V2bX/node/cert.go

package node

import (
	"crypto/rand"
	"crypto/rsa"
	"crypto/x509"
	"crypto/x509/pkix"
	"encoding/pem"
	"fmt"
	"math/big"
	"os"
	"time"

	"github.com/InazumaV/V2bX/common/file"
	log "github.com/sirupsen/logrus"
)

func (c *Controller) renewCertTask() error {
	l, err := NewLego(c.CertConfig)
	if err != nil {
		log.WithField("tag", c.tag).Info("new lego error: ", err)
		return nil
	}
	err = l.RenewCert()
	if err != nil {
		log.WithField("tag", c.tag).Info("renew cert error: ", err)
		return nil
	}
	return nil
}

func (c *Controller) requestCert() error {
	switch c.CertConfig.CertMode {
	case "reality", "none", "":
	case "file":
		if c.CertConfig.CertFile == "" || c.CertConfig.KeyFile == "" {
			return fmt.Errorf("cert file path or key file path not exist")
		}
	case "dns", "http":
		if c.CertConfig.CertFile == "" || c.CertConfig.KeyFile == "" {
			return fmt.Errorf("cert file path or key file path not exist")
		}
		if file.IsExist(c.CertConfig.CertFile) && file.IsExist(c.CertConfig.KeyFile) {
			return nil
		}
		l, err := NewLego(c.CertConfig)
		if err != nil {
			return fmt.Errorf("create lego object error: %s", err)
		}
		err = l.CreateCert()
		if err != nil {
			return fmt.Errorf("create lego cert error: %s", err)
		}
	case "self":
		if c.CertConfig.CertFile == "" || c.CertConfig.KeyFile == "" {
			return fmt.Errorf("cert file path or key file path not exist")
		}
		if file.IsExist(c.CertConfig.CertFile) && file.IsExist(c.CertConfig.KeyFile) {
			return nil
		}
		err := generateSelfSslCertificate(
			c.CertConfig.CertDomain,
			c.CertConfig.CertFile,
			c.CertConfig.KeyFile)
		if err != nil {
			return fmt.Errorf("generate self cert error: %s", err)
		}
	default:
		return fmt.Errorf("unsupported certmode: %s", c.CertConfig.CertMode)
	}
	return nil
}

func generateSelfSslCertificate(domain, certPath, keyPath string) error {
	key, _ := rsa.GenerateKey(rand.Reader, 2048)
	tmpl := &x509.Certificate{
		Version:      3,
		SerialNumber: big.NewInt(time.Now().Unix()),
		Subject: pkix.Name{
			CommonName: domain,
		},
		DNSNames:              []string{domain},
		BasicConstraintsValid: true,
		KeyUsage:              x509.KeyUsageDigitalSignature | x509.KeyUsageKeyEncipherment,
		ExtKeyUsage:           []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
		NotBefore:             time.Now(),
		NotAfter:              time.Now().AddDate(30, 0, 0),
	}
	cert, err := x509.CreateCertificate(rand.Reader, tmpl, tmpl, key.Public(), key)
	if err != nil {
		return err
	}
	f, err := os.OpenFile(certPath, os.O_CREATE|os.O_RDWR, 0644)
	if err != nil {
		return err
	}
	err = pem.Encode(f, &pem.Block{
		Type:  "CERTIFICATE",
		Bytes: cert,
	})
	if err != nil {
		return err
	}
	f, err = os.OpenFile(keyPath, os.O_CREATE|os.O_RDWR, 0644)
	if err != nil {
		return err
	}
	err = pem.Encode(f, &pem.Block{
		Type:  "EC PRIVATE KEY",
		Bytes: x509.MarshalPKCS1PrivateKey(key),
	})
	if err != nil {
		return err
	}
	return nil
}
update initial support for hysteria update config update api change user email format ... 2023-06-08 10:46:33 -04:00			`package node`

			`import (`
add self CertMode 2023-08-16 12:21:15 -04:00			`"crypto/rand"`
			`"crypto/rsa"`
			`"crypto/x509"`
			`"crypto/x509/pkix"`
			`"encoding/pem"`
update initial support for hysteria update config update api change user email format ... 2023-06-08 10:46:33 -04:00			`"fmt"`
add self CertMode 2023-08-16 12:21:15 -04:00			`"math/big"`
			`"os"`
			`"time"`
add singbox core(just started) 2023-07-27 21:13:11 -04:00
update 2023-07-29 07:27:15 -04:00			`"github.com/InazumaV/V2bX/common/file"`
add singbox core(just started) 2023-07-27 21:13:11 -04:00			`log "github.com/sirupsen/logrus"`
update initial support for hysteria update config update api change user email format ... 2023-06-08 10:46:33 -04:00			`)`

fix: renewCertTask 2023-07-27 19:06:45 -04:00			`func (c *Controller) renewCertTask() error {`
add self CertMode 2023-08-16 12:21:15 -04:00			`l, err := NewLego(c.CertConfig)`
fix some bugs support ip limit for hy 2023-06-15 22:04:39 -04:00			`if err != nil {`
add singbox core(just started) 2023-07-27 21:13:11 -04:00			`log.WithField("tag", c.tag).Info("new lego error: ", err)`
fix: renewCertTask 2023-07-27 19:06:45 -04:00			`return nil`
fix some bugs support ip limit for hy 2023-06-15 22:04:39 -04:00			`}`
			`err = l.RenewCert()`
			`if err != nil {`
add singbox core(just started) 2023-07-27 21:13:11 -04:00			`log.WithField("tag", c.tag).Info("renew cert error: ", err)`
			`return nil`
fix some bugs support ip limit for hy 2023-06-15 22:04:39 -04:00			`}`
fix: renewCertTask 2023-07-27 19:06:45 -04:00			`return nil`
fix some bugs support ip limit for hy 2023-06-15 22:04:39 -04:00			`}`

update initial support for hysteria update config update api change user email format ... 2023-06-08 10:46:33 -04:00			`func (c *Controller) requestCert() error {`
			`switch c.CertConfig.CertMode {`
			`case "reality", "none", "":`
fix cert mode 2023-07-13 02:16:21 -04:00			`case "file":`
			`if c.CertConfig.CertFile == "" \|\| c.CertConfig.KeyFile == "" {`
			`return fmt.Errorf("cert file path or key file path not exist")`
			`}`
update initial support for hysteria update config update api change user email format ... 2023-06-08 10:46:33 -04:00			`case "dns", "http":`
fix cert mode 2023-07-13 02:16:21 -04:00			`if c.CertConfig.CertFile == "" \|\| c.CertConfig.KeyFile == "" {`
			`return fmt.Errorf("cert file path or key file path not exist")`
			`}`
update initial support for hysteria update config update api change user email format ... 2023-06-08 10:46:33 -04:00			`if file.IsExist(c.CertConfig.CertFile) && file.IsExist(c.CertConfig.KeyFile) {`
			`return nil`
			`}`
add self CertMode 2023-08-16 12:21:15 -04:00			`l, err := NewLego(c.CertConfig)`
update initial support for hysteria update config update api change user email format ... 2023-06-08 10:46:33 -04:00			`if err != nil {`
			`return fmt.Errorf("create lego object error: %s", err)`
			`}`
			`err = l.CreateCert()`
			`if err != nil {`
add self CertMode 2023-08-16 12:21:15 -04:00			`return fmt.Errorf("create lego cert error: %s", err)`
update initial support for hysteria update config update api change user email format ... 2023-06-08 10:46:33 -04:00			`}`
add self CertMode 2023-08-16 12:21:15 -04:00			`case "self":`
			`if c.CertConfig.CertFile == "" \|\| c.CertConfig.KeyFile == "" {`
			`return fmt.Errorf("cert file path or key file path not exist")`
			`}`
			`if file.IsExist(c.CertConfig.CertFile) && file.IsExist(c.CertConfig.KeyFile) {`
			`return nil`
			`}`
			`err := generateSelfSslCertificate(`
			`c.CertConfig.CertDomain,`
			`c.CertConfig.CertFile,`
			`c.CertConfig.KeyFile)`
			`if err != nil {`
			`return fmt.Errorf("generate self cert error: %s", err)`
			`}`
			`default:`
			`return fmt.Errorf("unsupported certmode: %s", c.CertConfig.CertMode)`
			`}`
			`return nil`
			`}`

			`func generateSelfSslCertificate(domain, certPath, keyPath string) error {`
			`key, _ := rsa.GenerateKey(rand.Reader, 2048)`
			`tmpl := &x509.Certificate{`
			`Version: 3,`
			`SerialNumber: big.NewInt(time.Now().Unix()),`
			`Subject: pkix.Name{`
			`CommonName: domain,`
			`},`
			`DNSNames: []string{domain},`
			`BasicConstraintsValid: true,`
			`KeyUsage: x509.KeyUsageDigitalSignature \| x509.KeyUsageKeyEncipherment,`
			`ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},`
			`NotBefore: time.Now(),`
			`NotAfter: time.Now().AddDate(30, 0, 0),`
			`}`
			`cert, err := x509.CreateCertificate(rand.Reader, tmpl, tmpl, key.Public(), key)`
			`if err != nil {`
			`return err`
update initial support for hysteria update config update api change user email format ... 2023-06-08 10:46:33 -04:00			`}`
add self CertMode 2023-08-16 12:21:15 -04:00			`f, err := os.OpenFile(certPath, os.O_CREATE\|os.O_RDWR, 0644)`
			`if err != nil {`
			`return err`
			`}`
			`err = pem.Encode(f, &pem.Block{`
			`Type: "CERTIFICATE",`
			`Bytes: cert,`
			`})`
			`if err != nil {`
			`return err`
			`}`
			`f, err = os.OpenFile(keyPath, os.O_CREATE\|os.O_RDWR, 0644)`
			`if err != nil {`
			`return err`
			`}`
			`err = pem.Encode(f, &pem.Block{`
			`Type: "EC PRIVATE KEY",`
			`Bytes: x509.MarshalPKCS1PrivateKey(key),`
			`})`
			`if err != nil {`
			`return err`
			`}`
			`return nil`
update initial support for hysteria update config update api change user email format ... 2023-06-08 10:46:33 -04:00			`}`