mirror of
https://github.com/XTLS/Xray-core.git
synced 2026-07-04 02:38:42 +00:00
TLS client: Simplify cert's verification code (#5656)
Fixes https://github.com/XTLS/Xray-core/issues/5655
This commit is contained in:
@@ -0,0 +1,78 @@
|
||||
package tls
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"crypto/x509"
|
||||
"encoding/pem"
|
||||
"flag"
|
||||
"fmt"
|
||||
"os"
|
||||
"text/tabwriter"
|
||||
|
||||
"github.com/xtls/xray-core/main/commands/base"
|
||||
. "github.com/xtls/xray-core/transport/internet/tls"
|
||||
)
|
||||
|
||||
var cmdHash = &base.Command{
|
||||
UsageLine: "{{.Exec}} tls hash",
|
||||
Short: "Calculate TLS certificate hash.",
|
||||
Long: `
|
||||
xray tls hash --cert <cert.pem>
|
||||
Calculate TLS certificate hash.
|
||||
`,
|
||||
}
|
||||
|
||||
func init() {
|
||||
cmdHash.Run = executeHash // break init loop
|
||||
}
|
||||
|
||||
var input = cmdHash.Flag.String("cert", "fullchain.pem", "The file path of the certificate")
|
||||
|
||||
func executeHash(cmd *base.Command, args []string) {
|
||||
fs := flag.NewFlagSet("hash", flag.ContinueOnError)
|
||||
if err := fs.Parse(args); err != nil {
|
||||
fmt.Println(err)
|
||||
return
|
||||
}
|
||||
certContent, err := os.ReadFile(*input)
|
||||
if err != nil {
|
||||
fmt.Println(err)
|
||||
return
|
||||
}
|
||||
var certs []*x509.Certificate
|
||||
if bytes.Contains(certContent, []byte("BEGIN")) {
|
||||
for {
|
||||
block, remain := pem.Decode(certContent)
|
||||
if block == nil {
|
||||
break
|
||||
}
|
||||
cert, err := x509.ParseCertificate(block.Bytes)
|
||||
if err != nil {
|
||||
fmt.Println("Unable to decode certificate:", err)
|
||||
return
|
||||
}
|
||||
certs = append(certs, cert)
|
||||
certContent = remain
|
||||
}
|
||||
} else {
|
||||
certs, err = x509.ParseCertificates(certContent)
|
||||
if err != nil {
|
||||
fmt.Println("Unable to parse certificates:", err)
|
||||
return
|
||||
}
|
||||
}
|
||||
if len(certs) == 0 {
|
||||
fmt.Println("No certificates found")
|
||||
return
|
||||
}
|
||||
tabWriter := tabwriter.NewWriter(os.Stdout, 0, 0, 2, ' ', 0)
|
||||
for i, cert := range certs {
|
||||
hash := GenerateCertHashHex(cert)
|
||||
if i == 0 {
|
||||
fmt.Fprintf(tabWriter, "Leaf SHA256:\t%s\n", hash)
|
||||
} else {
|
||||
fmt.Fprintf(tabWriter, "CA <%s> SHA256:\t%s\n", cert.Subject.CommonName, hash)
|
||||
}
|
||||
}
|
||||
tabWriter.Flush()
|
||||
}
|
||||
Reference in New Issue
Block a user