compy/proxy/certfaker.go
Barna Csorogi eb0b8469a9 use the correct signature algorithm for mitm certs
Use the signature algorithm of the provided CA rather than the one from
the server cert.
2018-02-05 01:37:10 +01:00

44 lines
979 B
Go

package proxy
import (
"crypto"
"crypto/tls"
"crypto/x509"
)
type certFaker struct {
ca *x509.Certificate
key crypto.PrivateKey
}
func newCertFaker(caPath, keyPath string) (*certFaker, error) {
certs, err := tls.LoadX509KeyPair(caPath, keyPath)
if err != nil {
return nil, err
}
ca, err := x509.ParseCertificate(certs.Certificate[0])
if err != nil {
return nil, err
}
return &certFaker{
ca: ca,
key: certs.PrivateKey,
}, nil
}
func (cf *certFaker) FakeCert(original *x509.Certificate) (*tls.Certificate, error) {
template := cf.createTemplate(original)
fakeCertData, err := x509.CreateCertificate(nil, template, cf.ca, cf.ca.PublicKey, cf.key)
return &tls.Certificate{
Certificate: [][]byte{fakeCertData},
PrivateKey: cf.key,
}, err
}
func (cf *certFaker) createTemplate(cert *x509.Certificate) *x509.Certificate {
template := &x509.Certificate{}
*template = *cert
template.SignatureAlgorithm = cf.ca.SignatureAlgorithm
return template
}