Skip to content

增加自定义证书支持 #24

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
thehappymouse wants to merge 1 commit into
base: master
Choose a base branch
from
Open

增加自定义证书支持 #24

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 12 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,11 @@ curl -x localhost:8080 https://www.baidu.com
中间人代理, 解密HTTPS
---
系统需导入根证书 mitm-proxy.crt
---
.p12证书转换
openssl pkcs12 -in 1111.p12 -nocerts -nodes -out 1.key
openssl rsa -in 1.key -out apple_pay_pri.pem
openssl pkcs12 -in 1111.p12 -out filename.cer
```go
package main

Expand All @@ -53,6 +58,7 @@ import (
"time"

"github.com/ouqiang/goproxy"
"github.com/ouqiang/goproxy/cert"
)
// 实现证书缓存接口
type Cache struct {
Expand All @@ -72,6 +78,12 @@ func (c *Cache) Get(host string) *tls.Certificate {
}

func main() {
crtData, err := ioutil.ReadFile("resources/filename.crt")
fmt.Println(err)
pemData, err := ioutil.ReadFile("resources/apple_pay_pri.pem")
fmt.Println(err)

cert.ResetTlsKey(pemData, crtData)
proxy := goproxy.New(goproxy.WithDecryptHTTPS(&Cache{}))
server := &http.Server{
Addr: ":8080",
Expand Down
29 changes: 18 additions & 11 deletions cert/certificate.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -127,17 +127,7 @@ var (
)

func init() {
var err error
block, _ := pem.Decode(defaultRootCAPem)
defaultRootCA, err = x509.ParseCertificate(block.Bytes)
if err != nil {
panic(fmt.Errorf("加载根证书失败: %s", err))
}
block, _ = pem.Decode(defaultRootKeyPem)
defaultRootKey, err = x509.ParsePKCS1PrivateKey(block.Bytes)
if err != nil {
panic(fmt.Errorf("加载根证书私钥失败: %s", err))
}
ResetTlsKey(defaultRootKeyPem, defaultRootCAPem)
}

// Certificate 证书管理
Expand All @@ -152,6 +142,23 @@ type Pair struct {
PrivateKeyBytes []byte
}

// 允许用户设置用户证书
// rootKeyPem PRIVATE KEY 文件
// rootCaPem ert 文件
func ResetTlsKey(rootKeyPem, rootCaPem []byte) {
var err error
block, _ := pem.Decode(rootCaPem)
defaultRootCA, err = x509.ParseCertificate(block.Bytes)
if err != nil {
panic(fmt.Errorf("加载根证书失败: %s", err))
}
block, _ = pem.Decode(rootKeyPem)
defaultRootKey, err = x509.ParsePKCS1PrivateKey(block.Bytes)
if err != nil {
panic(fmt.Errorf("加载根证书私钥失败: %s", err))
}
}

func NewCertificate(cache Cache) *Certificate {
return &Certificate{
cache: cache,
Expand Down