(ca *tls.Certificate)
| 263 | } |
| 264 | |
| 265 | func (p *HTTPProxy) TLSConfigFromCA(ca *tls.Certificate) func(host string, ctx *goproxy.ProxyCtx) (*tls.Config, error) { |
| 266 | return func(host string, ctx *goproxy.ProxyCtx) (c *tls.Config, err error) { |
| 267 | parts := strings.SplitN(host, ":", 2) |
| 268 | hostname := parts[0] |
| 269 | port := 443 |
| 270 | if len(parts) > 1 { |
| 271 | port, err = strconv.Atoi(parts[1]) |
| 272 | if err != nil { |
| 273 | port = 443 |
| 274 | } |
| 275 | } |
| 276 | |
| 277 | cert := getCachedCert(hostname, port) |
| 278 | if cert == nil { |
| 279 | p.Info("creating spoofed certificate for %s:%d", tui.Yellow(hostname), port) |
| 280 | cert, err = btls.SignCertificateForHost(ca, hostname, port) |
| 281 | if err != nil { |
| 282 | p.Warning("cannot sign host certificate with provided CA: %s", err) |
| 283 | return nil, err |
| 284 | } |
| 285 | |
| 286 | setCachedCert(hostname, port, cert) |
| 287 | } else { |
| 288 | p.Debug("serving spoofed certificate for %s:%d", tui.Yellow(hostname), port) |
| 289 | } |
| 290 | |
| 291 | config := tls.Config{ |
| 292 | InsecureSkipVerify: true, |
| 293 | Certificates: []tls.Certificate{*cert}, |
| 294 | } |
| 295 | |
| 296 | return &config, nil |
| 297 | } |
| 298 | } |
| 299 | |
| 300 | func (p *HTTPProxy) ConfigureTLS(address string, proxyPort int, httpPort int, doRedirect bool, scriptPath string, |
| 301 | certFile string, |
no test coverage detected