mirror of
https://github.com/XTLS/Xray-core.git
synced 2025-01-09 03:57:12 +03:00
acb81ebe3d
* verify peer cert function for better man in the middle prevention * publish cert chain hash generation algorithm * added calculation of certificate hash as separate command and tlsping, use base64 to represent fingerprint to align with jsonPb * apply coding style * added test case for pinned certificates * refactored cert pin * pinned cert test * added json loading of the PinnedPeerCertificateChainSha256 * removed tool to prepare for v5 * Add server cert pinning for Xtls Change command "xray tls certChainHash" to xray style Co-authored-by: Shelikhoo <xiaokangwang@outlook.com>
42 lines
966 B
Go
42 lines
966 B
Go
package tls
|
|
|
|
import (
|
|
"flag"
|
|
"fmt"
|
|
"io/ioutil"
|
|
|
|
"github.com/xtls/xray-core/main/commands/base"
|
|
"github.com/xtls/xray-core/transport/internet/tls"
|
|
)
|
|
|
|
var cmdCertChainHash = &base.Command{
|
|
UsageLine: "{{.Exec}} certChainHash",
|
|
Short: "Calculate TLS certificates hash.",
|
|
Long: `
|
|
xray tls certChainHash --cert <cert.pem>
|
|
Calculate TLS certificate chain hash.
|
|
`,
|
|
}
|
|
|
|
func init() {
|
|
cmdCertChainHash.Run = executeCertChainHash // break init loop
|
|
}
|
|
|
|
var input = cmdCertChainHash.Flag.String("cert", "fullchain.pem", "The file path of the certificates chain")
|
|
|
|
func executeCertChainHash(cmd *base.Command, args []string) {
|
|
fs := flag.NewFlagSet("certChainHash", flag.ContinueOnError)
|
|
if err := fs.Parse(args); err != nil {
|
|
fmt.Println(err)
|
|
return
|
|
}
|
|
certContent, err := ioutil.ReadFile(*input)
|
|
if err != nil {
|
|
fmt.Println(err)
|
|
return
|
|
}
|
|
certChainHashB64 := tls.CalculatePEMCertChainSHA256Hash(certContent)
|
|
fmt.Println(certChainHashB64)
|
|
return
|
|
}
|