Buriburizaemon/V2bX
1
0
Fork 0
mirror of https://github.com/wyx2685/V2bX.git synced 2026-02-04 12:40:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

add self CertMode

Browse Source
This commit is contained in:
Yuzuki616
2023-08-17 00:21:15 +08:00
parent 27702d353a
commit 42e86bf94c
8 changed files with 359 additions and 304 deletions
Download Patch File Download Diff File Expand all files Collapse all files

80
node/cert.go
View File

@@ -1,15 +1,22 @@
package node
import (
"crypto/rand"
"crypto/rsa"
"crypto/x509"
"crypto/x509/pkix"
"encoding/pem"
"fmt"
"math/big"
"os"
"time"
"github.com/InazumaV/V2bX/common/file"
"github.com/InazumaV/V2bX/node/lego"
log "github.com/sirupsen/logrus"
)
func (c *Controller) renewCertTask() error {
l, err := lego.New(c.CertConfig)
l, err := NewLego(c.CertConfig)
if err != nil {
log.WithField("tag", c.tag).Info("new lego error: ", err)
return nil
@@ -25,12 +32,10 @@ func (c *Controller) renewCertTask() error {
func (c *Controller) requestCert() error {
switch c.CertConfig.CertMode {
case "reality", "none", "":
return nil
case "file":
if c.CertConfig.CertFile == "" || c.CertConfig.KeyFile == "" {
return fmt.Errorf("cert file path or key file path not exist")
}
return nil
case "dns", "http":
if c.CertConfig.CertFile == "" || c.CertConfig.KeyFile == "" {
return fmt.Errorf("cert file path or key file path not exist")
@@ -38,15 +43,74 @@ func (c *Controller) requestCert() error {
if file.IsExist(c.CertConfig.CertFile) && file.IsExist(c.CertConfig.KeyFile) {
return nil
}
l, err := lego.New(c.CertConfig)
l, err := NewLego(c.CertConfig)
if err != nil {
return fmt.Errorf("create lego object error: %s", err)
}
err = l.CreateCert()
if err != nil {
return fmt.Errorf("create cert error: %s", err)
return fmt.Errorf("create lego cert error: %s", err)
}
return nil
case "self":
if c.CertConfig.CertFile == "" || c.CertConfig.KeyFile == "" {
return fmt.Errorf("cert file path or key file path not exist")
}
if file.IsExist(c.CertConfig.CertFile) && file.IsExist(c.CertConfig.KeyFile) {
return nil
}
err := generateSelfSslCertificate(
c.CertConfig.CertDomain,
c.CertConfig.CertFile,
c.CertConfig.KeyFile)
if err != nil {
return fmt.Errorf("generate self cert error: %s", err)
}
default:
return fmt.Errorf("unsupported certmode: %s", c.CertConfig.CertMode)
}
return fmt.Errorf("unsupported certmode: %s", c.CertConfig.CertMode)
return nil
}
func generateSelfSslCertificate(domain, certPath, keyPath string) error {
key, _ := rsa.GenerateKey(rand.Reader, 2048)
tmpl := &x509.Certificate{
Version: 3,
SerialNumber: big.NewInt(time.Now().Unix()),
Subject: pkix.Name{
CommonName: domain,
},
DNSNames: []string{domain},
BasicConstraintsValid: true,
KeyUsage: x509.KeyUsageDigitalSignature | x509.KeyUsageKeyEncipherment,
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
NotBefore: time.Now(),
NotAfter: time.Now().AddDate(30, 0, 0),
}
cert, err := x509.CreateCertificate(rand.Reader, tmpl, tmpl, key.Public(), key)
if err != nil {
return err
}
f, err := os.OpenFile(certPath, os.O_CREATE|os.O_RDWR, 0644)
if err != nil {
return err
}
err = pem.Encode(f, &pem.Block{
Type: "CERTIFICATE",
Bytes: cert,
})
if err != nil {
return err
}
f, err = os.OpenFile(keyPath, os.O_CREATE|os.O_RDWR, 0644)
if err != nil {
return err
}
err = pem.Encode(f, &pem.Block{
Type: "EC PRIVATE KEY",
Bytes: x509.MarshalPKCS1PrivateKey(key),
})
if err != nil {
return err
}
return nil
}