lzhr/v2fly
1
0
Fork 0
mirror of https://github.com/v2fly/v2ray-core.git synced 2024-11-16 09:26:21 -05:00
Code Issues Releases Wiki Activity

more options for generating certificate

Browse Source
This commit is contained in:
Darien Raymond 2018-04-09 23:17:55 +02:00
parent b7fc1f0bd6
commit 8ba8ce7d6a
No known key found for this signature in database
GPG Key ID: 7251FFA14BB18169
1 changed files with 44 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
common/protocol/tls/cert/cert.go
View File

@ -4,13 +4,9 @@ import (
"crypto/rand" "crypto/rand"
"crypto/rsa" "crypto/rsa"
"crypto/x509" "crypto/x509"
"crypto/x509/pkix"
"encoding/pem" "encoding/pem"
"log"
"math/big" "math/big"
"time" "time"
"v2ray.com/core/common"
) )
//go:generate go run $GOPATH/src/v2ray.com/core/common/errors/errorgen/main.go -pkg cert -path Protocol,TLS,Cert //go:generate go run $GOPATH/src/v2ray.com/core/common/errors/errorgen/main.go -pkg cert -path Protocol,TLS,Cert
@ -30,37 +26,68 @@ func Authority(isCA bool) Option {
} }
} }
func Generate() (Certificate, error) { func NotBefore(t time.Time) Option {
return func(c *x509.Certificate) {
c.NotBefore = t
}
}
func NotAfter(t time.Time) Option {
return func(c *x509.Certificate) {
c.NotAfter = t
}
}
func DNSNames(names ...string) Option {
return func(c *x509.Certificate) {
c.DNSNames = names
}
}
func CommonName(name string) Option {
return func(c *x509.Certificate) {
c.Subject.CommonName = name
}
}
func Generate(parent *x509.Certificate, opts ...Option) (*Certificate, error) {
priv, err := rsa.GenerateKey(rand.Reader, 2048) priv, err := rsa.GenerateKey(rand.Reader, 2048)
common.Must(err) if err != nil {
return nil, newError("failed to generate RSA private key").Base(err)
}
serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128) serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
serialNumber, err := rand.Int(rand.Reader, serialNumberLimit) serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)
if err != nil { if err != nil {
return nil, newError("failed to generate serial number").Base(err)
log.Fatalf("failed to generate serial number: %s", err)
} }
template := x509.Certificate{ template := &x509.Certificate{
SerialNumber: serialNumber, SerialNumber: serialNumber,
Subject: pkix.Name{
Organization: []string{"V2Ray Inc"},
},
NotBefore: time.Now().Add(time.Hour * -1), NotBefore: time.Now().Add(time.Hour * -1),
NotAfter: time.Now().Add(time.Hour), NotAfter: time.Now().Add(time.Hour),
KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature, KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}, ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
BasicConstraintsValid: true, BasicConstraintsValid: true,
DNSNames: []string{"www.v2ray.com", "v2ray.com"},
} }
derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, &priv.PublicKey, priv) for _, opt := range opts {
common.Must(err) opt(template)
}
if parent == nil {
parent = template
}
derBytes, err := x509.CreateCertificate(rand.Reader, template, parent, priv.Public(), priv)
if err != nil {
return nil, newError("failed to create certificate").Base(err)
}
certPEM := pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: derBytes}) certPEM := pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: derBytes})
keyPEM := pem.EncodeToMemory(&pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(priv)}) keyPEM := pem.EncodeToMemory(&pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(priv)})
return Certificate{ return &Certificate{
Certificate: certPEM, Certificate: certPEM,
PrivateKey: keyPEM, PrivateKey: keyPEM,
}, nil }, nil