Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

cleanup usages of kleverr #28

Draft
wants to merge 5 commits into
base: main
Choose a base branch
from
Draft
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 6 additions & 4 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -417,11 +417,15 @@ by adding account management and it is one of the easiest way to start.
- [x] proxy proto support
- [x] update nix modules with new config options

### v0.6.0
- [x] nixos testing
- [ ] error wrapping

## Future

- [ ] error wrapping
- [ ] zip and name windows executable .exe
- [ ] UDP support
- [ ] zip and name windows executable .exe
- [ ] notarize mac app
- [ ] Gen config
- [ ] http source
- [ ] client stateless reset key
Expand All @@ -431,6 +435,4 @@ by adding account management and it is one of the easiest way to start.
- [ ] Docs section for building the project
- [ ] Docs section for embedding into golang programs
- [ ] mininet testing
- [ ] nixos testing
- [ ] notarize mac app
- [ ] websocket tcp converter
28 changes: 16 additions & 12 deletions certc/cert.go
Original file line number Diff line number Diff line change
Expand Up @@ -11,12 +11,11 @@ import (
"crypto/x509"
"crypto/x509/pkix"
"encoding/pem"
"fmt"
"io"
"math/big"
"net"
"time"

"github.com/klev-dev/kleverr"
)

var SharedSubject = pkix.Name{
Expand Down Expand Up @@ -206,17 +205,22 @@ func (c *Cert) Encode(certOut io.Writer, keyOut io.Writer) error {
Type: "CERTIFICATE",
Bytes: c.der,
}); err != nil {
return kleverr.Ret(err)
return fmt.Errorf("cert encode: %w", err)
}

keyData, err := x509.MarshalPKCS8PrivateKey(c.pk)
if err != nil {
return kleverr.Ret(err)
return fmt.Errorf("key marshal: %w", err)
}
return pem.Encode(keyOut, &pem.Block{

if err := pem.Encode(keyOut, &pem.Block{
Type: "PRIVATE KEY",
Bytes: keyData,
})
}); err != nil {
return fmt.Errorf("key encode: %w", err)
}

return nil
}

func (c *Cert) EncodeToMemory() ([]byte, []byte, error) {
Expand All @@ -227,7 +231,7 @@ func (c *Cert) EncodeToMemory() ([]byte, []byte, error) {

keyData, err := x509.MarshalPKCS8PrivateKey(c.pk)
if err != nil {
return nil, nil, kleverr.Ret(err)
return nil, nil, fmt.Errorf("mem key marshal: %w", err)
}
keyPEM := pem.EncodeToMemory(&pem.Block{
Type: "PRIVATE KEY",
Expand All @@ -239,23 +243,23 @@ func (c *Cert) EncodeToMemory() ([]byte, []byte, error) {
func DecodeFromMemory(cert, key []byte) (*Cert, error) {
certDER, _ := pem.Decode(cert)
if certDER == nil {
return nil, kleverr.New("could not find cert pem block")
return nil, fmt.Errorf("cert: no pem block")
}
if certDER.Type != "CERTIFICATE" {
return nil, kleverr.Newf("pem is not certificate: %s", certDER.Type)
return nil, fmt.Errorf("cert type: %s", certDER.Type)
}

keyDER, _ := pem.Decode(key)
if keyDER == nil {
return nil, kleverr.New("could not find key pem block")
return nil, fmt.Errorf("cert key: no pem block")
}
if keyDER.Type != "PRIVATE KEY" {
return nil, kleverr.Newf("pem is not private key: %s", keyDER.Type)
return nil, fmt.Errorf("cert key type: %s", keyDER.Type)
}

keyValue, err := x509.ParsePKCS8PrivateKey(keyDER.Bytes)
if err != nil {
return nil, kleverr.Newf("cannot parse pk: %w", err)
return nil, fmt.Errorf("cert parse key: %w", err)
}

return &Cert{der: certDER.Bytes, pk: keyValue}, nil
Expand Down
20 changes: 10 additions & 10 deletions certc/cert_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,11 +5,11 @@ import (
"context"
"crypto/tls"
"crypto/x509"
"fmt"
"io"
"net"
"testing"

"github.com/klev-dev/kleverr"
"github.com/quic-go/quic-go"
"github.com/stretchr/testify/require"
"golang.org/x/sync/errgroup"
Expand Down Expand Up @@ -228,29 +228,29 @@ func testConnectivityTLS(t *testing.T, serverConf *tls.Config, clientConf *tls.C
g.Go(func() error {
c, err := l.Accept(ctx)
if err != nil {
return kleverr.Ret(err)
return fmt.Errorf("server accept conn: %w", err)
}

peerCerts := c.ConnectionState().TLS.PeerCertificates
if len(peerCerts) != 1 {
return kleverr.Newf("expected 1 client certificate, but found: %d", len(peerCerts))
return fmt.Errorf("expected 1 client certificate, but found: %d", len(peerCerts))
}
if !bytes.Equal(peerCerts[0].Raw, clientConf.Certificates[0].Leaf.Raw) {
return kleverr.Newf("expected matching certs")
return fmt.Errorf("expected matching certs")
}

s, err := c.AcceptStream(ctx)
if err != nil {
return kleverr.Ret(err)
return fmt.Errorf("server accept stream: %w", err)
}
defer s.Close()

buf := make([]byte, 1)
if _, err := io.ReadFull(s, buf); err != nil {
return kleverr.Ret(err)
return fmt.Errorf("server read: %w", err)
}
if _, err := s.Write(buf); err != nil {
return kleverr.Ret(err)
return fmt.Errorf("server write: %w", err)
}
return nil
})
Expand All @@ -262,18 +262,18 @@ func testConnectivityTLS(t *testing.T, serverConf *tls.Config, clientConf *tls.C
g.Go(func() error {
s, err := c.OpenStreamSync(context.Background())
if err != nil {
return kleverr.Ret(err)
return fmt.Errorf("client stream: %w", err)
}
defer s.Close()

buf := make([]byte, 1)
buf[0] = 33
if _, err := s.Write(buf); err != nil {
return kleverr.Ret(err)
return fmt.Errorf("client write: %w", err)
}
buf[0] = 0
if _, err := io.ReadFull(s, buf); err != nil {
return kleverr.Ret(err)
return fmt.Errorf("client read: %w", err)
}
return nil
})
Expand Down
42 changes: 20 additions & 22 deletions client.go
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,6 @@ import (
"github.com/connet-dev/connet/pbs"
"github.com/connet-dev/connet/quicc"
"github.com/connet-dev/connet/statusc"
"github.com/klev-dev/kleverr"
"github.com/quic-go/quic-go"
"golang.org/x/sync/errgroup"
)
Expand All @@ -43,29 +42,30 @@ func NewClient(opts ...ClientOption) (*Client, error) {
}
for _, opt := range opts {
if err := opt(cfg); err != nil {
return nil, kleverr.Ret(err)
return nil, err
}
}

if cfg.controlAddr == nil {
if err := ClientControlAddress("127.0.0.1:19190")(cfg); err != nil {
return nil, kleverr.Ret(err)
return nil, fmt.Errorf("default control address: %w", err)
}
}

if cfg.directAddr == nil {
if err := ClientDirectAddress(":19192")(cfg); err != nil {
return nil, kleverr.Ret(err)
return nil, fmt.Errorf("default direct address: %w", err)
}
}

if len(cfg.destinations) == 0 && len(cfg.sources) == 0 {
return nil, kleverr.New("missing at least on destination or source")
// TODO fix this
return nil, fmt.Errorf("missing destination or source")
}

rootCert, err := certc.NewRoot()
if err != nil {
return nil, kleverr.Ret(err)
return nil, fmt.Errorf("create root cert: %w", err)
}
cfg.logger.Debug("generated root cert")

Expand All @@ -83,7 +83,7 @@ func (c *Client) Run(ctx context.Context) error {
c.logger.Debug("start udp listener")
udpConn, err := net.ListenUDP("udp", c.directAddr)
if err != nil {
return kleverr.Ret(err)
return fmt.Errorf("listen direct address: %w", err)
}
defer udpConn.Close()

Expand All @@ -93,22 +93,22 @@ func (c *Client) Run(ctx context.Context) error {

ds, err := client.NewDirectServer(transport, c.logger)
if err != nil {
return kleverr.Ret(err)
return fmt.Errorf("create direct server: %w", err)
}

c.dsts = map[model.Forward]*client.Destination{}
for fwd, cfg := range c.destinations {
c.dsts[fwd], err = client.NewDestination(cfg, ds, c.rootCert, c.logger)
if err != nil {
return kleverr.Ret(err)
return fmt.Errorf("create destination %s: %w", fwd, err)
}
}

c.srcs = map[model.Forward]*client.Source{}
for fwd, cfg := range c.sources {
c.srcs[fwd], err = client.NewSource(cfg, ds, c.rootCert, c.logger)
if err != nil {
return kleverr.Ret(err)
return fmt.Errorf("client source %s: %w", fwd, err)
}
}

Expand Down Expand Up @@ -155,8 +155,6 @@ func (c *Client) run(ctx context.Context, transport *quic.Transport) error {
}
}

var retConnect = kleverr.Ret2[quic.Connection, []byte]

func (c *Client) connect(ctx context.Context, transport *quic.Transport, retoken []byte) (quic.Connection, []byte, error) {
c.logger.Debug("dialing target", "addr", c.controlAddr)
// TODO dial timeout if server is not accessible?
Expand All @@ -166,35 +164,35 @@ func (c *Client) connect(ctx context.Context, transport *quic.Transport, retoken
NextProtos: []string{"connet"},
}, quicc.StdConfig)
if err != nil {
return retConnect(err)
return nil, nil, fmt.Errorf("dial server: %w", err)
}

c.logger.Debug("authenticating", "addr", c.controlAddr)

authStream, err := conn.OpenStreamSync(ctx)
if err != nil {
return retConnect(err)
return nil, nil, fmt.Errorf("open auth stream: %w", err)
}
defer authStream.Close()

if err := pb.Write(authStream, &pbs.Authenticate{
Token: c.token,
ReconnectToken: retoken,
}); err != nil {
return retConnect(err)
return nil, nil, fmt.Errorf("write auth: %w", err)
}

resp := &pbs.AuthenticateResp{}
if err := pb.Read(authStream, resp); err != nil {
return retConnect(err)
return nil, nil, fmt.Errorf("read auth: %w", err)
}
if resp.Error != nil {
return retConnect(resp.Error)
return nil, nil, fmt.Errorf("auth: %w", resp.Error)
}

localAddrs, err := netc.LocalAddrs()
if err != nil {
return retConnect(err)
return nil, nil, fmt.Errorf("local addrs: %w", err)
}
localAddrPorts := make([]netip.AddrPort, len(localAddrs))
for i, addr := range localAddrs {
Expand Down Expand Up @@ -348,12 +346,12 @@ func ClientControlCAs(certFile string) ClientOption {
return func(cfg *clientConfig) error {
casData, err := os.ReadFile(certFile)
if err != nil {
return kleverr.Newf("cannot read certs file: %w", err)
return fmt.Errorf("read server CAs: %w", err)
}

cas := x509.NewCertPool()
if !cas.AppendCertsFromPEM(casData) {
return kleverr.Newf("no certificates found in %s", certFile)
return fmt.Errorf("missing client CA certificate")
}

cfg.controlCAs = cas
Expand All @@ -374,7 +372,7 @@ func ClientDirectAddress(address string) ClientOption {
return func(cfg *clientConfig) error {
addr, err := net.ResolveUDPAddr("udp", address)
if err != nil {
return kleverr.Newf("direct address cannot be resolved: %w", err)
return fmt.Errorf("resolve direct address: %w", err)
}

cfg.directAddr = addr
Expand All @@ -387,7 +385,7 @@ func ClientStatusAddress(address string) ClientOption {
return func(cfg *clientConfig) error {
addr, err := net.ResolveTCPAddr("tcp", address)
if err != nil {
return kleverr.Newf("status address cannot be resolved: %w", err)
return fmt.Errorf("resolve status address: %w", err)
}

cfg.statusAddr = addr
Expand Down
8 changes: 4 additions & 4 deletions client/destination.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ package client

import (
"context"
"fmt"
"log/slog"
"net"
"net/netip"
Expand All @@ -11,7 +12,6 @@ import (
"github.com/connet-dev/connet/netc"
"github.com/connet-dev/connet/pb"
"github.com/connet-dev/connet/pbc"
"github.com/klev-dev/kleverr"
"github.com/quic-go/quic-go"
"golang.org/x/sync/errgroup"
)
Expand Down Expand Up @@ -172,7 +172,7 @@ func (d *Destination) runDestinationErr(ctx context.Context, stream quic.Stream)
default:
err := pb.NewError(pb.Error_RequestUnknown, "unknown request: %v", req)
if err := pb.Write(stream, &pbc.Response{Error: err}); err != nil {
return kleverr.Newf("cannot write error response: %w", err)
return fmt.Errorf("destination write err response: %w", err)
}
return err
}
Expand All @@ -185,7 +185,7 @@ func (d *Destination) runConnect(ctx context.Context, stream quic.Stream) error
if err != nil {
err := pb.NewError(pb.Error_DestinationDialFailed, "%s could not be dialed: %v", d.cfg.Forward, err)
if err := pb.Write(stream, &pbc.Response{Error: err}); err != nil {
return kleverr.Newf("could not write error response: %w", err)
return fmt.Errorf("connect write err response: %w", err)
}
return err
}
Expand All @@ -196,7 +196,7 @@ func (d *Destination) runConnect(ctx context.Context, stream quic.Stream) error
ProxyProto: d.cfg.Proxy.PB(),
},
}); err != nil {
return kleverr.Newf("could not write response: %w", err)
return fmt.Errorf("connect write response: %w", err)
}

d.logger.Debug("joining conns")
Expand Down
Loading
Loading