Clash.Meta/common/net/tls.go

package net

import (
	"crypto/rand"
	"crypto/rsa"
	"crypto/sha256"
	"crypto/tls"
	"crypto/x509"
	"encoding/hex"
	"encoding/pem"
	"fmt"
	"math/big"
)

type Path interface {
	Resolve(path string) string
}

func ParseCert(certificate, privateKey string, path Path) (tls.Certificate, error) {
	if certificate == "" && privateKey == "" {
		var err error
		certificate, privateKey, _, err = NewRandomTLSKeyPair()
		if err != nil {
			return tls.Certificate{}, err
		}
	}
	cert, painTextErr := tls.X509KeyPair([]byte(certificate), []byte(privateKey))
	if painTextErr == nil {
		return cert, nil
	}

	certificate = path.Resolve(certificate)
	privateKey = path.Resolve(privateKey)
	cert, loadErr := tls.LoadX509KeyPair(certificate, privateKey)
	if loadErr != nil {
		return tls.Certificate{}, fmt.Errorf("parse certificate failed, maybe format error:%s, or path error: %s", painTextErr.Error(), loadErr.Error())
	}
	return cert, nil
}

func NewRandomTLSKeyPair() (certificate string, privateKey string, fingerprint string, err error) {
	key, err := rsa.GenerateKey(rand.Reader, 2048)
	if err != nil {
		return
	}
	template := x509.Certificate{SerialNumber: big.NewInt(1)}
	certDER, err := x509.CreateCertificate(
		rand.Reader,
		&template,
		&template,
		&key.PublicKey,
		key)
	if err != nil {
		return
	}
	cert, err := x509.ParseCertificate(certDER)
	if err != nil {
		return
	}
	hash := sha256.Sum256(cert.Raw)
	fingerprint = hex.EncodeToString(hash[:])
	privateKey = string(pem.EncodeToMemory(&pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(key)}))
	certificate = string(pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: certDER}))
	return
}
refactor: adjust config 2022-12-03 14:14:15 +08:00			`package net`

			`import (`
chore: new Random TLS KeyPair when empty input 2023-01-18 12:06:36 +08:00			`"crypto/rand"`
			`"crypto/rsa"`
chore: code cleanup 2025-04-16 09:39:52 +08:00			`"crypto/sha256"`
refactor: adjust config 2022-12-03 14:14:15 +08:00			`"crypto/tls"`
chore: new Random TLS KeyPair when empty input 2023-01-18 12:06:36 +08:00			`"crypto/x509"`
chore: code cleanup 2025-04-16 09:39:52 +08:00			`"encoding/hex"`
chore: new Random TLS KeyPair when empty input 2023-01-18 12:06:36 +08:00			`"encoding/pem"`
refactor: adjust config 2022-12-03 14:14:15 +08:00			`"fmt"`
chore: new Random TLS KeyPair when empty input 2023-01-18 12:06:36 +08:00			`"math/big"`
refactor: adjust config 2022-12-03 14:14:15 +08:00			`)`
chore: listeners support tuic 2022-12-04 23:05:13 +08:00
fix: hy2/tuic inbound cert isn't path Co-authored-by: wwqgtxx <wwqgtxx@gmail.com> 2023-10-01 12:04:34 +08:00			`type Path interface {`
			`Resolve(path string) string`
			`}`

			`func ParseCert(certificate, privateKey string, path Path) (tls.Certificate, error) {`
chore: Random only if the certificate and private-key are empty 2023-05-26 23:00:54 +08:00			`if certificate == "" && privateKey == "" {`
chore: code cleanup 2025-04-16 09:39:52 +08:00			`var err error`
			`certificate, privateKey, _, err = NewRandomTLSKeyPair()`
			`if err != nil {`
			`return tls.Certificate{}, err`
			`}`
chore: new Random TLS KeyPair when empty input 2023-01-18 12:06:36 +08:00			`}`
refactor: adjust config 2022-12-03 14:14:15 +08:00			`cert, painTextErr := tls.X509KeyPair([]byte(certificate), []byte(privateKey))`
			`if painTextErr == nil {`
			`return cert, nil`
			`}`

fix: hy2/tuic inbound cert isn't path Co-authored-by: wwqgtxx <wwqgtxx@gmail.com> 2023-10-01 12:04:34 +08:00			`certificate = path.Resolve(certificate)`
			`privateKey = path.Resolve(privateKey)`
refactor: adjust config 2022-12-03 14:14:15 +08:00			`cert, loadErr := tls.LoadX509KeyPair(certificate, privateKey)`
			`if loadErr != nil {`
chore: listeners support tuic 2022-12-04 23:05:13 +08:00			`return tls.Certificate{}, fmt.Errorf("parse certificate failed, maybe format error:%s, or path error: %s", painTextErr.Error(), loadErr.Error())`
refactor: adjust config 2022-12-03 14:14:15 +08:00			`}`
			`return cert, nil`
chore: listeners support tuic 2022-12-04 23:05:13 +08:00			`}`
chore: new Random TLS KeyPair when empty input 2023-01-18 12:06:36 +08:00
chore: code cleanup 2025-04-16 09:39:52 +08:00			`func NewRandomTLSKeyPair() (certificate string, privateKey string, fingerprint string, err error) {`
chore: new Random TLS KeyPair when empty input 2023-01-18 12:06:36 +08:00			`key, err := rsa.GenerateKey(rand.Reader, 2048)`
			`if err != nil {`
chore: code cleanup 2025-04-16 09:39:52 +08:00			`return`
chore: new Random TLS KeyPair when empty input 2023-01-18 12:06:36 +08:00			`}`
			`template := x509.Certificate{SerialNumber: big.NewInt(1)}`
			`certDER, err := x509.CreateCertificate(`
			`rand.Reader,`
			`&template,`
			`&template,`
			`&key.PublicKey,`
			`key)`
			`if err != nil {`
chore: code cleanup 2025-04-16 09:39:52 +08:00			`return`
chore: new Random TLS KeyPair when empty input 2023-01-18 12:06:36 +08:00			`}`
chore: code cleanup 2025-04-16 09:39:52 +08:00			`cert, err := x509.ParseCertificate(certDER)`
chore: new Random TLS KeyPair when empty input 2023-01-18 12:06:36 +08:00			`if err != nil {`
chore: code cleanup 2025-04-16 09:39:52 +08:00			`return`
chore: new Random TLS KeyPair when empty input 2023-01-18 12:06:36 +08:00			`}`
chore: code cleanup 2025-04-16 09:39:52 +08:00			`hash := sha256.Sum256(cert.Raw)`
			`fingerprint = hex.EncodeToString(hash[:])`
			`privateKey = string(pem.EncodeToMemory(&pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(key)}))`
			`certificate = string(pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: certDER}))`
			`return`
chore: new Random TLS KeyPair when empty input 2023-01-18 12:06:36 +08:00			`}`