From 2d056fbe66849f041a233a0d961639fae3835cbb Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Thu, 25 Apr 2019 13:54:48 -0600 Subject: Initial commit of Storage, TLS, and automatic HTTPS implementations --- modules/caddytls/matchers.go | 79 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 79 insertions(+) create mode 100644 modules/caddytls/matchers.go (limited to 'modules/caddytls/matchers.go') diff --git a/modules/caddytls/matchers.go b/modules/caddytls/matchers.go new file mode 100644 index 0000000..c376f87 --- /dev/null +++ b/modules/caddytls/matchers.go @@ -0,0 +1,79 @@ +package caddytls + +import ( + "crypto/tls" + + "bitbucket.org/lightcodelabs/caddy2" +) + +type ( + MatchServerName []string + + // TODO: these others should be enterprise-only, probably + MatchProtocol []string // TODO: version or protocol? + MatchClientCert struct{} // TODO: client certificate options + MatchRemote []string + MatchStarlark string +) + +func init() { + caddy2.RegisterModule(caddy2.Module{ + Name: "tls.handshake_match.host", + New: func() (interface{}, error) { return MatchServerName{}, nil }, + }) + caddy2.RegisterModule(caddy2.Module{ + Name: "tls.handshake_match.protocol", + New: func() (interface{}, error) { return MatchProtocol{}, nil }, + }) + caddy2.RegisterModule(caddy2.Module{ + Name: "tls.handshake_match.client_cert", + New: func() (interface{}, error) { return MatchClientCert{}, nil }, + }) + caddy2.RegisterModule(caddy2.Module{ + Name: "tls.handshake_match.remote", + New: func() (interface{}, error) { return MatchRemote{}, nil }, + }) + caddy2.RegisterModule(caddy2.Module{ + Name: "tls.handshake_match.starlark", + New: func() (interface{}, error) { return new(MatchStarlark), nil }, + }) +} + +func (m MatchServerName) Match(hello *tls.ClientHelloInfo) bool { + for _, name := range m { + // TODO: support wildcards (and regex?) + if hello.ServerName == name { + return true + } + } + return false +} + +func (m MatchProtocol) Match(hello *tls.ClientHelloInfo) bool { + // TODO: not implemented + return false +} + +func (m MatchClientCert) Match(hello *tls.ClientHelloInfo) bool { + // TODO: not implemented + return false +} + +func (m MatchRemote) Match(hello *tls.ClientHelloInfo) bool { + // TODO: not implemented + return false +} + +func (m MatchStarlark) Match(hello *tls.ClientHelloInfo) bool { + // TODO: not implemented + return false +} + +// Interface guards +var ( + _ ConnectionMatcher = MatchServerName{} + _ ConnectionMatcher = MatchProtocol{} + _ ConnectionMatcher = MatchClientCert{} + _ ConnectionMatcher = MatchRemote{} + _ ConnectionMatcher = new(MatchStarlark) +) -- cgit v1.2.3