Clash.Meta/common/net/tls.go

package net

import (
	"crypto/rand"
	"crypto/rsa"
	"crypto/tls"
	"crypto/x509"
	"encoding/pem"
	"fmt"
	"math/big"
)

type Path interface {
	Resolve(path string) string
}

func ParseCert(certificate, privateKey string, path Path) (tls.Certificate, error) {
	if certificate == "" && privateKey == "" {
		return newRandomTLSKeyPair()
	}
	cert, painTextErr := tls.X509KeyPair([]byte(certificate), []byte(privateKey))
	if painTextErr == nil {
		return cert, nil
	}

	certificate = path.Resolve(certificate)
	privateKey = path.Resolve(privateKey)
	cert, loadErr := tls.LoadX509KeyPair(certificate, privateKey)
	if loadErr != nil {
		return tls.Certificate{}, fmt.Errorf("parse certificate failed, maybe format error:%s, or path error: %s", painTextErr.Error(), loadErr.Error())
	}
	return cert, nil
}

func newRandomTLSKeyPair() (tls.Certificate, error) {
	key, err := rsa.GenerateKey(rand.Reader, 2048)
	if err != nil {
		return tls.Certificate{}, err
	}
	template := x509.Certificate{SerialNumber: big.NewInt(1)}
	certDER, err := x509.CreateCertificate(
		rand.Reader,
		&template,
		&template,
		&key.PublicKey,
		key)
	if err != nil {
		return tls.Certificate{}, err
	}
	keyPEM := pem.EncodeToMemory(&pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(key)})
	certPEM := pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: certDER})

	tlsCert, err := tls.X509KeyPair(certPEM, keyPEM)
	if err != nil {
		return tls.Certificate{}, err
	}
	return tlsCert, nil
}
refactor: adjust config 2022-12-03 14:14:15 +08:00			`package net`

			`import (`
chore: new Random TLS KeyPair when empty input 2023-01-18 12:06:36 +08:00			`"crypto/rand"`
			`"crypto/rsa"`
refactor: adjust config 2022-12-03 14:14:15 +08:00			`"crypto/tls"`
chore: new Random TLS KeyPair when empty input 2023-01-18 12:06:36 +08:00			`"crypto/x509"`
			`"encoding/pem"`
refactor: adjust config 2022-12-03 14:14:15 +08:00			`"fmt"`
chore: new Random TLS KeyPair when empty input 2023-01-18 12:06:36 +08:00			`"math/big"`
refactor: adjust config 2022-12-03 14:14:15 +08:00			`)`
chore: listeners support tuic 2022-12-04 23:05:13 +08:00
fix: hy2/tuic inbound cert isn't path Co-authored-by: wwqgtxx <wwqgtxx@gmail.com> 2023-10-01 12:04:34 +08:00			`type Path interface {`
			`Resolve(path string) string`
			`}`

			`func ParseCert(certificate, privateKey string, path Path) (tls.Certificate, error) {`
chore: Random only if the certificate and private-key are empty 2023-05-26 23:00:54 +08:00			`if certificate == "" && privateKey == "" {`
chore: new Random TLS KeyPair when empty input 2023-01-18 12:06:36 +08:00			`return newRandomTLSKeyPair()`
			`}`
refactor: adjust config 2022-12-03 14:14:15 +08:00			`cert, painTextErr := tls.X509KeyPair([]byte(certificate), []byte(privateKey))`
			`if painTextErr == nil {`
			`return cert, nil`
			`}`

fix: hy2/tuic inbound cert isn't path Co-authored-by: wwqgtxx <wwqgtxx@gmail.com> 2023-10-01 12:04:34 +08:00			`certificate = path.Resolve(certificate)`
			`privateKey = path.Resolve(privateKey)`
refactor: adjust config 2022-12-03 14:14:15 +08:00			`cert, loadErr := tls.LoadX509KeyPair(certificate, privateKey)`
			`if loadErr != nil {`
chore: listeners support tuic 2022-12-04 23:05:13 +08:00			`return tls.Certificate{}, fmt.Errorf("parse certificate failed, maybe format error:%s, or path error: %s", painTextErr.Error(), loadErr.Error())`
refactor: adjust config 2022-12-03 14:14:15 +08:00			`}`
			`return cert, nil`
chore: listeners support tuic 2022-12-04 23:05:13 +08:00			`}`
chore: new Random TLS KeyPair when empty input 2023-01-18 12:06:36 +08:00
			`func newRandomTLSKeyPair() (tls.Certificate, error) {`
			`key, err := rsa.GenerateKey(rand.Reader, 2048)`
			`if err != nil {`
			`return tls.Certificate{}, err`
			`}`
			`template := x509.Certificate{SerialNumber: big.NewInt(1)}`
			`certDER, err := x509.CreateCertificate(`
			`rand.Reader,`
			`&template,`
			`&template,`
			`&key.PublicKey,`
			`key)`
			`if err != nil {`
			`return tls.Certificate{}, err`
			`}`
			`keyPEM := pem.EncodeToMemory(&pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(key)})`
			`certPEM := pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: certDER})`

			`tlsCert, err := tls.X509KeyPair(certPEM, keyPEM)`
			`if err != nil {`
			`return tls.Certificate{}, err`
			`}`
			`return tlsCert, nil`
			`}`