(host string)
| 42 | } |
| 43 | |
| 44 | func (proxy *ProxyClient) sign(host string) *tls.Certificate { |
| 45 | if cert, ok := proxy.CACache.Get(host); ok { |
| 46 | return cert.(*tls.Certificate) |
| 47 | } |
| 48 | |
| 49 | proxy.Logger.D("MITM", "Self signing", host) |
| 50 | |
| 51 | serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128) |
| 52 | serialNumber, err := rand.Int(rand.Reader, serialNumberLimit) |
| 53 | if err != nil { |
| 54 | proxy.Logger.E("MITM", "Error", err) |
| 55 | return nil |
| 56 | } |
| 57 | |
| 58 | x509ca, err := x509.ParseCertificate(proxy.CA.Certificate[0]) |
| 59 | if err != nil { |
| 60 | return nil |
| 61 | } |
| 62 | |
| 63 | template := x509.Certificate{ |
| 64 | SerialNumber: serialNumber, |
| 65 | Issuer: x509ca.Subject, |
| 66 | Subject: pkix.Name{Organization: []string{"goflyway"}}, |
| 67 | NotBefore: time.Now().AddDate(0, 0, -1), |
| 68 | NotAfter: time.Now().AddDate(1, 0, 0), |
| 69 | |
| 70 | KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature, |
| 71 | ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}, |
| 72 | BasicConstraintsValid: true, |
| 73 | DNSNames: []string{host}, |
| 74 | } |
| 75 | |
| 76 | pubKey := publicKey(proxy.CA.PrivateKey) |
| 77 | derBytes, err := x509.CreateCertificate(rand.Reader, &template, x509ca, pubKey, proxy.CA.PrivateKey) |
| 78 | if err != nil { |
| 79 | proxy.Logger.E("MITM", "Create certificate", err) |
| 80 | return nil |
| 81 | } |
| 82 | |
| 83 | cert := &tls.Certificate{ |
| 84 | Certificate: [][]byte{derBytes, proxy.CA.Certificate[0]}, |
| 85 | PrivateKey: proxy.CA.PrivateKey, |
| 86 | } |
| 87 | |
| 88 | proxy.CACache.Add(host, cert) |
| 89 | return cert |
| 90 | } |
| 91 | |
| 92 | var mitmSessionCounter int64 |
| 93 |
no test coverage detected