X-Git-Url: https://thelambdalab.xyz/gitweb/index.cgi?p=elpher.git;a=blobdiff_plain;f=elpher.el;h=25de855ecdf3261a66eed015b4f7e9eff671b1a6;hp=6827d0eaf09ce98ae468ed3a06f75f137c20f9d8;hb=95604af39c717c89fa434b2d081ff9bf2bad992b;hpb=8fe5ce318b38dd84429e3f16f44f1718defe1ba6 diff --git a/elpher.el b/elpher.el index 6827d0e..25de855 100644 --- a/elpher.el +++ b/elpher.el @@ -1,13 +1,13 @@ ;;; elpher.el --- A friendly gopher and gemini client -*- lexical-binding:t -*- -;; Copyright (C) 2019 Tim Vaughan +;; Copyright (C) 2019-2020 Tim Vaughan ;; Author: Tim Vaughan ;; Created: 11 April 2019 -;; Version: 2.7.11 +;; Version: 2.9.1 ;; Keywords: comm gopher ;; Homepage: http://thelambdalab.xyz/elpher -;; Package-Requires: ((emacs "26")) +;; Package-Requires: ((emacs "26.2")) ;; This file is not part of GNU Emacs. @@ -71,7 +71,7 @@ ;;; Global constants ;; -(defconst elpher-version "2.7.11" +(defconst elpher-version "2.9.1" "Current version of elpher.") (defconst elpher-margin-width 6 @@ -104,7 +104,7 @@ ;; (defgroup elpher nil - "A gopher client." + "A gopher and gemini client." :group 'applications) ;; General appearance and customizations @@ -134,6 +134,16 @@ The default behaviour is to use the ansi-color package to interpret these sequences." :type '(boolean)) +(defcustom elpher-certificate-directory + (file-name-as-directory (locate-user-emacs-file "elpher-certificates")) + "Specify the name of the directory where client certificates will be stored. +These certificates may be used for establishing authenticated TLS connections." + :type '(directory)) + +(defcustom elpher-openssl-command "openssl" + "The command used to launch openssl when generating TLS client certificates." + :type '(file)) + (defcustom elpher-gemini-TLS-cert-checks nil "If non-nil, verify gemini server TLS certs using the default security level. Otherwise, certificate verification is disabled. @@ -276,9 +286,23 @@ some servers which do not support IPv6 can take a long time to time-out." ;; Gemini defaults (if (equal (url-filename url) "") (setf (url-filename url) "/")))) - url) + (elpher-remove-redundant-ports url)) (set-match-data data)))) +(defun elpher-remove-redundant-ports (address) + "Remove redundant port specifiers from ADDRESS. +Here 'redundant' means that the specified port matches the default +for that protocol, eg 70 for gopher." + (if (and (not (elpher-address-special-p address)) + (eq (url-portspec address) ; (url-port) is too slow! + (pcase (url-type address) + ("gemini" 1965) + ((or "gopher" "gophers") 70) + ("finger" 79) + (_ -1)))) + (setf (url-portspec address) nil)) + address) + (defun elpher-make-gopher-address (type selector host port &optional tls) "Create an ADDRESS object using gopher directory record attributes. The basic attributes include: TYPE, SELECTOR, HOST and PORT. @@ -508,7 +532,7 @@ If LINE is non-nil, replace that line instead." (let ((inhibit-read-only t)) (goto-char (point-min)) (if line - (goto-line line)) + (forward-line line)) (let ((data (match-data))) (unwind-protect (progn @@ -551,10 +575,42 @@ ERROR can be either an error object or a string." (propertize "\n----------------\n\n" 'face 'error) "Press 'u' to return to the previous page."))) + ;;; General network communication +;; + +(defvar elpher-network-timer nil + "Timer used for network connections.") + +(defvar elpher-use-tls nil + "If non-nil, use TLS to communicate with gopher servers.") + +(defvar elpher-client-certificate nil + "If non-nil, contains client certificate details to use for TLS connections.") + +(defun elpher-process-cleanup () + "Immediately shut down any extant elpher process and timers." + (let ((p (get-process "elpher-process"))) + (if p (delete-process p))) + (if (timerp elpher-network-timer) + (cancel-timer elpher-network-timer))) (defun elpher-get-host-response (address default-port query-string response-processor &optional use-tls force-ipv4) + "Generic function for retrieving data from ADDRESS. + +When ADDRESS lacks a specific port, DEFAULT-PORT is used instead. +QUERY-STRING is a string sent to the host specified by ADDRESS to +illicet a response. This response is passed as an argument to the +function RESPONSE-PROCESSOR. + +If non-nil, USE-TLS specifies that the connection is to be made over +TLS. If set to gemini, the certificate verification will be disabled +unless `elpher-gemini-TLS-cert-checks' is non-nil. + +If non-nil, FORCE-IPV4 causes the network connection to be made over +ipv4 only. (The default behaviour when this is not set depends on +the host operating system and the local network capabilities." (if (and use-tls (not (gnutls-available-p))) (error "Use of TLS requires Emacs to be compiled with GNU TLS support") (unless (< (elpher-address-port address) 65536) @@ -581,7 +637,9 @@ ERROR can be either an error object or a string." (cons 'gnutls-x509pki (gnutls-boot-parameters :type 'gnutls-x509pki - :hostname host))))) + :hostname host + :keylist + (elpher-get-current-keylist address)))))) (timer (run-at-time elpher-connection-timeout nil (lambda () (elpher-process-cleanup) @@ -597,7 +655,7 @@ ERROR can be either an error object or a string." (not (eq use-tls 'gemini)) (or elpher-auto-disengage-TLS (y-or-n-p - "TLS connetion failed. Disable TLS mode and retry? "))) + "TLS connetion failed. Disable TLS mode and retry? "))) (setq elpher-use-tls nil) (elpher-get-host-response address default-port query-string @@ -616,11 +674,11 @@ ERROR can be either an error object or a string." (let ((new-hkbytes-received (/ bytes-received 102400))) (when (> new-hkbytes-received hkbytes-received) (setq hkbytes-received new-hkbytes-received) - (elpher-buffer-message + (elpher-buffer-message (concat "(" (number-to-string (/ hkbytes-received 10.0)) " MB read)") - 2))) + 1))) (setq response-string-parts (cons string response-string-parts)))) (set-process-sentinel proc @@ -631,7 +689,7 @@ ERROR can be either an error object or a string." (cond ((string-prefix-p "open" event) ; request URL (elpher-buffer-message - (concat "Connected to " host ". Receiving data...\n")) + (concat "Connected to " host ". Receiving data...")) (let ((inhibit-eol-conversion t)) (process-send-string proc query-string))) ((string-prefix-p "deleted" event)) ; do nothing @@ -650,31 +708,128 @@ ERROR can be either an error object or a string." (apply #'concat (reverse response-string-parts))) (elpher-restore-pos)) (t - (error "No response from server."))) + (error "No response from server"))) (error (elpher-network-error address the-error)))))) (error (error "Error initiating connection to server"))))) - -;;; Gopher selector retrieval +;;; Client-side TLS Certificate Management ;; -(defvar elpher-network-timer nil - "Timer used for network connections.") +(defun elpher-generate-certificate (common-name key-file cert-file &optional temporary) + "Generate a key and a self-signed client TLS certificate using openssl. -(defun elpher-process-cleanup () - "Immediately shut down any extant elpher process and timers." - (let ((p (get-process "elpher-process"))) - (if p (delete-process p))) - (if (timerp elpher-network-timer) - (cancel-timer elpher-network-timer))) +The Common Name field of the certificate is set to COMMON-NAME. The +arguments KEY-FILE and CERT-FILE should contain the absolute paths of +the key and certificate files to write. -(defvar elpher-use-tls nil - "If non-nil, use TLS to communicate with gopher servers.") +If TEMPORARY is non-nil, the certificate will be given an exporation +period of one day, and the key and certificate files will be deleted +when the certificate is no longer needed for the current session. + +Otherwise, the certificate will be given a 100 year expiration period +and the files will not be deleted. + +The function returns a list containing the current host name, the +temporary flag, and the key and cert file names in the form required +by `gnutls-boot-parameters`." + (let ((exp-key-file (expand-file-name key-file)) + (exp-cert-file (expand-file-name cert-file))) + (condition-case nil + (progn + (call-process elpher-openssl-command nil nil nil + "req" "-x509" "-newkey" "rsa:2048" + "-days" (if temporary "1" "36500") + "-nodes" + "-subj" (concat "/CN=" common-name) + "-keyout" exp-key-file + "-out" exp-cert-file) + (list (elpher-address-host (elpher-page-address elpher-current-page)) + temporary exp-key-file exp-cert-file)) + (error + (message "Check that openssl is installed, or customize `elpher-openssl-command`.") + (error "Program 'openssl', required for certificate generation, not found"))))) + +(defun elpher-generate-throwaway-certificate () + "Generate and return details of a throwaway certificate. +The key and certificate files will be deleted when they are no +longer needed for this session." + (let* ((file-base (make-temp-name "elpher")) + (key-file (concat temporary-file-directory file-base ".key")) + (cert-file (concat temporary-file-directory file-base ".crt"))) + (elpher-generate-certificate file-base key-file cert-file t))) + +(defun elpher-generate-permanent-certificate (file-base common-name) + "Generate and return details of a persistant certificate. +The argument FILE-BASE is used as the base for the key and certificate +files, while COMMON-NAME specifies the common name field of the +certificate. + +The key and certificate files are written to in `elpher-certificate-directory'." + (let* ((key-file (concat elpher-certificate-directory file-base ".key")) + (cert-file (concat elpher-certificate-directory file-base ".crt"))) + (elpher-generate-certificate common-name key-file cert-file))) + +(defun elpher-get-existing-certificate (file-base) + "Return a certificate object corresponding to an existing certificate. +It is assumed that the key files FILE-BASE.key and FILE-BASE.crt exist in +the directory `elpher-certificate-directory'." + (let* ((key-file (concat elpher-certificate-directory file-base ".key")) + (cert-file (concat elpher-certificate-directory file-base ".crt"))) + (list (elpher-address-host (elpher-page-address elpher-current-page)) + nil + (expand-file-name key-file) + (expand-file-name cert-file)))) + +(defun elpher-list-existing-certificates () + "Return a list of the persistant certificates in `elpher-certificate-directory'." + (mapcar + (lambda (file) + (file-name-sans-extension file)) + (directory-files elpher-certificate-directory nil "\.key$"))) + +(defun elpher-forget-current-certificate () + "Causes any current certificate to be forgotten. +In the case of throwaway certificates, the key and certificate files +are also deleted." + (interactive) + (when elpher-client-certificate + (unless (and (called-interactively-p 'any) + (not (y-or-n-p (concat "Really forget client certificate? " + "(Throwaway certificates will be deleted.)")))) + (when (cadr elpher-client-certificate) + (delete-file (elt elpher-client-certificate 2)) + (delete-file (elt elpher-client-certificate 3))) + (setq elpher-client-certificate nil) + (if (called-interactively-p 'any) + (message "Client certificate forgotten."))))) + +(defun elpher-get-current-keylist (address) + "Retrieve the `gnutls-boot-parameters'-compatable keylist. + +This is obtained from the client certificate described by +`elpher-current-certificate', if one is available and the host for +that certificate matches the host in ADDRESS. + +If `elpher-current-certificate' is non-nil, and its host name doesn't +match that of ADDRESS, the certificate is forgotten." + (if elpher-client-certificate + (if (string= (car elpher-client-certificate) + (elpher-address-host address)) + (list (cddr elpher-client-certificate)) + (elpher-forget-current-certificate) + (message "Disabling client certificate for new host") + nil) + nil)) + + +;;; Gopher selector retrieval +;; (defun elpher-get-gopher-response (address renderer) + "Get response string from gopher server at ADDRESS and render using RENDERER." (elpher-get-host-response address 70 (concat (elpher-gopher-address-selector address) "\r\n") renderer @@ -930,6 +1085,7 @@ The response is rendered using the rendering function RENDERER." (defvar elpher-gemini-redirect-chain) (defun elpher-get-gemini-response (address renderer) + "Get response string from gemini server at ADDRESS and render using RENDERER." (elpher-get-host-response address 1965 (concat (elpher-address-to-url address) "\r\n") (lambda (response-string) @@ -961,7 +1117,10 @@ that the response was malformed." (?1 ; Input required (elpher-with-clean-buffer (insert "Gemini server is requesting input.")) - (let* ((query-string (read-string (concat response-meta ": "))) + (let* ((query-string + (if (eq (elt response-code 1) ?1) + (read-passwd (concat response-meta ": ")) + (read-string (concat response-meta ": ")))) (query-address (seq-copy (elpher-page-address elpher-current-page))) (old-fname (url-filename query-address))) (setf (url-filename query-address) @@ -990,7 +1149,42 @@ that the response was malformed." (error "Gemini server reports PERMANENT FAILURE for this request: %s %s" response-code response-meta)) (?6 ; Client certificate required - (error "Gemini server requires client certificate (unsupported at this time)")) + (elpher-with-clean-buffer + (if elpher-client-certificate + (insert "Gemini server does not recognise the provided TLS certificate:\n\n") + (insert "Gemini server is requesting a valid TLS certificate:\n\n")) + (auto-fill-mode 1) + (elpher-gemini-insert-text response-meta)) + (let* ((read-answer-short t)) + (pcase (read-answer "What do you want to do? " + '(("throwaway" ?t + "generate and use throw-away certificate") + ("permanent" ?p + "generate new or use existing permanent certificate") + ("abort" ?a + "stop immediately"))) + ("throwaway" + (setq elpher-client-certificate (elpher-generate-throwaway-certificate))) + ("permanent" + (let* ((existing-certificates (elpher-list-existing-certificates)) + (file-base (completing-read + "Name of new or existing certificate (autocompletes, empty response aborts): " + existing-certificates))) + (if (string-empty-p (string-trim file-base)) + (error "Gemini server requires certificate and none was provided") + (if (member file-base existing-certificates) + (setq elpher-client-certificate + (elpher-get-existing-certificate file-base)) + (let ((common-name (read-string "Common Name field for new certificate: " + file-base))) + (setq elpher-client-certificate + (elpher-generate-permanent-certificate file-base common-name)) + (message "New key and self-signed certificate written to %s" + elpher-certificate-directory)))))) + ("abort" + (error "Gemini server requires a client certificate and none was provided"))) + (elpher-with-clean-buffer) + (elpher-get-gemini-response (elpher-page-address elpher-current-page) renderer))) (_other (error "Gemini server response unknown: %s %s" response-code response-meta)))))) @@ -1094,10 +1288,10 @@ For instance, the filename /a/b/../c/./d will reduce to /a/c/d" (url-filename address))))) (unless (url-type address) (setf (url-type address) "gemini")) - (if (equal (url-type address) "gemini") - (setf (url-filename address) - (elpher-collapse-dot-sequences (url-filename address))))) - address)) + (when (equal (url-type address) "gemini") + (setf (url-filename address) + (elpher-collapse-dot-sequences (url-filename address))))) + (elpher-remove-redundant-ports address))) (defun elpher-gemini-insert-link (link-line) "Insert link described by LINK-LINE into a text/gemini document." @@ -1184,14 +1378,12 @@ width defined by elpher-gemini-max-fill-width." (elpher-page-address elpher-current-page) (buffer-string)))) + ;; Finger page connection -(defun elpher-get-finger-page (renderer &optional force-ipv4) +(defun elpher-get-finger-page (renderer) "Opens a finger connection to the current page address. -The result is rendered using RENDERER. When the optional argument -FORCE-IPV4 or the variable `elpher-ipv4-always' are non-nil, the -IPv4 address returned by a DNS lookup will be used explicitly in -making the connection." +The result is rendered using RENDERER." (let* ((address (elpher-page-address elpher-current-page)) (content (elpher-get-cached-content address))) (if (and content (funcall renderer nil)) @@ -1213,6 +1405,22 @@ making the connection." (elpher-network-error address the-error)))))) +;; Telnet page connection + +(defun elpher-get-telnet-page (renderer) + "Opens a telnet connection to the current page address (RENDERER must be nil)." + (when renderer + (elpher-visit-previous-page) + (error "Command not supported for telnet URLs")) + (let* ((address (elpher-page-address elpher-current-page)) + (host (elpher-address-host address)) + (port (elpher-address-port address))) + (elpher-visit-previous-page) + (if (> port 0) + (telnet host port) + (telnet host)))) + + ;; Other URL page opening (defun elpher-get-other-url-page (renderer) @@ -1229,20 +1437,6 @@ making the connection." (browse-web url) (browse-url url))))) -;; Telnet page connection - -(defun elpher-get-telnet-page (renderer) - "Opens a telnet connection to the current page address (RENDERER must be nil)." - (when renderer - (elpher-visit-previous-page) - (error "Command not supported for telnet URLs")) - (let* ((address (elpher-page-address elpher-current-page)) - (host (elpher-address-host address)) - (port (elpher-address-port address))) - (elpher-visit-previous-page) - (if (> port 0) - (telnet host port) - (telnet host)))) ;; Start page page retrieval @@ -1275,6 +1469,7 @@ making the connection." " - R: reload current page (regenerates cache)\n" " - S: set character coding system for gopher (default is to autodetect)\n" " - T: toggle TLS gopher mode\n" + " - F: forget/discard current TLS client certificate\n" " - .: display the raw server response for the current page\n" "\n" "Start your exploration of gopher space and gemini:\n") @@ -1444,7 +1639,7 @@ When run interactively HOST-OR-URL is read from the minibuffer." (interactive "sGopher or Gemini URL: ") (let* ((cleaned-host-or-url (string-trim host-or-url)) (address (elpher-address-from-url cleaned-host-or-url)) - (page (elpher-make-page cleaned-host-or-url address))) + (page (elpher-make-page cleaned-host-or-url address))) (switch-to-buffer "*elpher*") (elpher-visit-page page) nil)) @@ -1714,6 +1909,7 @@ When run interactively HOST-OR-URL is read from the minibuffer." (define-key map (kbd "X") 'elpher-unbookmark-current) (define-key map (kbd "B") 'elpher-bookmarks) (define-key map (kbd "S") 'elpher-set-gopher-coding-system) + (define-key map (kbd "F") 'elpher-forget-current-certificate) (when (fboundp 'evil-define-key*) (evil-define-key* 'motion map (kbd "TAB") 'elpher-next-link @@ -1740,7 +1936,8 @@ When run interactively HOST-OR-URL is read from the minibuffer." (kbd "x") 'elpher-unbookmark-link (kbd "X") 'elpher-unbookmark-current (kbd "B") 'elpher-bookmarks - (kbd "S") 'elpher-set-gopher-coding-system)) + (kbd "S") 'elpher-set-gopher-coding-system + (kbd "F") 'elpher-forget-current-certificate)) map) "Keymap for gopher client.")