-
Notifications
You must be signed in to change notification settings - Fork 13
/
mitm.go
68 lines (56 loc) · 1.52 KB
/
mitm.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
// Copyright 2022-2024 Sauce Labs Inc., all rights reserved.
//
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
// file, You can obtain one at https://mozilla.org/MPL/2.0/.
package forwarder
import (
"crypto/tls"
"crypto/x509"
"errors"
"time"
"github.com/saucelabs/forwarder/internal/martian/mitm"
"github.com/saucelabs/forwarder/utils/certutil"
)
type MITMConfig struct {
CACertFile string
CAKeyFile string
Organization string
Validity time.Duration
}
func DefaultMITMConfig() *MITMConfig {
return &MITMConfig{
Organization: "Forwarder Proxy MITM",
Validity: 24 * time.Hour, //nolint:gomnd // 24 hours is a reasonable default
}
}
func (c *MITMConfig) loadCACertificate() (cert tls.Certificate, err error) {
if c.CACertFile == "" && c.CAKeyFile == "" {
tmpl := certutil.ECDSASelfSignedCert()
tmpl.Organization = []string{c.Organization}
tmpl.Hosts = nil
tmpl.IsCA = true
return tmpl.Gen()
}
return loadX509KeyPair(c.CACertFile, c.CAKeyFile)
}
func newMartianMITMConfig(c *MITMConfig) (*mitm.Config, error) {
cert, err := c.loadCACertificate()
if err != nil {
return nil, err
}
ca, err := x509.ParseCertificate(cert.Certificate[0])
if err != nil {
return nil, err
}
if !ca.IsCA {
return nil, errors.New("certificate is not a CA")
}
cfg, err := mitm.NewConfig(ca, cert.PrivateKey)
if err != nil {
return nil, err
}
cfg.SetOrganization(c.Organization)
cfg.SetValidity(c.Validity)
return cfg, nil
}