From f1775cad663d59e4fcda5f6f772fae9ab8bd067c Mon Sep 17 00:00:00 2001
From: Hatter Jiang <jht5945@gmail.com>
Date: Fri, 20 Sep 2024 01:12:10 +0800
Subject: [PATCH] feat: 0.2.1, support default certificate domains

---
 Cargo.lock     |  2 +-
 Cargo.toml     |  2 +-
 src/cert.rs    |  6 ++++--
 src/service.rs | 18 ++++++++++++++++--
 4 files changed, 22 insertions(+), 6 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 47e886e..eb04d56 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -2007,7 +2007,7 @@ checksum = "106dd99e98437432fed6519dedecfade6a06a73bb7b2a1e019fdd2bee5778d94"
 
 [[package]]
 name = "proxy-inspector"
-version = "0.2.0"
+version = "0.2.1"
 dependencies = [
  "async-trait",
  "base64 0.22.1",
diff --git a/Cargo.toml b/Cargo.toml
index 6b71948..dbf62b1 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "proxy-inspector"
-version = "0.2.0"
+version = "0.2.1"
 edition = "2021"
 
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
diff --git a/src/cert.rs b/src/cert.rs
index 2f416e6..603a313 100644
--- a/src/cert.rs
+++ b/src/cert.rs
@@ -65,9 +65,11 @@ fn resolve_ecc_pkcs8(pem: &str) -> String {
 }
 
 fn build_certificate(domain: &str) -> Result<Certificate, String> {
-    let mut params = CertificateParams::new(vec![domain.into()]);
+    let domains = domain.split(",").map(ToString::to_string).collect::<Vec<String>>();
+
+    let mut params = CertificateParams::new(domains.clone());
     let (start, end) = build_validity_period()?;
-    params.distinguished_name.push(DnType::CommonName, domain);
+    params.distinguished_name.push(DnType::CommonName, &domains[0]);
     params.use_authority_key_identifier_extension = true;
     params.key_usages.push(KeyUsagePurpose::DigitalSignature);
     params.is_ca = IsCa::NoCa;
diff --git a/src/service.rs b/src/service.rs
index 1bb2268..ffd6602 100644
--- a/src/service.rs
+++ b/src/service.rs
@@ -1,4 +1,5 @@
 use std::collections::HashMap;
+use std::env;
 use std::sync::Arc;
 
 use async_trait::async_trait;
@@ -50,8 +51,21 @@ impl Callback {
 impl TlsAccept for Callback {
     async fn certificate_callback(&self, ssl: &mut SslRef) -> () {
         let sni_provided = ssl.servername(NameType::HOST_NAME)
-            .unwrap_or("127.0.0.1").to_string();
-        log::info!("SNI provided: {}", sni_provided);
+            .map(|sni| {
+                log::info!("SNI provided: {}", sni);
+                sni.to_string()
+            })
+            .unwrap_or_else(||
+                env::var("DEFAULT_CERTIFICATE_DOMAINS")
+                    .map(|default_sni| {
+                        log::info!("Use default SNI: {}", &default_sni);
+                        default_sni
+                    })
+                    .unwrap_or_else(|_| {
+                        log::info!("Use default SNI: 127.0.0.1, user env DEFAULT_CERTIFICATE_DOMAINS override default domains(split with comma ',')");
+                        "127.0.0.1".to_string()
+                    })
+            );
 
         let cert = self.issue_certificate(&sni_provided).await
             .unwrap_or_else(|e| panic!("Issue certificate failed: {}", e));