +26,8 @@ async fn random_file_for_cert() {
tls_key: Some(pki.valid_client_key.file_path()),
..Default::default()
})
.await
.unwrap_err();
.await
.unwrap_err();
}
#[tokio::test()]
@ -45,8 +45,8 @@ async fn random_file_for_key() {
tls_key: Some(random_file.to_string_lossy().to_string()),
..Default::default()
})
.await
.unwrap_err();
.await
.unwrap_err();
}
#[tokio::test()]
@ -63,8 +63,8 @@ async fn bad_pem_file_for_cert() {
tls_key: Some(pki.valid_client_key.file_path()),
..Default::default()
})
.await
.unwrap_err();
.await
.unwrap_err();
}
#[tokio::test()]
@ -81,8 +81,8 @@ async fn bad_pem_file_for_key() {
tls_key: Some(pki.root_ca_crl.file_path()),
..Default::default()
})
.await
.unwrap_err();
.await
.unwrap_err();
}
#[tokio::test()]
@ -99,8 +99,8 @@ async fn non_existing_cert() {
tls_key: Some(pki.valid_client_key.file_path()),
..Default::default()
})
.await
.unwrap_err();
.await
.unwrap_err();
}
#[tokio::test()]
@ -117,8 +117,8 @@ async fn non_existing_key() {
tls_key: Some(BAD_PATH.to_string()),
..Default::default()
})
.await
.unwrap_err();
.await
.unwrap_err();
}
#[tokio::test()]
@ -153,7 +153,8 @@ async fn unmatched_key_cert_pair() {
root_certificate: Some(pki.root_ca_crt.file_path()),
..Default::default()
})
.await
.unwrap_err();
}).await;
.await
.unwrap_err();
})
.await;
}

View File

@ -1,7 +1,7 @@
use crate::tcp_relay_client::client_config::ClientConfig;
use crate::test::{BAD_PATH, get_port_number, LOCALHOST_IP, PortsAllocation};
use crate::test::pki::Pki;
use crate::test::test_files_utils::create_temp_file_with_random_content;
use crate::test::{get_port_number, PortsAllocation, BAD_PATH, LOCALHOST_IP};
const VALID_TOKEN: &str = "AvalidTOKEN";
@ -22,8 +22,8 @@ async fn invalid_file_type() {
root_certificate: Some(pki.expired_client_key.file_path()),
..Default::default()
})
.await
.unwrap_err();
.await
.unwrap_err();
}
#[tokio::test()]
@ -37,8 +37,8 @@ async fn non_existing_file() {
root_certificate: Some(BAD_PATH.to_string()),
..Default::default()
})
.await
.unwrap_err();
.await
.unwrap_err();
}
#[tokio::test()]
@ -54,6 +54,6 @@ async fn random_file() {
root_certificate: Some(random_file.to_string_lossy().to_string()),
..Default::default()
})
.await
.unwrap_err();
.await
.unwrap_err();
}

View File

@ -30,9 +30,9 @@ mod dummy_tcp_sockets;
mod pki;
mod test_files_utils;
mod client_invalid_tls_configuration;
mod client_invalid_tls_root_certificate_file;
mod client_try_tls_while_there_is_no_tls;
mod client_invalid_tls_configuration;
mod invalid_with_token_auth;
mod server_invalid_tls_config_invalid_cert;
mod server_invalid_tls_config_invalid_client_crl;