mirror of
https://github.com/XTLS/Xray-core.git
synced 2025-01-25 10:16:34 +00:00
acb81ebe3d
* verify peer cert function for better man in the middle prevention * publish cert chain hash generation algorithm * added calculation of certificate hash as separate command and tlsping, use base64 to represent fingerprint to align with jsonPb * apply coding style * added test case for pinned certificates * refactored cert pin * pinned cert test * added json loading of the PinnedPeerCertificateChainSha256 * removed tool to prepare for v5 * Add server cert pinning for Xtls Change command "xray tls certChainHash" to xray style Co-authored-by: Shelikhoo <xiaokangwang@outlook.com>
37 lines
797 B
Go
37 lines
797 B
Go
package tls
|
|
|
|
import (
|
|
"crypto/sha256"
|
|
"encoding/base64"
|
|
"encoding/pem"
|
|
)
|
|
|
|
func CalculatePEMCertChainSHA256Hash(certContent []byte) string {
|
|
var certChain [][]byte
|
|
for {
|
|
block, remain := pem.Decode(certContent)
|
|
if block == nil {
|
|
break
|
|
}
|
|
certChain = append(certChain, block.Bytes)
|
|
certContent = remain
|
|
}
|
|
certChainHash := GenerateCertChainHash(certChain)
|
|
certChainHashB64 := base64.StdEncoding.EncodeToString(certChainHash)
|
|
return certChainHashB64
|
|
}
|
|
|
|
func GenerateCertChainHash(rawCerts [][]byte) []byte {
|
|
var hashValue []byte
|
|
for _, certValue := range rawCerts {
|
|
out := sha256.Sum256(certValue)
|
|
if hashValue == nil {
|
|
hashValue = out[:]
|
|
} else {
|
|
newHashValue := sha256.Sum256(append(hashValue, out[:]...))
|
|
hashValue = newHashValue[:]
|
|
}
|
|
}
|
|
return hashValue
|
|
}
|