caj
/
go-mitmproxy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

cert create

Browse Source
addon-dailer
lqqyt2423 4 years ago
parent 5121bb5689
commit f3b4fc742c
2 changed files with 102 additions and 13 deletions
Show Stats Download Patch File Download Diff File

89
proxy/cert.go
Unescape Escape View File

@ -1,15 +1,20 @@
package proxy package proxy
import ( import (
"crypto/rand"
"crypto/rsa" "crypto/rsa"
"crypto/x509" "crypto/x509"
"crypto/x509/pkix"
"encoding/pem" "encoding/pem"
"errors" "errors"
"fmt" "fmt"
"io" "io"
"io/ioutil" "io/ioutil"
"log"
"math/big"
"os" "os"
"path/filepath" "path/filepath"
"time"
) )
var caErrNotFound = errors.New("ca not found") var caErrNotFound = errors.New("ca not found")
@ -32,8 +37,11 @@ func NewCA(path string) (*CA, error) {
if err != caErrNotFound { if err != caErrNotFound {
return nil, err return nil, err
} }
} else {
return ca, nil
} }
log.Println("begin create ca")
if err := ca.create(); err != nil { if err := ca.create(); err != nil {
return nil, err return nil, err
} }
@ -47,7 +55,7 @@ func getStorePath(path string) (string, error) {
if err != nil { if err != nil {
return "", err return "", err
} }
path = filepath.Join(homeDir, ".mitmproxy") path = filepath.Join(homeDir, ".go_mitmproxy")
} }
if !filepath.IsAbs(path) { if !filepath.IsAbs(path) {
@ -77,8 +85,18 @@ func getStorePath(path string) (string, error) {
return path, nil return path, nil
} }
// The certificate and the private key in PEM format.
func (ca *CA) caFile() string {
return filepath.Join(ca.StorePath, "mitmproxy-ca.pem")
}
// The certificate in PEM format.
func (ca *CA) caCertFile() string {
return filepath.Join(ca.StorePath, "mitmproxy-ca-cert.pem")
}
func (ca *CA) load() error { func (ca *CA) load() error {
caFile := filepath.Join(ca.StorePath, "mitmproxy-ca.pem") caFile := ca.caFile()
stat, err := os.Stat(caFile) stat, err := os.Stat(caFile)
if err != nil { if err != nil {
if os.IsNotExist(err) { if os.IsNotExist(err) {
@ -125,7 +143,50 @@ func (ca *CA) load() error {
} }
func (ca *CA) create() error { func (ca *CA) create() error {
return nil key, err := rsa.GenerateKey(rand.Reader, 2048)
if err != nil {
return err
}
ca.PrivateKey = *key
template := &x509.Certificate{
SerialNumber: big.NewInt(time.Now().UnixNano() / 100000),
Subject: pkix.Name{
CommonName: "mitmproxy",
Organization: []string{"mitmproxy"},
},
NotBefore: time.Now().Add(-time.Hour * 48),
NotAfter: time.Now().Add(time.Hour * 24 * 365 * 3),
BasicConstraintsValid: true,
IsCA: true,
SignatureAlgorithm: x509.SHA256WithRSA,
KeyUsage: x509.KeyUsageCertSign | x509.KeyUsageCRLSign,
ExtKeyUsage: []x509.ExtKeyUsage{
x509.ExtKeyUsageServerAuth,
x509.ExtKeyUsageClientAuth,
x509.ExtKeyUsageEmailProtection,
x509.ExtKeyUsageTimeStamping,
x509.ExtKeyUsageCodeSigning,
x509.ExtKeyUsageMicrosoftCommercialCodeSigning,
x509.ExtKeyUsageMicrosoftServerGatedCrypto,
x509.ExtKeyUsageNetscapeServerGatedCrypto,
},
}
certBytes, err := x509.CreateCertificate(rand.Reader, template, template, &key.PublicKey, key)
if err != nil {
return err
}
cert, err := x509.ParseCertificate(certBytes)
if err != nil {
return err
}
ca.RootCert = *cert
if err := ca.save(); err != nil {
return err
}
return ca.saveCert()
} }
func (ca *CA) saveTo(out io.Writer) error { func (ca *CA) saveTo(out io.Writer) error {
@ -138,15 +199,29 @@ func (ca *CA) saveTo(out io.Writer) error {
return err return err
} }
err = pem.Encode(out, &pem.Block{Type: "CERTIFICATE", Bytes: ca.RootCert.Raw}) return pem.Encode(out, &pem.Block{Type: "CERTIFICATE", Bytes: ca.RootCert.Raw})
}
func (ca *CA) saveCertTo(out io.Writer) error {
return pem.Encode(out, &pem.Block{Type: "CERTIFICATE", Bytes: ca.RootCert.Raw})
}
func (ca *CA) save() error {
file, err := os.Create(ca.caFile())
if err != nil { if err != nil {
return err return err
} }
defer file.Close()
return nil return ca.saveTo(file)
} }
func (ca *CA) save() error { func (ca *CA) saveCert() error {
file, err := os.Create(ca.caCertFile())
if err != nil {
return err
}
defer file.Close()
return nil return ca.saveCertTo(file)
} }

26
proxy/cert_test.go
Unescape Escape View File

@ -1,28 +1,42 @@
package proxy package proxy
import ( import (
"os" "bytes"
"io/ioutil"
"reflect"
"testing" "testing"
) )
func TestGetStorePath(t *testing.T) { func TestGetStorePath(t *testing.T) {
path, err := getStorePath("") path, err := getStorePath("")
if err != nil { if err != nil {
t.Error(err) t.Fatal(err)
} }
if path == "" { if path == "" {
t.Errorf("should have path") t.Fatal("should have path")
} }
} }
func TestNewCA(t *testing.T) { func TestNewCA(t *testing.T) {
ca, err := NewCA("") ca, err := NewCA("")
if err != nil { if err != nil {
t.Error(err) t.Fatal(err)
} }
err = ca.saveTo(os.Stdout) data := make([]byte, 0)
buf := bytes.NewBuffer(data)
err = ca.saveTo(buf)
if err != nil {
t.Fatal(err)
}
fileContent, err := ioutil.ReadFile(ca.caFile())
if err != nil { if err != nil {
t.Error(err) t.Fatal(err)
}
if !reflect.DeepEqual(fileContent, buf.Bytes()) {
t.Fatal("pem content should equal")
} }
} }

Write Preview
Loading…
Cancel
Save