hatter/proxy-inspector
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat: 0.2.1, support default certificate domains

Browse Source
This commit is contained in:
Hatter Jiang
2024-09-20 01:12:10 +08:00
parent c2eb073c91
commit f1775cad66
4 changed files with 22 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Cargo.lock generated
View File

@@ -2007,7 +2007,7 @@ checksum = "106dd99e98437432fed6519dedecfade6a06a73bb7b2a1e019fdd2bee5778d94"
[[package]] [[package]]
name = "proxy-inspector" name = "proxy-inspector"
version = "0.2.0" version = "0.2.1"
dependencies = [ dependencies = [
"async-trait", "async-trait",
"base64 0.22.1", "base64 0.22.1",

2
Cargo.toml
View File

@@ -1,6 +1,6 @@
[package] [package]
name = "proxy-inspector" name = "proxy-inspector"
version = "0.2.0" version = "0.2.1"
edition = "2021" edition = "2021"
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html

6
src/cert.rs
View File

@@ -65,9 +65,11 @@ fn resolve_ecc_pkcs8(pem: &str) -> String {
} }
fn build_certificate(domain: &str) -> Result<Certificate, String> { fn build_certificate(domain: &str) -> Result<Certificate, String> {
let mut params = CertificateParams::new(vec![domain.into()]); let domains = domain.split(",").map(ToString::to_string).collect::<Vec<String>>();
let mut params = CertificateParams::new(domains.clone());
let (start, end) = build_validity_period()?; let (start, end) = build_validity_period()?;
params.distinguished_name.push(DnType::CommonName, domain); params.distinguished_name.push(DnType::CommonName, &domains[0]);
params.use_authority_key_identifier_extension = true; params.use_authority_key_identifier_extension = true;
params.key_usages.push(KeyUsagePurpose::DigitalSignature); params.key_usages.push(KeyUsagePurpose::DigitalSignature);
params.is_ca = IsCa::NoCa; params.is_ca = IsCa::NoCa;

18
src/service.rs
View File

@@ -1,4 +1,5 @@
use std::collections::HashMap; use std::collections::HashMap;
use std::env;
use std::sync::Arc; use std::sync::Arc;
use async_trait::async_trait; use async_trait::async_trait;
@@ -50,8 +51,21 @@ impl Callback {
impl TlsAccept for Callback { impl TlsAccept for Callback {
async fn certificate_callback(&self, ssl: &mut SslRef) -> () { async fn certificate_callback(&self, ssl: &mut SslRef) -> () {
let sni_provided = ssl.servername(NameType::HOST_NAME) let sni_provided = ssl.servername(NameType::HOST_NAME)
.unwrap_or("127.0.0.1").to_string(); .map(|sni| {
log::info!("SNI provided: {}", sni_provided); log::info!("SNI provided: {}", sni);
sni.to_string()
})
.unwrap_or_else(||
env::var("DEFAULT_CERTIFICATE_DOMAINS")
.map(|default_sni| {
log::info!("Use default SNI: {}", &default_sni);
default_sni
})
.unwrap_or_else(|_| {
log::info!("Use default SNI: 127.0.0.1, user env DEFAULT_CERTIFICATE_DOMAINS override default domains(split with comma ',')");
"127.0.0.1".to_string()
})
);
let cert = self.issue_certificate(&sni_provided).await let cert = self.issue_certificate(&sni_provided).await
.unwrap_or_else(|e| panic!("Issue certificate failed: {}", e)); .unwrap_or_else(|e| panic!("Issue certificate failed: {}", e));