3 files changed, 68 insertions, 36 deletions

diff --git a/go.mod b/go.mod
index 5573865..6d9aea8 100644
--- a/go.mod
+++ b/go.mod
@@ -1,3 +1,7 @@
 module github.com/hawkinsw/goresponsiveness
 
-go 1.17
\ No newline at end of file
+go 1.17
+
+require golang.org/x/net v0.0.0-20220225172249-27dd8689420f
+
+require golang.org/x/text v0.3.7 // indirect
diff --git a/lbc/lbc.go b/lbc/lbc.go
index 65f2589..a17d1ee 100644
--- a/lbc/lbc.go
+++ b/lbc/lbc.go
@@ -16,11 +16,15 @@ package lbc
 
 import (
 	"context"
+	"crypto/tls"
 	"fmt"
 	"io"
 	"io/ioutil"
 	"net/http"
 	"sync/atomic"
+
+	"github.com/hawkinsw/goresponsiveness/utilities"
+	"golang.org/x/net/http2"
 )
 
 var chunkSize int = 5000
@@ -38,6 +42,7 @@ type LoadBearingConnectionDownload struct {
 	client     *http.Client
 	debug      bool
 	valid      bool
+	KeyLogger  io.Writer
 }
 
 func (lbd *LoadBearingConnectionDownload) Transferred() uint64 {
@@ -69,27 +74,19 @@ func (cr *countingReader) Read(p []byte) (n int, err error) {
 
 func (lbd *LoadBearingConnectionDownload) Start(ctx context.Context, debug bool) bool {
 	lbd.downloaded = 0
-	transport := http.Transport{}
+	transport := http2.Transport{}
+
+	if !utilities.IsInterfaceNil(lbd.KeyLogger) {
+		if debug {
+			fmt.Printf("Using an SSL Key Logger for this load-bearing download.\n")
+		}
+		transport.TLSClientConfig = &tls.Config{KeyLogWriter: lbd.KeyLogger, InsecureSkipVerify: true}
+	}
+
 	lbd.client = &http.Client{Transport: &transport}
 	lbd.debug = debug
 	lbd.valid = true
 
-	// At some point this might be useful: It is a snippet of code that will enable
-	// logging of per-session TLS key material in order to make debugging easier in
-	// Wireshark.
-	/*
-		lbd.client = &http.Client{
-			Transport: &http2.Transport{
-				TLSClientConfig: &tls.Config{
-					KeyLogWriter: w,
-
-					Rand:               utilities.RandZeroSource{}, // for reproducible output; don't do this.
-					InsecureSkipVerify: true,                       // test server certificate is not trusted.
-				},
-			},
-		}
-	*/
-
 	if debug {
 		fmt.Printf("Started a load-bearing download.\n")
 	}
@@ -116,11 +113,12 @@ func (lbd *LoadBearingConnectionDownload) doDownload(ctx context.Context) {
 }
 
 type LoadBearingConnectionUpload struct {
-	Path     string
-	uploaded uint64
-	client   *http.Client
-	debug    bool
-	valid    bool
+	Path      string
+	uploaded  uint64
+	client    *http.Client
+	debug     bool
+	valid     bool
+	KeyLogger io.Writer
 }
 
 func (lbu *LoadBearingConnectionUpload) Transferred() uint64 {
@@ -170,7 +168,17 @@ func (lbu *LoadBearingConnectionUpload) doUpload(ctx context.Context) bool {
 
 func (lbu *LoadBearingConnectionUpload) Start(ctx context.Context, debug bool) bool {
 	lbu.uploaded = 0
-	transport := http.Transport{}
+	transport := http2.Transport{}
+
+	if !utilities.IsInterfaceNil(lbu.KeyLogger) {
+		if debug {
+			fmt.Printf("Using an SSL Key Logger for this load-bearing upload.\n")
+		}
+		transport.TLSClientConfig = &tls.Config{KeyLogWriter: lbu.KeyLogger, InsecureSkipVerify: true}
+	}
+
+	lbu.client = &http.Client{Transport: &transport}
+
 	lbu.client = &http.Client{Transport: &transport}
 	lbu.debug = debug
 	lbu.valid = true
diff --git a/networkQuality.go b/networkQuality.go
index d1e946f..f9e3d71 100644
--- a/networkQuality.go
+++ b/networkQuality.go
@@ -30,6 +30,7 @@ import (
 	"strings"
 	"time"
 
+	"github.com/hawkinsw/goresponsiveness/ccw"
 	"github.com/hawkinsw/goresponsiveness/lbc"
 	"github.com/hawkinsw/goresponsiveness/ma"
 	"github.com/hawkinsw/goresponsiveness/timeoutat"
@@ -38,13 +39,13 @@ import (
 
 var (
 	// Variables to hold CLI arguments.
-	configHost   = flag.String("config", "networkquality.example.com", "name/IP of responsiveness configuration server.")
-	configPort   = flag.Int("port", 4043, "port number on which to access responsiveness configuration server.")
-	configPath   = flag.String("path", "config", "path on the server to the configuration endpoint.")
-	debug        = flag.Bool("debug", false, "Enable debugging.")
-	timeout      = flag.Int("timeout", 20, "Maximum time to spend measuring.")
-	storeSslKeys = flag.Bool("store-ssl-keys", false, "Store SSL keys from connections for debugging. (currently unused)")
-	profile      = flag.String("profile", "", "Enable client runtime profiling and specify storage location. Disabled by default.")
+	configHost     = flag.String("config", "networkquality.example.com", "name/IP of responsiveness configuration server.")
+	configPort     = flag.Int("port", 4043, "port number on which to access responsiveness configuration server.")
+	configPath     = flag.String("path", "config", "path on the server to the configuration endpoint.")
+	debug          = flag.Bool("debug", false, "Enable debugging.")
+	timeout        = flag.Int("timeout", 20, "Maximum time to spend measuring.")
+	sslKeyFileName = flag.String("ssl-key-file", "", "Store the per-session SSL key files in this file.")
+	profile        = flag.String("profile", "", "Enable client runtime profiling and specify storage location. Disabled by default.")
 
 	// Global configuration
 	cooldownPeriod                time.Duration = 4 * time.Second
@@ -326,11 +327,30 @@ func main() {
 		defer pprof.StopCPUProfile()
 	}
 
+	var sslKeyFileConcurrentWriter *ccw.ConcurrentWriter = nil
+	if *sslKeyFileName != "" {
+		if sslKeyFileHandle, err := os.OpenFile(*sslKeyFileName, os.O_RDWR|os.O_CREATE, os.FileMode(0600)); err != nil {
+			fmt.Printf("Could not open the keyfile for writing: %v!\n", err)
+			sslKeyFileConcurrentWriter = nil
+		} else {
+			if err = utilities.SeekForAppend(sslKeyFileHandle); err != nil {
+				fmt.Printf("Could not seek to the end of the key file: %v!\n", err)
+				sslKeyFileConcurrentWriter = nil
+			} else {
+				if *debug {
+					fmt.Printf("Doing SSL key logging through file %v\n", *sslKeyFileName)
+				}
+				sslKeyFileConcurrentWriter = ccw.NewConcurrentFileWriter(sslKeyFileHandle)
+				defer sslKeyFileHandle.Close()
+			}
+		}
+	}
+
 	generate_lbd := func() lbc.LoadBearingConnection {
-		return &lbc.LoadBearingConnectionDownload{Path: config.Urls.LargeUrl}
+		return &lbc.LoadBearingConnectionDownload{Path: config.Urls.LargeUrl, KeyLogger: sslKeyFileConcurrentWriter}
 	}
 	generate_lbu := func() lbc.LoadBearingConnection {
-		return &lbc.LoadBearingConnectionUpload{Path: config.Urls.UploadUrl}
+		return &lbc.LoadBearingConnectionUpload{Path: config.Urls.UploadUrl, KeyLogger: sslKeyFileConcurrentWriter}
 	}
 
 	var downloadDebugging *Debugging = nil
@@ -390,11 +410,11 @@ func main() {
 	}
 
 	// If there was a timeout achieving saturation then we already added another 5 seconds
-	// to the available time for testing. However, if saturated was achieved before the timeout
+	// to the available time for testing. However, if saturation was achieved before the timeout
 	// then we want to give ourselves another 5 seconds to calculate the RPM.
 	if !saturationTimeout {
 		timeoutAbsoluteTime = time.Now().Add(5 * time.Second)
-		timeoutChannel = timeoutat.TimeoutAt(operatingCtx, time.Now().Add(5*time.Second), *debug)
+		timeoutChannel = timeoutat.TimeoutAt(operatingCtx, timeoutAbsoluteTime, *debug)
 	}
 
 	totalRTTsCount := 0
@@ -413,7 +433,7 @@ func main() {
 
 			// Protect against pathological cases where we continuously select invalid connections and never
 			// do the select below
-			if time.Now().Sub(timeoutAbsoluteTime) > 0 {
+			if time.Since(timeoutAbsoluteTime) > 0 {
 				if *debug {
 					fmt.Printf("Pathologically could not find valid LBCs to use for measurement.\n")
 				}