Add support for client certificates

server/irc.go

@@ -1,6 +1,8 @@
 package server
 
 import (
+	"crypto/tls"
+
 	"github.com/khlieng/dispatch/irc"
 	"github.com/khlieng/dispatch/storage"
 )
@@ -20,6 +22,12 @@ func reconnectIRC() {
 			i.Password = server.Password
 			i.Realname = server.Realname
 
+			if user.Certificate != nil {
+				i.TLSConfig = &tls.Config{
+					Certificates: []tls.Certificate{*user.Certificate},
+				}
+			}
+
 			i.Connect(server.Address)
 			session.setIRC(i.Host, i)
 			go newIRCHandler(i, session).run()

server/json.go

@@ -127,6 +127,11 @@ type SearchResult struct {
 	Results []storage.Message `json:"results"`
 }
 
+type ClientCert struct {
+	Cert []byte `json:"cert"`
+	Key  []byte `json:"key"`
+}
+
 type Error struct {
 	Server  string `json:"server"`
 	Message string `json:"message"`

server/websocket_handler.go

@@ -1,6 +1,7 @@
 package server
 
 import (
+	"crypto/tls"
 	"encoding/json"
 	"log"
 	"strings"
@@ -104,6 +105,12 @@ func (h *wsHandler) connect(b []byte) {
 		i.Password = data.Password
 		i.Realname = data.Realname
 
+		if h.session.user.Certificate != nil {
+			i.TLSConfig = &tls.Config{
+				Certificates: []tls.Certificate{*h.session.user.Certificate},
+			}
+		}
+
 		if idx := strings.Index(data.Server, ":"); idx < 0 {
 			h.session.setIRC(data.Server, i)
 		} else {
@@ -231,6 +238,19 @@ func (h *wsHandler) search(b []byte) {
 	}()
 }
 
+func (h *wsHandler) cert(b []byte) {
+	var data ClientCert
+	json.Unmarshal(b, &data)
+
+	err := h.session.user.SetCertificate(data.Cert, data.Key)
+	if err != nil {
+		h.session.sendJSON("cert_fail", Error{Message: err.Error()})
+		return
+	}
+
+	h.session.sendJSON("cert_success", nil)
+}
+
 func (h *wsHandler) initHandlers() {
 	h.handlers = map[string]func([]byte){
 		"connect": h.connect,
@@ -244,5 +264,6 @@ func (h *wsHandler) initHandlers() {
 		"whois":   h.whois,
 		"away":    h.away,
 		"search":  h.search,
+		"cert":    h.cert,
 	}
 }