neru/tinymitm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: misc changes on generateAndSaveCA

Browse Source
This commit is contained in:
neru
2026-05-13 11:23:20 -03:00
parent 93df62b91b
commit b5ea374702
1 changed files with 32 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/proxy/tinymitm/ssl.cpp
+32 -11
View File
@@ -56,7 +56,7 @@ WOLFSSL_CTX* CertificateManager::createHostContext(const std::string& host)
hostTrimmed.erase(hostTrimmed.find_last_not_of(" \t\r\n") + 1); hostTrimmed.erase(hostTrimmed.find_last_not_of(" \t\r\n") + 1);
/* /*
cert config cert setup
*/ */
auto cert = std::make_unique<Cert>(); auto cert = std::make_unique<Cert>();
memset(cert.get(), 0, sizeof(Cert)); memset(cert.get(), 0, sizeof(Cert));
@@ -150,49 +150,70 @@ bool CertificateManager::installCertificate()
bool CertificateManager::generateAndSaveCA(const char* caName, int days, const std::string& certPath, bool CertificateManager::generateAndSaveCA(const char* caName, int days, const std::string& certPath,
const std::string& keyPath) const std::string& keyPath)
{ {
/*
RSA
*/
_caKey.reset(new RsaKey()); _caKey.reset(new RsaKey());
wc_InitRsaKey(_caKey.get(), nullptr); wc_InitRsaKey(_caKey.get(), nullptr);
if (wc_MakeRsaKey(_caKey.get(), 2048, 65537, _rng.get()) != 0) return false; if (wc_MakeRsaKey(_caKey.get(), 2048, 65537, _rng.get()) != 0) return false;
/*
cert setup
*/
auto cert = std::make_unique<Cert>(); auto cert = std::make_unique<Cert>();
memset(cert.get(), 0, sizeof(Cert)); memset(cert.get(), 0, sizeof(Cert));
wc_InitCert(cert.get()); wc_InitCert(cert.get());
strncpy_s(cert->subject.commonName, sizeof(cert->subject.commonName), caName, _TRUNCATE); strncpy_s(cert->subject.commonName, sizeof(cert->subject.commonName), caName, _TRUNCATE);
cert->isCA = 1; cert->isCA = 1;
cert->basicConstSet = 1;
cert->basicConstCrit = 1;
cert->sigType = CTC_SHA256wRSA; cert->sigType = CTC_SHA256wRSA;
cert->daysValid = days; cert->daysValid = days;
cert->keyUsage = KEYUSE_KEY_CERT_SIGN | KEYUSE_CRL_SIGN;
cert->serialSz = 1;
cert->serial[0] = 1;
/*
CA sign
*/
_caCertDer.resize(4096); _caCertDer.resize(4096);
int certLen = int certLen = wc_MakeCert(cert.get(), _caCertDer.data(), static_cast<word32>(_caCertDer.size()), _caKey.get(),
wc_MakeCert(cert.get(), _caCertDer.data(), (word32)_caCertDer.size(), _caKey.get(), nullptr, _rng.get()); nullptr, _rng.get());
if (certLen < 0) return false; if (certLen < 0) return false;
certLen = wc_SignCert(cert->bodySz, cert->sigType, _caCertDer.data(), (word32)_caCertDer.size(), _caKey.get(), certLen = wc_SignCert(cert->bodySz, cert->sigType, _caCertDer.data(), static_cast<word32>(_caCertDer.size()),
nullptr, _rng.get()); _caKey.get(), nullptr, _rng.get());
if (certLen < 0) return false; if (certLen < 0) return false;
_caCertDer.resize(certLen); _caCertDer.resize(certLen);
/*
keys
*/
std::vector<unsigned char> keyDer(4096); std::vector<unsigned char> keyDer(4096);
int keyDerLen = wc_RsaKeyToDer(_caKey.get(), keyDer.data(), (word32)keyDer.size()); int keyDerLen = wc_RsaKeyToDer(_caKey.get(), keyDer.data(), static_cast<word32>(keyDer.size()));
if (keyDerLen < 0) return false; if (keyDerLen < 0) return false;
std::vector<unsigned char> keyPem(4096); std::vector<unsigned char> keyPem(4096);
int keyPemLen = int keyPemLen = wc_DerToPem(keyDer.data(), static_cast<word32>(keyDerLen), keyPem.data(),
wc_DerToPem(keyDer.data(), (word32)keyDerLen, keyPem.data(), (word32)keyPem.size(), PRIVATEKEY_TYPE); static_cast<word32>(keyPem.size()), PRIVATEKEY_TYPE);
std::ofstream kOut(keyPath, std::ios::binary); std::ofstream kOut(keyPath, std::ios::binary);
if (!kOut.is_open()) return false; if (!kOut.is_open()) return false;
kOut.write((char*)keyPem.data(), keyPemLen); kOut.write((char*)keyPem.data(), keyPemLen);
std::vector<unsigned char> certPem(4096); std::vector<unsigned char> certPem(4096);
int certPemLen = int certPemLen = wc_DerToPem(_caCertDer.data(), static_cast<word32>(_caCertDer.size()), certPem.data(),
wc_DerToPem(_caCertDer.data(), (word32)_caCertDer.size(), certPem.data(), (word32)certPem.size(), CERT_TYPE); static_cast<word32>(certPem.size()), CERT_TYPE);
/*
file out
*/
std::ofstream cOut(certPath, std::ios::binary); std::ofstream cOut(certPath, std::ios::binary);
if (!cOut.is_open()) return false; if (!cOut.is_open()) return false;
cOut.write((char*)certPem.data(), certPemLen); cOut.write(reinterpret_cast<char*>(certPem.data()), certPemLen);
return true; return true;
} }