/
transport.go
87 lines (80 loc) · 2 KB
/
transport.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
// package asnfetch ...
package asnfetch
// import
import (
"crypto/sha256"
"crypto/tls"
"crypto/x509"
"encoding/base64"
"errors"
"net/http"
"net/url"
)
// getTlsConf ...
func getTlsConf(keyPin string) *tls.Config {
tlsConfig := &tls.Config{
InsecureSkipVerify: false,
SessionTicketsDisabled: true,
Renegotiation: 0,
MinVersion: tls.VersionTLS13,
MaxVersion: tls.VersionTLS13,
CipherSuites: []uint16{tls.TLS_CHACHA20_POLY1305_SHA256},
CurvePreferences: []tls.CurveID{tls.X25519},
}
if keyPin != _empty {
tlsConfig.VerifyConnection = func(state tls.ConnectionState) error {
if !pinVerifyState(keyPin, &state) {
return errors.New("keypin verification failed")
}
return nil
}
}
return tlsConfig
}
// pinVerifyState ...
func pinVerifyState(keyPin string, state *tls.ConnectionState) bool {
if len(state.PeerCertificates) > 0 {
if keyPin == keyPinBase64(state.PeerCertificates[0]) {
return true
}
}
return false
}
// keyPinBase64 ...
func keyPinBase64(cert *x509.Certificate) string {
h := sha256.Sum256(cert.RawSubjectPublicKeyInfo)
return base64.StdEncoding.EncodeToString(h[:])
}
// getTransport ...
func getTransport(tlsconf *tls.Config) *http.Transport {
return &http.Transport{
Proxy: http.ProxyFromEnvironment,
TLSClientConfig: tlsconf,
DisableCompression: true, // pre-compressed file downloads
ForceAttemptHTTP2: false,
}
}
// getClient ...
func getClient(transport *http.Transport) *http.Client {
return &http.Client{
CheckRedirect: nil,
Jar: nil,
Transport: transport,
}
}
// getRequest ...
func getRequest(targetURL, userAgent string) (*http.Request, error) {
u, err := url.Parse(targetURL)
if err != nil {
errOut("[DB] [" + targetURL + "] -> invalid src url syntax [" + err.Error() + "]")
return &http.Request{}, err
}
return &http.Request{
URL: u,
ProtoMajor: 1,
ProtoMinor: 1,
Header: http.Header{
"User-Agent": []string{userAgent},
},
}, nil
}