From ed21b17bb42046bd4ba59139f0fcd4624b66029c Mon Sep 17 00:00:00 2001
From: "R.I.Pienaar" <rip@devco.net>
Date: Fri, 20 Oct 2023 14:01:59 +0200
Subject: [PATCH] Support tls_first

Signed-off-by: R.I.Pienaar <rip@devco.net>
---
 cli/cli.go             |  2 ++
 cli/context_command.go | 13 +++++++++++--
 cli/util.go            |  4 ++++
 go.mod                 |  2 +-
 go.sum                 |  8 ++++----
 nats/main.go           |  1 +
 6 files changed, 23 insertions(+), 7 deletions(-)

diff --git a/cli/cli.go b/cli/cli.go
index d6173025..8ea7c9da 100644
--- a/cli/cli.go
+++ b/cli/cli.go
@@ -118,6 +118,8 @@ type Options struct {
 	SocksProxy string
 	// ColorScheme influence table colors and more based on ValidStyles()
 	ColorScheme string
+	// TlsFirst configures theTLSHandshakeFirst behavior in nats.go
+	TlsFirst bool
 }
 
 // SkipContexts used during tests
diff --git a/cli/context_command.go b/cli/context_command.go
index 97ff70ec..e73f7119 100644
--- a/cli/context_command.go
+++ b/cli/context_command.go
@@ -173,6 +173,9 @@ key: {{ .Key | t }}
 # Sets an optional x509 trust chain to use
 ca: {{ .CA | t }}
 
+# Performs TLS Handshake before Server sends a greeting
+tls_first: {{ .TLSHandshakeFirst | t }}
+
 # Retrieves connection information from 'nsc'
 #
 # Example: nsc://Acme+Inc/HR/Automation
@@ -457,6 +460,7 @@ func (c *ctxCommand) showCommand(_ *fisk.ParseContext) error {
 	cols.AddRowIf("Certificate", fmt.Sprintf("%s (%s)", cfg.Certificate(), checkFile(cfg.Certificate())), cfg.Certificate() != "")
 	cols.AddRowIf("Key", fmt.Sprintf("%s (%s)", cfg.Key(), checkFile(cfg.Key())), cfg.Key() != "")
 	cols.AddRowIf("CA", fmt.Sprintf("%s (%s)", cfg.CA(), checkFile(cfg.CA())), cfg.CA() != "")
+	cols.AddRowIf("TLS First", cfg.TLSHandshakeFirst(), cfg.TLSHandshakeFirst())
 	cols.AddRowIfNotEmpty("NSC Lookup", cfg.NscURL())
 	cols.AddRowIfNotEmpty("JS API Prefix", cfg.JSAPIPrefix())
 	cols.AddRowIfNotEmpty("JS Event Prefix", cfg.JSEventPrefix())
@@ -520,7 +524,7 @@ func (c *ctxCommand) createCommand(pc *fisk.ParseContext) error {
 		opts.Username = ""
 	}
 
-	config, err := natscontext.New(lname, load,
+	ctxopts := []natscontext.Option{
 		natscontext.WithServerURL(opts.Servers),
 		natscontext.WithUser(opts.Username),
 		natscontext.WithPassword(opts.Password),
@@ -538,7 +542,12 @@ func (c *ctxCommand) createCommand(pc *fisk.ParseContext) error {
 		natscontext.WithJSDomain(opts.JsDomain),
 		natscontext.WithInboxPrefix(opts.InboxPrefix),
 		natscontext.WithColorScheme(opts.ColorScheme),
-	)
+	}
+	if opts.TlsFirst {
+		ctxopts = append(ctxopts, natscontext.WithTLSHandshakeFirst())
+	}
+
+	config, err := natscontext.New(lname, load, ctxopts...)
 	if err != nil {
 		return err
 	}
diff --git a/cli/util.go b/cli/util.go
index bb45255d..3ff79fc3 100644
--- a/cli/util.go
+++ b/cli/util.go
@@ -739,6 +739,10 @@ func loadContext() error {
 		natscontext.WithColorScheme(opts.ColorScheme),
 	}
 
+	if opts.TlsFirst {
+		ctxOpts = append(ctxOpts, natscontext.WithTLSHandshakeFirst())
+	}
+
 	if opts.Username != "" && opts.Password == "" {
 		ctxOpts = append(ctxOpts, natscontext.WithToken(opts.Username))
 	} else {
diff --git a/go.mod b/go.mod
index 58fb4cd8..028929f0 100644
--- a/go.mod
+++ b/go.mod
@@ -19,7 +19,7 @@ require (
 	github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51
 	github.com/klauspost/compress v1.17.1
 	github.com/mattn/go-isatty v0.0.20
-	github.com/nats-io/jsm.go v0.1.1-0.20231015125243-98cd0c16f934
+	github.com/nats-io/jsm.go v0.1.1-0.20231020115352-7a5f8d21a5bc
 	github.com/nats-io/jwt/v2 v2.5.2
 	github.com/nats-io/nats-server/v2 v2.10.4-0.20231014170031-a797f0d7945a
 	github.com/nats-io/nats.go v1.31.0
diff --git a/go.sum b/go.sum
index 293e5711..4fde36eb 100644
--- a/go.sum
+++ b/go.sum
@@ -68,8 +68,6 @@ github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxec
 github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
 github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
 github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
-github.com/mattn/go-isatty v0.0.19 h1:JITubQf0MOLdlGRuRq+jtsDlekdYPia9ZFsB8h/APPA=
-github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
 github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
 github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
 github.com/mattn/go-runewidth v0.0.13/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
@@ -82,8 +80,10 @@ github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d h1:5PJl274Y63IEHC+7izoQ
 github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d/go.mod h1:01TrycV0kFyexm33Z7vhZRXopbI8J3TDReVlkTgMUxE=
 github.com/minio/highwayhash v1.0.2 h1:Aak5U0nElisjDCfPSG79Tgzkn2gl66NxOMspRrKnA/g=
 github.com/minio/highwayhash v1.0.2/go.mod h1:BQskDq+xkJ12lmlUUi7U0M5Swg3EWR+dLTk+kldvVxY=
-github.com/nats-io/jsm.go v0.1.1-0.20231015125243-98cd0c16f934 h1:1swgndfzi8vxNyCBGeM56QH4riXQUOI/O3h/HKR1WmE=
-github.com/nats-io/jsm.go v0.1.1-0.20231015125243-98cd0c16f934/go.mod h1:qc9SKru/hrwmtxnMZjH2oikYsH+qgJoU1YUqwvKjCnY=
+github.com/nats-io/jsm.go v0.1.1-0.20231020114534-8f04cbf30dcb h1:y+O0CU4cT0vgnHyrHjtCiE3qNRt9vfpclvRJsaYizmI=
+github.com/nats-io/jsm.go v0.1.1-0.20231020114534-8f04cbf30dcb/go.mod h1:Iq/uDQjS9LrF5KjJDmle/Cx0xzWDLpiRqo9wKJwmy/w=
+github.com/nats-io/jsm.go v0.1.1-0.20231020115352-7a5f8d21a5bc h1:5qxzZ/JFXkBgeTTMAmfwKxrS+v47NUKOxb3kiW7ZiXA=
+github.com/nats-io/jsm.go v0.1.1-0.20231020115352-7a5f8d21a5bc/go.mod h1:Iq/uDQjS9LrF5KjJDmle/Cx0xzWDLpiRqo9wKJwmy/w=
 github.com/nats-io/jwt/v2 v2.5.2 h1:DhGH+nKt+wIkDxM6qnVSKjokq5t59AZV5HRcFW0zJwU=
 github.com/nats-io/jwt/v2 v2.5.2/go.mod h1:24BeQtRwxRV8ruvC4CojXlx/WQ/VjuwlYiH+vu/+ibI=
 github.com/nats-io/nats-server/v2 v2.10.4-0.20231014170031-a797f0d7945a h1:W422MJrU4NQEdnkKb/qVEcsEiJvSDtANo5AnbHJrIgE=
diff --git a/nats/main.go b/nats/main.go
index b4779ad0..ff50d62f 100644
--- a/nats/main.go
+++ b/nats/main.go
@@ -55,6 +55,7 @@ See 'nats cheat' for a quick cheatsheet of commands`
 	ncli.Flag("tlscert", "TLS public certificate").Envar("NATS_CERT").PlaceHolder("FILE").ExistingFileVar(&opts.TlsCert)
 	ncli.Flag("tlskey", "TLS private key").Envar("NATS_KEY").PlaceHolder("FILE").ExistingFileVar(&opts.TlsKey)
 	ncli.Flag("tlsca", "TLS certificate authority chain").Envar("NATS_CA").PlaceHolder("FILE").ExistingFileVar(&opts.TlsCA)
+	ncli.Flag("tlsfirst", "Perform TLS handshake before expecting the server greeting").BoolVar(&opts.TlsFirst)
 	ncli.Flag("timeout", "Time to wait on responses from NATS").Default("5s").Envar("NATS_TIMEOUT").PlaceHolder("DURATION").DurationVar(&opts.Timeout)
 	ncli.Flag("socks-proxy", "SOCKS5 proxy for connecting to NATS server").Envar("NATS_SOCKS_PROXY").PlaceHolder("PROXY").StringVar(&opts.SocksProxy)
 	ncli.Flag("js-api-prefix", "Subject prefix for access to JetStream API").PlaceHolder("PREFIX").StringVar(&opts.JsApiPrefix)