From d4aa63739876a8b3873fe6525ed0a96d12f7203f Mon Sep 17 00:00:00 2001 From: Suyash Kumar Date: Mon, 13 Aug 2018 16:17:49 -0400 Subject: [PATCH] Print SHA256 fingerprint, don't require specification of http protocol --- gen/gen.go | 13 +++++++------ main.go | 16 ++++++++++++++-- 2 files changed, 21 insertions(+), 8 deletions(-) diff --git a/gen/gen.go b/gen/gen.go index f182f4e..5d61af0 100644 --- a/gen/gen.go +++ b/gen/gen.go @@ -5,6 +5,7 @@ import ( "crypto/ecdsa" "crypto/elliptic" "crypto/rand" + "crypto/sha256" "crypto/x509" "crypto/x509/pkix" "encoding/pem" @@ -17,11 +18,11 @@ import ( // Keys generates a new P256 ECDSA public private key pair for TLS. // It returns a bytes buffer for the PEM encoded private key and certificate. -func Keys(validFor time.Duration) (cert, key *bytes.Buffer, err error) { +func Keys(validFor time.Duration) (cert, key *bytes.Buffer, fingerprint [32]byte, err error) { privKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) if err != nil { log.Fatalf("failed to generate private key: %s", err) - return nil, nil, err + return nil, nil, fingerprint, err } notBefore := time.Now() @@ -31,7 +32,7 @@ func Keys(validFor time.Duration) (cert, key *bytes.Buffer, err error) { serialNumber, err := rand.Int(rand.Reader, serialNumberLimit) if err != nil { log.Fatalf("failed to generate serial number: %s", err) - return nil, nil, err + return nil, nil, fingerprint, err } template := x509.Certificate{ @@ -50,7 +51,7 @@ func Keys(validFor time.Duration) (cert, key *bytes.Buffer, err error) { derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, &privKey.PublicKey, privKey) if err != nil { log.Fatalf("Failed to create certificate: %s", err) - return nil, nil, err + return nil, nil, fingerprint, err } // Encode and write certificate and key to bytes.Buffer @@ -60,9 +61,9 @@ func Keys(validFor time.Duration) (cert, key *bytes.Buffer, err error) { key = bytes.NewBuffer([]byte{}) pem.Encode(key, pemBlockForKey(privKey)) - // log.Printf("% X", sha256.Sum256(derBytes)) + fingerprint = sha256.Sum256(derBytes) - return cert, key, nil + return cert, key, fingerprint, nil //TODO: maybe return a struct instead of 4 multiple return items } func pemBlockForKey(key *ecdsa.PrivateKey) *pem.Block { diff --git a/main.go b/main.go index 550a9f6..1abba8c 100644 --- a/main.go +++ b/main.go @@ -9,6 +9,8 @@ import ( "os" "time" + "strings" + "github.com/suyashkumar/ssl-proxy/gen" ) @@ -22,6 +24,8 @@ var ( const ( DefaultCertFile = "cert.pem" DefaultKeyFile = "key.pem" + HTTPSPrefix = "https://" + HTTPPrefix = "http://" ) func main() { @@ -35,7 +39,7 @@ func main() { log.Printf("No existing cert or key specified, generating some self-signed certs for use (%s, %s)\n", *certFile, *keyFile) // Generate new keys - certBuf, keyBuf, err := gen.Keys(365 * 24 * time.Hour) + certBuf, keyBuf, fingerprint, err := gen.Keys(365 * 24 * time.Hour) if err != nil { log.Fatal("Error generating default keys", err) } @@ -52,6 +56,14 @@ func main() { } keyOut.Write(keyBuf.Bytes()) + log.Printf("SHA256 Fingerprint: % X", fingerprint) + + } + + // Ensure the to URL is in the right form + if !strings.HasPrefix(*to, HTTPPrefix) && !strings.HasPrefix(*to, HTTPSPrefix) { + *to = HTTPPrefix + *to + log.Println("Assuming -to URL is using http://") } toURL, err := url.Parse(*to) @@ -61,6 +73,6 @@ func main() { localProxy := httputil.NewSingleHostReverseProxy(toURL) http.Handle("/", localProxy) - log.Printf("Proxying calls from %s (SSL/TLS) to %s", *fromURL, toURL) + log.Printf("Proxying calls from https://%s (SSL/TLS) to %s", *fromURL, toURL) log.Fatal(http.ListenAndServeTLS(*fromURL, *certFile, *keyFile, nil)) }