package proxy import ( "crypto" "crypto/tls" "crypto/x509" ) type certFaker struct { ca *x509.Certificate key crypto.PrivateKey } func newCertFaker(caPath, keyPath string) (*certFaker, error) { certs, err := tls.LoadX509KeyPair(caPath, keyPath) if err != nil { return nil, err } ca, err := x509.ParseCertificate(certs.Certificate[0]) if err != nil { return nil, err } return &certFaker{ ca: ca, key: certs.PrivateKey, }, nil } func (cf *certFaker) FakeCert(original *x509.Certificate) (*tls.Certificate, error) { template := cf.createTemplate(original) fakeCertData, err := x509.CreateCertificate(nil, template, cf.ca, cf.ca.PublicKey, cf.key) return &tls.Certificate{ Certificate: [][]byte{fakeCertData}, PrivateKey: cf.key, }, err } func (cf *certFaker) createTemplate(cert *x509.Certificate) *x509.Certificate { template := &x509.Certificate{} *template = *cert template.SignatureAlgorithm = cf.ca.SignatureAlgorithm return template }