MCPcopy
hub / github.com/coyove/goflyway / sign

Method sign

proxy/mitm.go:44–90  ·  view source on GitHub ↗
(host string)

Source from the content-addressed store, hash-verified

42}
43
44func (proxy *ProxyClient) sign(host string) *tls.Certificate {
45 if cert, ok := proxy.CACache.Get(host); ok {
46 return cert.(*tls.Certificate)
47 }
48
49 proxy.Logger.D("MITM", "Self signing", host)
50
51 serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
52 serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)
53 if err != nil {
54 proxy.Logger.E("MITM", "Error", err)
55 return nil
56 }
57
58 x509ca, err := x509.ParseCertificate(proxy.CA.Certificate[0])
59 if err != nil {
60 return nil
61 }
62
63 template := x509.Certificate{
64 SerialNumber: serialNumber,
65 Issuer: x509ca.Subject,
66 Subject: pkix.Name{Organization: []string{"goflyway"}},
67 NotBefore: time.Now().AddDate(0, 0, -1),
68 NotAfter: time.Now().AddDate(1, 0, 0),
69
70 KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
71 ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
72 BasicConstraintsValid: true,
73 DNSNames: []string{host},
74 }
75
76 pubKey := publicKey(proxy.CA.PrivateKey)
77 derBytes, err := x509.CreateCertificate(rand.Reader, &template, x509ca, pubKey, proxy.CA.PrivateKey)
78 if err != nil {
79 proxy.Logger.E("MITM", "Create certificate", err)
80 return nil
81 }
82
83 cert := &tls.Certificate{
84 Certificate: [][]byte{derBytes, proxy.CA.Certificate[0]},
85 PrivateKey: proxy.CA.PrivateKey,
86 }
87
88 proxy.CACache.Add(host, cert)
89 return cert
90}
91
92var mitmSessionCounter int64
93

Callers 1

manInTheMiddleMethod · 0.95

Calls 2

publicKeyFunction · 0.85
GetMethod · 0.80

Tested by

no test coverage detected