1
0
mirror of https://github.com/v2fly/v2ray-core.git synced 2024-06-10 01:40:44 +00:00

added calculation of certificate hash as separate command and tlsping, use base64 to represent fingerprint to align with jsonPb

This commit is contained in:
Shelikhoo 2021-04-15 19:01:55 +01:00
parent 34a3850f16
commit 92b845a45b
No known key found for this signature in database
GPG Key ID: C4D5E79D22B25316
3 changed files with 79 additions and 10 deletions

View File

@ -0,0 +1,57 @@
package control
import (
"encoding/base64"
"encoding/pem"
"flag"
"fmt"
"github.com/v2fly/v2ray-core/v4/common"
v2tls "github.com/v2fly/v2ray-core/v4/transport/internet/tls"
"io/ioutil"
)
type CertificateChainHashCommand struct {
}
func (c CertificateChainHashCommand) Name() string {
return "certChainHash"
}
func (c CertificateChainHashCommand) Description() Description {
return Description{
Short: "Calculate TLS certificates hash.",
Usage: []string{
"v2ctl certChainHash --cert <cert.pem>",
"Calculate TLS certificate chain hash.",
},
}
}
func (c CertificateChainHashCommand) Execute(args []string) error {
fs := flag.NewFlagSet(c.Name(), flag.ContinueOnError)
cert := fs.String("cert", "fullchain.pem", "The file path of the certificates chain")
if err := fs.Parse(args); err != nil {
return err
}
certContent, err := ioutil.ReadFile(*cert)
if err != nil {
return err
}
var certChain [][]byte
for {
block, remain := pem.Decode(certContent)
if block == nil {
break
}
certChain = append(certChain, block.Bytes)
certContent = remain
}
certChainHash := v2tls.GenerateCertChainHash(certChain)
certChainHashB64 := base64.StdEncoding.EncodeToString(certChainHash)
fmt.Println(certChainHashB64)
return nil
}
func init() {
common.Must(RegisterCommand(&CertificateChainHashCommand{}))
}

View File

@ -3,11 +3,13 @@ package control
import (
"crypto/tls"
"crypto/x509"
"encoding/base64"
"flag"
"fmt"
"net"
"github.com/v2fly/v2ray-core/v4/common"
v2tls "github.com/v2fly/v2ray-core/v4/transport/internet/tls"
)
type TLSPingCommand struct{}
@ -71,10 +73,11 @@ func (c *TLSPingCommand) Execute(args []string) error {
return newError("dial tcp").Base(err)
}
tlsConn := tls.Client(tcpConn, &tls.Config{
InsecureSkipVerify: true,
NextProtos: []string{"http/1.1"},
MaxVersion: tls.VersionTLS12,
MinVersion: tls.VersionTLS12,
InsecureSkipVerify: true,
NextProtos: []string{"http/1.1"},
MaxVersion: tls.VersionTLS12,
MinVersion: tls.VersionTLS12,
VerifyPeerCertificate: showCert(),
})
err = tlsConn.Handshake()
if err != nil {
@ -94,10 +97,11 @@ func (c *TLSPingCommand) Execute(args []string) error {
return newError("dial tcp").Base(err)
}
tlsConn := tls.Client(tcpConn, &tls.Config{
ServerName: domain,
NextProtos: []string{"http/1.1"},
MaxVersion: tls.VersionTLS12,
MinVersion: tls.VersionTLS12,
ServerName: domain,
NextProtos: []string{"http/1.1"},
MaxVersion: tls.VersionTLS12,
MinVersion: tls.VersionTLS12,
VerifyPeerCertificate: showCert(),
})
err = tlsConn.Handshake()
if err != nil {
@ -114,6 +118,14 @@ func (c *TLSPingCommand) Execute(args []string) error {
return nil
}
func showCert() func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error {
return func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error {
hash := v2tls.GenerateCertChainHash(rawCerts)
fmt.Println("Certificate Chain Hash: ", base64.StdEncoding.EncodeToString(hash))
return nil
}
}
func init() {
common.Must(RegisterCommand(&TLSPingCommand{}))
}

View File

@ -7,7 +7,7 @@ import (
"crypto/sha256"
"crypto/tls"
"crypto/x509"
"encoding/hex"
"encoding/base64"
"strings"
"sync"
"time"
@ -181,7 +181,7 @@ func (c *Config) verifyPeerCert(rawCerts [][]byte, verifiedChains [][]*x509.Cert
return nil
}
}
return newError("peer cert is unrecognized: ", hex.EncodeToString(hashValue))
return newError("peer cert is unrecognized: ", base64.StdEncoding.EncodeToString(hashValue))
}
return nil
}