CA file

[mmatczuk]

Fixes #264

[mmatczuk]

I still need to add e2e test for it.

[what-the-diff]

PR Summary

• Inclusion of a new linter
  A linter called 'gochecknoglobals' was added to the configuration file in charge of quality checks (.golangci.yml) to ensure the code is consistent and following best practices.

• New option for pac flag
  A new functionality has been added in bind/flag.go that enhances the use of the --pac flag allowing the use of data URI scheme.

• Improvements in timeout handling
  In the http_proxy.go file, timeout management of the HTTP transport configuration has been revamped to provide better control.

• Additional fields in TLSClientConfig
  TLSClientConfig (found in tls.go) has been enriched with new fields, 'HandshakeTimeout' and 'CAFiles'. These are meant for controlling the maximum time for a TLS handshake and specifying locations of CA certificate files respectively.

• New Data-Handling Functions
  Two new utility functions ReadURLString and ReadFileOrBase64 have been introduced in the forwarder package. These functions deal with reading various types of data and making them available in appropriate formats.

• Adding Unit Tests
  New tests have been added for verifying the correct operations of the ReadURLData and ReadFileOrBase64 functions.

• New Structure to Represent Server-Side Connections
  A new struct TLSServerConfig has been introduced to represent and control TLS configuration for server-side connections.

• Efficient Certificate and Key Loading
  The loadX509KeyPair function has been added in addition to replacing the CertFile and KeyFile fields in the TLSServerConfig struct with a call to loadCertificate. This is intended to improve and simplify the process of loading a TLS certificate and private key from files.

• Broad replacement of ReadURL usage
  Several functions in the forwarder package have been updated to use the new ReadURLString function instead of ReadURL, showing our continuous efforts in refining and improving our codebase.

[Choraden]

I would squash bind: update PAC with data scheme with readurl: add support for reading data scheme. The bind commit gives no info why, without the context from the other.

[Choraden]

How about we also extract TLSServerConfig to separate bind function?

[mmatczuk]

I would squash bind: update PAC with data scheme with readurl: add support for reading data scheme. The bind commit gives no info why, without the context from the other.

The changes are unrelated, I'd update the commit msg.

[mmatczuk]

I squashed it.

[Choraden]

Let's preserve the same condition as in WithProtocol.

[Choraden]

if protocol != "http" {

[mmatczuk]

it's https and h2 but sure I can change it.

[Choraden]

Great job removingInsecure option from e2e test. How about we mention the certificates generation in e2e/README?

[mmatczuk]

I updated the generated certs

e2e/certs: CA signed certificate generation

The script generates CA and certificate key pair for each host name used in tests.
We generate X509v3 certificates based on ecdsa-with-SHA256 signing alg.

For developer convenience the certificates also work with localhost DNS name.

Sample generated key

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            b1:b4:50:5f:59:1c:7b:9a
    Signature Algorithm: ecdsa-with-SHA256
        Issuer: C=US, O=Sauce Labs Inc.
        Validity
            Not Before: Aug  2 10:00:27 2023 GMT
            Not After : Aug  1 10:00:27 2024 GMT
        Subject: C=US, O=Sauce Labs Inc., CN=httpbin
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (256 bit)
                pub:
                    04:b4:80:60:3a:eb:00:e7:e0:ba:59:80:bf:c7:b8:
                    9c:f3:48:2b:ab:39:64:e0:8f:a3:ac:79:58:cf:2b:
                    ec:59:71:95:c0:11:a8:ca:b6:6b:a4:91:2f:fc:b0:
                    0c:ba:92:f8:f9:7e:d5:ba:cf:32:aa:c9:80:fd:7b:
                    5e:ad:1e:4b:7a
                ASN1 OID: prime256v1
                NIST CURVE: P-256
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Authority Key Identifier:
                keyid:10:A7:85:A5:DD:41:80:3F:E5:FE:A3:F8:E9:F1:05:81:BE:B0:16:99

            X509v3 Subject Alternative Name:
                DNS:localhost, DNS:httpbin
            X509v3 Key Usage:
                Digital Signature, Key Encipherment
    Signature Algorithm: ecdsa-with-SHA256
         30:45:02:21:00:d2:05:be:ea:10:20:62:3d:13:94:cd:cc:c8:
         37:93:45:1d:73:6a:45:e1:54:20:2a:7c:d3:66:27:93:f9:83:
         3b:02:20:05:e8:a9:94:a0:2f:6a:43:d8:f0:5e:de:33:e5:6b:
         15:26:f7:8e:93:3c:25:81:42:74:8f:e6:db:38:a2:83:b0