mirror of
https://github.com/MetaCubeX/Clash.Meta.git
synced 2025-04-19 00:30:58 +00:00
chore: code cleanup
This commit is contained in:
wwqgtxx
parent
dcb20e2824
commit
ba3c44a169
10 changed files with 35 additions and 32 deletions
|
|
@ -3,8 +3,10 @@ package net
|
|||
import (
|
||||
"crypto/rand"
|
||||
"crypto/rsa"
|
||||
"crypto/sha256"
|
||||
"crypto/tls"
|
||||
"crypto/x509"
|
||||
"encoding/hex"
|
||||
"encoding/pem"
|
||||
"fmt"
|
||||
"math/big"
|
||||
|
|
@ -16,7 +18,11 @@ type Path interface {
|
|||
|
||||
func ParseCert(certificate, privateKey string, path Path) (tls.Certificate, error) {
|
||||
if certificate == "" && privateKey == "" {
|
||||
return newRandomTLSKeyPair()
|
||||
var err error
|
||||
certificate, privateKey, _, err = NewRandomTLSKeyPair()
|
||||
if err != nil {
|
||||
return tls.Certificate{}, err
|
||||
}
|
||||
}
|
||||
cert, painTextErr := tls.X509KeyPair([]byte(certificate), []byte(privateKey))
|
||||
if painTextErr == nil {
|
||||
|
|
@ -32,10 +38,10 @@ func ParseCert(certificate, privateKey string, path Path) (tls.Certificate, erro
|
|||
return cert, nil
|
||||
}
|
||||
|
||||
func newRandomTLSKeyPair() (tls.Certificate, error) {
|
||||
func NewRandomTLSKeyPair() (certificate string, privateKey string, fingerprint string, err error) {
|
||||
key, err := rsa.GenerateKey(rand.Reader, 2048)
|
||||
if err != nil {
|
||||
return tls.Certificate{}, err
|
||||
return
|
||||
}
|
||||
template := x509.Certificate{SerialNumber: big.NewInt(1)}
|
||||
certDER, err := x509.CreateCertificate(
|
||||
|
|
@ -45,14 +51,15 @@ func newRandomTLSKeyPair() (tls.Certificate, error) {
|
|||
&key.PublicKey,
|
||||
key)
|
||||
if err != nil {
|
||||
return tls.Certificate{}, err
|
||||
return
|
||||
}
|
||||
keyPEM := pem.EncodeToMemory(&pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(key)})
|
||||
certPEM := pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: certDER})
|
||||
|
||||
tlsCert, err := tls.X509KeyPair(certPEM, keyPEM)
|
||||
cert, err := x509.ParseCertificate(certDER)
|
||||
if err != nil {
|
||||
return tls.Certificate{}, err
|
||||
return
|
||||
}
|
||||
return tlsCert, nil
|
||||
hash := sha256.Sum256(cert.Raw)
|
||||
fingerprint = hex.EncodeToString(hash[:])
|
||||
privateKey = string(pem.EncodeToMemory(&pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(key)}))
|
||||
certificate = string(pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: certDER}))
|
||||
return
|
||||
}
|
||||
|
|
|
|||
|
|
@ -69,7 +69,7 @@ func HttpRequestWithProxy(ctx context.Context, url, method string, header map[st
|
|||
TLSHandshakeTimeout: 10 * time.Second,
|
||||
ExpectContinueTimeout: 1 * time.Second,
|
||||
DialContext: func(ctx context.Context, network, address string) (net.Conn, error) {
|
||||
if conn, err := inner.HandleTcp(address, specialProxy); err == nil {
|
||||
if conn, err := inner.HandleTcp(inner.GetTunnel(), address, specialProxy); err == nil {
|
||||
return conn, nil
|
||||
} else {
|
||||
return dialer.DialContext(ctx, network, address)
|
||||
|
|
|
|||
|
|
@ -78,7 +78,7 @@ func NewWithConfig(config LC.AuthServer, tunnel C.Tunnel, additions ...inbound.A
|
|||
if tlsConfig.Certificates != nil {
|
||||
return nil, errors.New("certificate is unavailable in reality")
|
||||
}
|
||||
realityBuilder, err = config.RealityConfig.Build()
|
||||
realityBuilder, err = config.RealityConfig.Build(tunnel)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3,8 +3,6 @@ package inner
|
|||
import (
|
||||
"errors"
|
||||
"net"
|
||||
"net/netip"
|
||||
"strconv"
|
||||
|
||||
N "github.com/metacubex/mihomo/common/net"
|
||||
C "github.com/metacubex/mihomo/constant"
|
||||
|
|
@ -16,9 +14,13 @@ func New(t C.Tunnel) {
|
|||
tunnel = t
|
||||
}
|
||||
|
||||
func HandleTcp(address string, proxy string) (conn net.Conn, err error) {
|
||||
func GetTunnel() C.Tunnel {
|
||||
return tunnel
|
||||
}
|
||||
|
||||
func HandleTcp(tunnel C.Tunnel, address string, proxy string) (conn net.Conn, err error) {
|
||||
if tunnel == nil {
|
||||
return nil, errors.New("tcp uninitialized")
|
||||
return nil, errors.New("tunnel uninitialized")
|
||||
}
|
||||
// executor Parsed
|
||||
conn1, conn2 := N.Pipe()
|
||||
|
|
@ -31,15 +33,8 @@ func HandleTcp(address string, proxy string) (conn net.Conn, err error) {
|
|||
if proxy != "" {
|
||||
metadata.SpecialProxy = proxy
|
||||
}
|
||||
if h, port, err := net.SplitHostPort(address); err == nil {
|
||||
if port, err := strconv.ParseUint(port, 10, 16); err == nil {
|
||||
metadata.DstPort = uint16(port)
|
||||
}
|
||||
if ip, err := netip.ParseAddr(h); err == nil {
|
||||
metadata.DstIP = ip
|
||||
} else {
|
||||
metadata.Host = h
|
||||
}
|
||||
if err = metadata.SetRemoteAddress(address); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
go tunnel.HandleTCPConn(conn2, metadata)
|
||||
|
|
|
|||
|
|
@ -73,7 +73,7 @@ func NewWithConfig(config LC.AuthServer, tunnel C.Tunnel, additions ...inbound.A
|
|||
if tlsConfig.Certificates != nil {
|
||||
return nil, errors.New("certificate is unavailable in reality")
|
||||
}
|
||||
realityBuilder, err = config.RealityConfig.Build()
|
||||
realityBuilder, err = config.RealityConfig.Build(tunnel)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
|
|
|||
|
|
@ -9,6 +9,7 @@ import (
|
|||
"net"
|
||||
"time"
|
||||
|
||||
C "github.com/metacubex/mihomo/constant"
|
||||
"github.com/metacubex/mihomo/listener/inner"
|
||||
"github.com/metacubex/mihomo/log"
|
||||
"github.com/metacubex/mihomo/ntp"
|
||||
|
|
@ -27,7 +28,7 @@ type Config struct {
|
|||
Proxy string
|
||||
}
|
||||
|
||||
func (c Config) Build() (*Builder, error) {
|
||||
func (c Config) Build(tunnel C.Tunnel) (*Builder, error) {
|
||||
realityConfig := &utls.RealityConfig{}
|
||||
realityConfig.SessionTicketsDisabled = true
|
||||
realityConfig.Type = "tcp"
|
||||
|
|
@ -67,7 +68,7 @@ func (c Config) Build() (*Builder, error) {
|
|||
}
|
||||
|
||||
realityConfig.DialContext = func(ctx context.Context, network, address string) (net.Conn, error) {
|
||||
return inner.HandleTcp(address, c.Proxy)
|
||||
return inner.HandleTcp(tunnel, address, c.Proxy)
|
||||
}
|
||||
|
||||
return &Builder{realityConfig}, nil
|
||||
|
|
|
|||
|
|
@ -106,7 +106,7 @@ func New(config LC.VlessServer, tunnel C.Tunnel, additions ...inbound.Addition)
|
|||
if tlsConfig.Certificates != nil {
|
||||
return nil, errors.New("certificate is unavailable in reality")
|
||||
}
|
||||
realityBuilder, err = config.RealityConfig.Build()
|
||||
realityBuilder, err = config.RealityConfig.Build(tunnel)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
|
|
|||
|
|
@ -90,7 +90,7 @@ func New(config LC.VmessServer, tunnel C.Tunnel, additions ...inbound.Addition)
|
|||
if tlsConfig.Certificates != nil {
|
||||
return nil, errors.New("certificate is unavailable in reality")
|
||||
}
|
||||
realityBuilder, err = config.RealityConfig.Build()
|
||||
realityBuilder, err = config.RealityConfig.Build(tunnel)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
|
|
|||
|
|
@ -72,7 +72,7 @@ func NewWithConfig(config LC.AuthServer, tunnel C.Tunnel, additions ...inbound.A
|
|||
if tlsConfig.Certificates != nil {
|
||||
return nil, errors.New("certificate is unavailable in reality")
|
||||
}
|
||||
realityBuilder, err = config.RealityConfig.Build()
|
||||
realityBuilder, err = config.RealityConfig.Build(tunnel)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
|
|
|||
|
|
@ -84,7 +84,7 @@ func New(config LC.TrojanServer, tunnel C.Tunnel, additions ...inbound.Addition)
|
|||
if tlsConfig.Certificates != nil {
|
||||
return nil, errors.New("certificate is unavailable in reality")
|
||||
}
|
||||
realityBuilder, err = config.RealityConfig.Build()
|
||||
realityBuilder, err = config.RealityConfig.Build(tunnel)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue