Print SHA256 fingerprint, don't require specification of http protocol

suyashkumar · Aug 13, 2018 · d4aa637 · d4aa637
1 parent 4a37814
commit d4aa637
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 8 deletions.
diff --git a/gen/gen.go b/gen/gen.go
@@ -5,6 +5,7 @@ import (
 	"crypto/ecdsa"
 	"crypto/elliptic"
 	"crypto/rand"
+	"crypto/sha256"
 	"crypto/x509"
 	"crypto/x509/pkix"
 	"encoding/pem"
@@ -17,11 +18,11 @@ import (
 
 // Keys generates a new P256 ECDSA public private key pair for TLS.
 // It returns a bytes buffer for the PEM encoded private key and certificate.
-func Keys(validFor time.Duration) (cert, key *bytes.Buffer, err error) {
+func Keys(validFor time.Duration) (cert, key *bytes.Buffer, fingerprint [32]byte, err error) {
 	privKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
 	if err != nil {
 		log.Fatalf("failed to generate private key: %s", err)
-		return nil, nil, err
+		return nil, nil, fingerprint, err
 	}
 
 	notBefore := time.Now()
@@ -31,7 +32,7 @@ func Keys(validFor time.Duration) (cert, key *bytes.Buffer, err error) {
 	serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)
 	if err != nil {
 		log.Fatalf("failed to generate serial number: %s", err)
-		return nil, nil, err
+		return nil, nil, fingerprint, err
 	}
 
 	template := x509.Certificate{
@@ -50,7 +51,7 @@ func Keys(validFor time.Duration) (cert, key *bytes.Buffer, err error) {
 	derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, &privKey.PublicKey, privKey)
 	if err != nil {
 		log.Fatalf("Failed to create certificate: %s", err)
-		return nil, nil, err
+		return nil, nil, fingerprint, err
 	}
 
 	// Encode and write certificate and key to bytes.Buffer
@@ -60,9 +61,9 @@ func Keys(validFor time.Duration) (cert, key *bytes.Buffer, err error) {
 	key = bytes.NewBuffer([]byte{})
 	pem.Encode(key, pemBlockForKey(privKey))
 
-	// log.Printf("% X", sha256.Sum256(derBytes))
+	fingerprint = sha256.Sum256(derBytes)
 
-	return cert, key, nil
+	return cert, key, fingerprint, nil //TODO: maybe return a struct instead of 4 multiple return items
 }
 
 func pemBlockForKey(key *ecdsa.PrivateKey) *pem.Block {

diff --git a/main.go b/main.go
@@ -9,6 +9,8 @@ import (
 	"os"
 	"time"
 
+	"strings"
+
 	"github.com/suyashkumar/ssl-proxy/gen"
 )
 
@@ -22,6 +24,8 @@ var (
 const (
 	DefaultCertFile = "cert.pem"
 	DefaultKeyFile  = "key.pem"
+	HTTPSPrefix     = "https://"
+	HTTPPrefix      = "http://"
 )
 
 func main() {
@@ -35,7 +39,7 @@ func main() {
 		log.Printf("No existing cert or key specified, generating some self-signed certs for use (%s, %s)\n", *certFile, *keyFile)
 
 		// Generate new keys
-		certBuf, keyBuf, err := gen.Keys(365 * 24 * time.Hour)
+		certBuf, keyBuf, fingerprint, err := gen.Keys(365 * 24 * time.Hour)
 		if err != nil {
 			log.Fatal("Error generating default keys", err)
 		}
@@ -52,6 +56,14 @@ func main() {
 		}
 		keyOut.Write(keyBuf.Bytes())
 
+		log.Printf("SHA256 Fingerprint: % X", fingerprint)
+
+	}
+
+	// Ensure the to URL is in the right form
+	if !strings.HasPrefix(*to, HTTPPrefix) && !strings.HasPrefix(*to, HTTPSPrefix) {
+		*to = HTTPPrefix + *to
+		log.Println("Assuming -to URL is using http://")
 	}
 
 	toURL, err := url.Parse(*to)
@@ -61,6 +73,6 @@ func main() {
 
 	localProxy := httputil.NewSingleHostReverseProxy(toURL)
 	http.Handle("/", localProxy)
-	log.Printf("Proxying calls from %s (SSL/TLS) to %s", *fromURL, toURL)
+	log.Printf("Proxying calls from https://%s (SSL/TLS) to %s", *fromURL, toURL)
 	log.Fatal(http.ListenAndServeTLS(*fromURL, *certFile, *keyFile, nil))
 }