Skip to content

Commit

Permalink
Print SHA256 fingerprint, don't require specification of http protocol
Browse files Browse the repository at this point in the history
  • Loading branch information
suyashkumar committed Aug 13, 2018
1 parent 4a37814 commit d4aa637
Show file tree
Hide file tree
Showing 2 changed files with 21 additions and 8 deletions.
13 changes: 7 additions & 6 deletions gen/gen.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ import (
"crypto/ecdsa"
"crypto/elliptic"
"crypto/rand"
"crypto/sha256"
"crypto/x509"
"crypto/x509/pkix"
"encoding/pem"
Expand All @@ -17,11 +18,11 @@ import (

// Keys generates a new P256 ECDSA public private key pair for TLS.
// It returns a bytes buffer for the PEM encoded private key and certificate.
func Keys(validFor time.Duration) (cert, key *bytes.Buffer, err error) {
func Keys(validFor time.Duration) (cert, key *bytes.Buffer, fingerprint [32]byte, err error) {
privKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
if err != nil {
log.Fatalf("failed to generate private key: %s", err)
return nil, nil, err
return nil, nil, fingerprint, err
}

notBefore := time.Now()
Expand All @@ -31,7 +32,7 @@ func Keys(validFor time.Duration) (cert, key *bytes.Buffer, err error) {
serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)
if err != nil {
log.Fatalf("failed to generate serial number: %s", err)
return nil, nil, err
return nil, nil, fingerprint, err
}

template := x509.Certificate{
Expand All @@ -50,7 +51,7 @@ func Keys(validFor time.Duration) (cert, key *bytes.Buffer, err error) {
derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, &privKey.PublicKey, privKey)
if err != nil {
log.Fatalf("Failed to create certificate: %s", err)
return nil, nil, err
return nil, nil, fingerprint, err
}

// Encode and write certificate and key to bytes.Buffer
Expand All @@ -60,9 +61,9 @@ func Keys(validFor time.Duration) (cert, key *bytes.Buffer, err error) {
key = bytes.NewBuffer([]byte{})
pem.Encode(key, pemBlockForKey(privKey))

// log.Printf("% X", sha256.Sum256(derBytes))
fingerprint = sha256.Sum256(derBytes)

return cert, key, nil
return cert, key, fingerprint, nil //TODO: maybe return a struct instead of 4 multiple return items
}

func pemBlockForKey(key *ecdsa.PrivateKey) *pem.Block {
Expand Down
16 changes: 14 additions & 2 deletions main.go
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,8 @@ import (
"os"
"time"

"strings"

"github.com/suyashkumar/ssl-proxy/gen"
)

Expand All @@ -22,6 +24,8 @@ var (
const (
DefaultCertFile = "cert.pem"
DefaultKeyFile = "key.pem"
HTTPSPrefix = "https://"
HTTPPrefix = "http://"
)

func main() {
Expand All @@ -35,7 +39,7 @@ func main() {
log.Printf("No existing cert or key specified, generating some self-signed certs for use (%s, %s)\n", *certFile, *keyFile)

// Generate new keys
certBuf, keyBuf, err := gen.Keys(365 * 24 * time.Hour)
certBuf, keyBuf, fingerprint, err := gen.Keys(365 * 24 * time.Hour)
if err != nil {
log.Fatal("Error generating default keys", err)
}
Expand All @@ -52,6 +56,14 @@ func main() {
}
keyOut.Write(keyBuf.Bytes())

log.Printf("SHA256 Fingerprint: % X", fingerprint)

}

// Ensure the to URL is in the right form
if !strings.HasPrefix(*to, HTTPPrefix) && !strings.HasPrefix(*to, HTTPSPrefix) {
*to = HTTPPrefix + *to
log.Println("Assuming -to URL is using http://")
}

toURL, err := url.Parse(*to)
Expand All @@ -61,6 +73,6 @@ func main() {

localProxy := httputil.NewSingleHostReverseProxy(toURL)
http.Handle("/", localProxy)
log.Printf("Proxying calls from %s (SSL/TLS) to %s", *fromURL, toURL)
log.Printf("Proxying calls from https://%s (SSL/TLS) to %s", *fromURL, toURL)
log.Fatal(http.ListenAndServeTLS(*fromURL, *certFile, *keyFile, nil))
}

0 comments on commit d4aa637

Please sign in to comment.