mirror of
https://git.phreedom.club/localhost_frssoft/compy.git
synced 2024-11-20 15:19:17 +00:00
eb0b8469a9
Use the signature algorithm of the provided CA rather than the one from the server cert.
44 lines
979 B
Go
44 lines
979 B
Go
package proxy
|
|
|
|
import (
|
|
"crypto"
|
|
"crypto/tls"
|
|
"crypto/x509"
|
|
)
|
|
|
|
type certFaker struct {
|
|
ca *x509.Certificate
|
|
key crypto.PrivateKey
|
|
}
|
|
|
|
func newCertFaker(caPath, keyPath string) (*certFaker, error) {
|
|
certs, err := tls.LoadX509KeyPair(caPath, keyPath)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
ca, err := x509.ParseCertificate(certs.Certificate[0])
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return &certFaker{
|
|
ca: ca,
|
|
key: certs.PrivateKey,
|
|
}, nil
|
|
}
|
|
|
|
func (cf *certFaker) FakeCert(original *x509.Certificate) (*tls.Certificate, error) {
|
|
template := cf.createTemplate(original)
|
|
fakeCertData, err := x509.CreateCertificate(nil, template, cf.ca, cf.ca.PublicKey, cf.key)
|
|
return &tls.Certificate{
|
|
Certificate: [][]byte{fakeCertData},
|
|
PrivateKey: cf.key,
|
|
}, err
|
|
}
|
|
|
|
func (cf *certFaker) createTemplate(cert *x509.Certificate) *x509.Certificate {
|
|
template := &x509.Certificate{}
|
|
*template = *cert
|
|
template.SignatureAlgorithm = cf.ca.SignatureAlgorithm
|
|
return template
|
|
}
|