use sha256 for client cert fingerprints, and log them when available
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/push Build is passing
Details
This commit is contained in:
parent
5c9655a1bb
commit
91218665d2
|
@ -3,7 +3,7 @@ package main
|
|||
import (
|
||||
"bytes"
|
||||
"context"
|
||||
"crypto/md5"
|
||||
"crypto/sha256"
|
||||
"crypto/tls"
|
||||
"crypto/x509"
|
||||
"encoding/hex"
|
||||
|
@ -88,7 +88,7 @@ func displayTLSState(state *tls.ConnectionState) string {
|
|||
}
|
||||
|
||||
func fingerprint(cert *x509.Certificate) []byte {
|
||||
raw := md5.Sum(cert.Raw)
|
||||
raw := sha256.Sum256(cert.Raw)
|
||||
dst := make([]byte, hex.EncodedLen(len(raw)))
|
||||
hex.Encode(dst, raw[:])
|
||||
return dst
|
||||
|
|
|
@ -2,6 +2,8 @@ package logging
|
|||
|
||||
import (
|
||||
"context"
|
||||
"crypto/sha256"
|
||||
"encoding/hex"
|
||||
"errors"
|
||||
"io"
|
||||
"time"
|
||||
|
@ -18,13 +20,17 @@ func LogRequests(logger Logger) sr.Middleware {
|
|||
response.Body = loggingBody(logger, request, response, start)
|
||||
} else {
|
||||
end := time.Now()
|
||||
_ = logger.Log(
|
||||
params := []any{
|
||||
"msg", "request",
|
||||
"ts", end.UTC(),
|
||||
"dur", end.Sub(start),
|
||||
"url", request.URL,
|
||||
"status", "(not found)",
|
||||
)
|
||||
}
|
||||
if fingerprint, ok := clientFingerprint(request); ok {
|
||||
params = append(params, "client_ident", fingerprint)
|
||||
}
|
||||
_ = logger.Log(params...)
|
||||
}
|
||||
|
||||
return response
|
||||
|
@ -32,6 +38,15 @@ func LogRequests(logger Logger) sr.Middleware {
|
|||
}
|
||||
}
|
||||
|
||||
func clientFingerprint(request *sr.Request) (string, bool) {
|
||||
if request.TLSState == nil || len(request.TLSState.PeerCertificates) == 0 {
|
||||
return "", false
|
||||
}
|
||||
|
||||
digest := sha256.Sum256(request.TLSState.PeerCertificates[0].Raw)
|
||||
return hex.EncodeToString(digest[:]), true
|
||||
}
|
||||
|
||||
type loggedResponseBody struct {
|
||||
request *sr.Request
|
||||
response *sr.Response
|
||||
|
@ -45,14 +60,19 @@ type loggedResponseBody struct {
|
|||
|
||||
func (lr *loggedResponseBody) log() {
|
||||
end := time.Now()
|
||||
_ = lr.logger.Log(
|
||||
params := []any{
|
||||
"msg", "request",
|
||||
"ts", end.UTC(),
|
||||
"dur", end.Sub(lr.start),
|
||||
"url", lr.request.URL,
|
||||
"status", lr.response.Status,
|
||||
"bodylen", lr.written,
|
||||
)
|
||||
}
|
||||
if fingerprint, ok := clientFingerprint(lr.request); ok {
|
||||
params = append(params, "client_ident", fingerprint)
|
||||
}
|
||||
|
||||
_ = lr.logger.Log(params...)
|
||||
}
|
||||
|
||||
func (lr *loggedResponseBody) Read(b []byte) (int, error) {
|
||||
|
|
Loading…
Reference in New Issue