lzhr/v2fly
1
0
Fork 0
mirror of https://github.com/v2fly/v2ray-core.git synced 2024-11-12 07:19:01 -05:00
Code Issues Releases Wiki Activity

refactored cert pin

Browse Source
This commit is contained in:
Shelikhoo 2021-04-15 20:02:48 +01:00
parent 6263315923
commit ebb720804d
No known key found for this signature in database
GPG Key ID: C4D5E79D22B25316
3 changed files with 37 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
infra/control/certchainhash.go
View File

@ -1,8 +1,6 @@
package control package control
import ( import (
"encoding/base64"
"encoding/pem"
"flag" "flag"
"fmt" "fmt"
"io/ioutil" "io/ioutil"
@ -38,17 +36,7 @@ func (c CertificateChainHashCommand) Execute(args []string) error {
if err != nil { if err != nil {
return err return err
} }
var certChain [][]byte certChainHashB64 := v2tls.CalculatePEMCertChainSHA256Hash(certContent)
for {
block, remain := pem.Decode(certContent)
if block == nil {
break
}
certChain = append(certChain, block.Bytes)
certContent = remain
}
certChainHash := v2tls.GenerateCertChainHash(certChain)
certChainHashB64 := base64.StdEncoding.EncodeToString(certChainHash)
fmt.Println(certChainHashB64) fmt.Println(certChainHashB64)
return nil return nil
} }

15
transport/internet/tls/config.go
View File

@ -4,7 +4,6 @@ package tls
import ( import (
"crypto/hmac" "crypto/hmac"
"crypto/sha256"
"crypto/tls" "crypto/tls"
"crypto/x509" "crypto/x509"
"encoding/base64" "encoding/base64"
@ -186,20 +185,6 @@ func (c *Config) verifyPeerCert(rawCerts [][]byte, verifiedChains [][]*x509.Cert
return nil return nil
} }
func GenerateCertChainHash(rawCerts [][]byte) []byte {
var hashValue []byte
for _, certValue := range rawCerts {
out := sha256.Sum256(certValue)
if hashValue == nil {
hashValue = out[:]
} else {
newHashValue := sha256.Sum256(append(hashValue, out[:]...))
hashValue = newHashValue[:]
}
}
return hashValue
}
// GetTLSConfig converts this Config into tls.Config. // GetTLSConfig converts this Config into tls.Config.
func (c *Config) GetTLSConfig(opts ...Option) *tls.Config { func (c *Config) GetTLSConfig(opts ...Option) *tls.Config {
root, err := c.getCertPool() root, err := c.getCertPool()

36
transport/internet/tls/pin.go Normal file
View File

@ -0,0 +1,36 @@
package tls
import (
"crypto/sha256"
"encoding/base64"
"encoding/pem"
)
func CalculatePEMCertChainSHA256Hash(certContent []byte) string {
var certChain [][]byte
for {
block, remain := pem.Decode(certContent)
if block == nil {
break
}
certChain = append(certChain, block.Bytes)
certContent = remain
}
certChainHash := GenerateCertChainHash(certChain)
certChainHashB64 := base64.StdEncoding.EncodeToString(certChainHash)
return certChainHashB64
}
func GenerateCertChainHash(rawCerts [][]byte) []byte {
var hashValue []byte
for _, certValue := range rawCerts {
out := sha256.Sum256(certValue)
if hashValue == nil {
hashValue = out[:]
} else {
newHashValue := sha256.Sum256(append(hashValue, out[:]...))
hashValue = newHashValue[:]
}
}
return hashValue
}