kwilczynski · June 12, 2023 12:26
diff --git a/main.go b/main.go
 package main

 import (
 	"crypto/dsa"
 	"crypto/ecdsa"
 	"crypto/rsa"
 	"crypto/tls"
 	"crypto/x509"
 	"encoding/pem"
 	"flag"
 	"fmt"
 	"io/ioutil"
 	"net"
 	"os"
 	"time"

 	"github.com/go-zookeeper/zk"
 )

 var (
 	ca       = flag.String("ca", "", "")
 	insecure = flag.Bool("insecure", false, "")
 	host     = flag.String("host", "localhost", "")
 	port     = flag.String("port", "2182", "")
 )

 func main() {
 	flag.Parse()

 	caCert, err := ioutil.ReadFile(*ca)
 	if err != nil {
 		panic(err)
 	}
 	caCertPool := x509.NewCertPool()
 	caCertPool.AppendCertsFromPEM(caCert)

 	tlsConfig := &tls.Config{
 		RootCAs:                  caCertPool,
 		ServerName:               *host,
 		InsecureSkipVerify:       *insecure,
 		PreferServerCipherSuites: true,
 		CurvePreferences:         []tls.CurveID{tls.CurveP521, tls.CurveP384, tls.CurveP256},
 		CipherSuites: []uint16{
 			tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
 			tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
 			tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
 			tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
 			tls.TLS_RSA_WITH_AES_256_CBC_SHA,
 		},
 		MinVersion: tls.VersionTLS12,
 	}
 	tlsConfig.BuildNameToCertificate()

 	*host = net.JoinHostPort(*host, *port)

 	conn, err := net.DialTimeout("tcp", *host, 10*time.Second)
 	if err != nil {
 		panic(err)
 	}
 	conn.SetDeadline(time.Now().Add(3 * time.Second))

 	tlsConn := tls.Client(conn, tlsConfig)
 	if err := tlsConn.Handshake(); err != nil {
 		panic(err)
 	}

 	state := tlsConn.ConnectionState()
 	for _, v := range state.PeerCertificates {
 		asn1Bytes, err := x509.MarshalPKIXPublicKey(v.PublicKey)
 		if err != nil {
 			panic(err)
 		}

 		pub, err := x509.ParsePKIXPublicKey(asn1Bytes)
 		if err != nil {
 			panic(err)
 		}

 		switch pub := pub.(type) {
 		case *rsa.PublicKey:
 			fmt.Println("RSA:", pub)
 		case *dsa.PublicKey:
 			fmt.Println("DSA:", pub)
 		case *ecdsa.PublicKey:
 			fmt.Println("ECDSA:", pub)
 		default:
 			panic("unknown type of public key")
 		}

 		block := &pem.Block{
 			Type:  "PUBLIC KEY",
 			Bytes: asn1Bytes,
 		}

 		err = pem.Encode(os.Stdout, block)
 		if err != nil {
 			panic(err)
 		}
 		fmt.Println(v.Subject)
 	}
 	fmt.Println("Handshake complete:", state.HandshakeComplete)
 	fmt.Println("Negotiated protocol is mutual:", state.NegotiatedProtocolIsMutual)

 	dialer := func() zk.Dialer {
 		return func(_, _ string, _ time.Duration) (net.Conn, error) {
 			return tlsConn, nil
 		}
 	}()

 	c, _, err := zk.Connect([]string{*host}, 60*time.Second, zk.WithDialer(dialer))
 	if err != nil {
 		panic(err)
 	}

 	children, stat, channel, err := c.ChildrenW("/")
 	if err != nil {
 		panic(err)
 	}
 	fmt.Printf("%+v %+v\n", children, stat)
 	fmt.Printf("%+v\n", <-channel)
 }
	package main

	import (
	"crypto/dsa"
	"crypto/ecdsa"
	"crypto/rsa"
	"crypto/tls"
	"crypto/x509"
	"encoding/pem"
	"flag"
	"fmt"
	"io/ioutil"
	"net"
	"os"
	"time"

	"github.com/go-zookeeper/zk"
	)

	var (
	ca = flag.String("ca", "", "")
	insecure = flag.Bool("insecure", false, "")
	host = flag.String("host", "localhost", "")
	port = flag.String("port", "2182", "")
	)

	func main() {
	flag.Parse()

	caCert, err := ioutil.ReadFile(*ca)
	if err != nil {
	panic(err)
	}
	caCertPool := x509.NewCertPool()
	caCertPool.AppendCertsFromPEM(caCert)

	tlsConfig := &tls.Config{
	RootCAs: caCertPool,
	ServerName: *host,
	InsecureSkipVerify: *insecure,
	PreferServerCipherSuites: true,
	CurvePreferences: []tls.CurveID{tls.CurveP521, tls.CurveP384, tls.CurveP256},
	CipherSuites: []uint16{
	tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
	tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
	tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
	tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
	tls.TLS_RSA_WITH_AES_256_CBC_SHA,
	},
	MinVersion: tls.VersionTLS12,
	}
	tlsConfig.BuildNameToCertificate()

	host = net.JoinHostPort(host, *port)

	conn, err := net.DialTimeout("tcp", host, 10time.Second)
	if err != nil {
	panic(err)
	}
	conn.SetDeadline(time.Now().Add(3 * time.Second))

	tlsConn := tls.Client(conn, tlsConfig)
	if err := tlsConn.Handshake(); err != nil {
	panic(err)
	}

	state := tlsConn.ConnectionState()
	for _, v := range state.PeerCertificates {
	asn1Bytes, err := x509.MarshalPKIXPublicKey(v.PublicKey)
	if err != nil {
	panic(err)
	}

	pub, err := x509.ParsePKIXPublicKey(asn1Bytes)
	if err != nil {
	panic(err)
	}

	switch pub := pub.(type) {
	case *rsa.PublicKey:
	fmt.Println("RSA:", pub)
	case *dsa.PublicKey:
	fmt.Println("DSA:", pub)
	case *ecdsa.PublicKey:
	fmt.Println("ECDSA:", pub)
	default:
	panic("unknown type of public key")
	}

	block := &pem.Block{
	Type: "PUBLIC KEY",
	Bytes: asn1Bytes,
	}

	err = pem.Encode(os.Stdout, block)
	if err != nil {
	panic(err)
	}
	fmt.Println(v.Subject)
	}
	fmt.Println("Handshake complete:", state.HandshakeComplete)
	fmt.Println("Negotiated protocol is mutual:", state.NegotiatedProtocolIsMutual)

	dialer := func() zk.Dialer {
	return func(_, _ string, _ time.Duration) (net.Conn, error) {
	return tlsConn, nil
	}
	}()

	c, _, err := zk.Connect([]string{host}, 60time.Second, zk.WithDialer(dialer))
	if err != nil {
	panic(err)
	}

	children, stat, channel, err := c.ChildrenW("/")
	if err != nil {
	panic(err)
	}
	fmt.Printf("%+v %+v\n", children, stat)
	fmt.Printf("%+v\n", <-channel)
	}