hatter/proxy-inspector
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat: works

Browse Source
This commit is contained in:
Hatter Jiang
2024-03-30 12:11:11 +08:00
parent 4aaec3aa95
commit 277843967b
4 changed files with 56 additions and 76 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
src/cert.rs
View File

@@ -1,15 +1,15 @@
use std::collections::HashMap;
use std::fs;
use std::sync::RwLock;
use once_cell::sync::Lazy;
use rcgen::{Certificate, CertificateParams, DnType, ExtendedKeyUsagePurpose, IsCa, KeyPair, KeyUsagePurpose};
use time::{Duration, OffsetDateTime};
use tokio::sync::RwLock;
const INTERMEDIATE_CERT_ENV_VAR: &str = "INTERMEDIATE_CERT";
const INTERMEDIATE_KEY_ENV_VAR: &str = "INTERMEDIATE_KEY";
static INTERMEDIATE_CA: Lazy<Certificate> = Lazy::new(|| {
static INTERMEDIATE_CA: Lazy<(Certificate, String)> = Lazy::new(|| {
let cert_fn = std::env::var(INTERMEDIATE_CERT_ENV_VAR)
.unwrap_or("__ignore_intermediate_cert.pem".to_string());
let key_fn = std::env::var(INTERMEDIATE_KEY_ENV_VAR)
@@ -21,8 +21,9 @@ static INTERMEDIATE_CA: Lazy<Certificate> = Lazy::new(|| {
// 底层逻辑限制P256 与 SHA256 搭配P384 与 SHA384 搭配
let certificate_params = CertificateParams::from_ca_cert_pem(&cert_pem, key_pair)
.expect("Cert and keypair mismatch");
Certificate::from_params(certificate_params)
.expect("Parse cert params failed")
let cert = Certificate::from_params(certificate_params)
.expect("Parse cert params failed");
(cert, cert_pem)
});
#[derive(Debug, Clone)]
@@ -36,23 +37,23 @@ static CERTIFICATE_CACHE_MAP: Lazy<RwLock<HashMap<String, Cert>>> = Lazy::new(||
RwLock::new(HashMap::new())
});
pub fn issue_certificate(domain: &str) -> Cert {
pub async fn issue_certificate(domain: &str) -> Cert {
{
if let Some(cert) = CERTIFICATE_CACHE_MAP.read().unwrap().get(domain) {
if let Some(cert) = CERTIFICATE_CACHE_MAP.read().await.get(domain) {
return cert.clone();
}
}
let cert = new_end_entity(domain);
let cert_pem = cert.serialize_pem_with_signer(&INTERMEDIATE_CA).expect("Sign cert failed");
let cert_pem = cert.serialize_pem_with_signer(&INTERMEDIATE_CA.0).expect("Sign cert failed");
let key_pem = cert.serialize_private_key_pem();
let intermediate_pem = INTERMEDIATE_CA.serialize_pem().expect("Ser intermediate cert failed");
let intermediate_pem = INTERMEDIATE_CA.1.clone();
let cert = Cert {
cert_pem,
intermediate_pem,
key_pem,
};
{
CERTIFICATE_CACHE_MAP.write().unwrap().insert(domain.to_string(), cert.clone());
CERTIFICATE_CACHE_MAP.write().await.insert(domain.to_string(), cert.clone());
}
cert
}