From 1a902df48bed6570ca6210778fbcda9c8a325367 Mon Sep 17 00:00:00 2001 From: gVisor bot Date: Wed, 18 Jan 2023 12:06:36 +0800 Subject: [PATCH] chore: new Random TLS KeyPair when empty input --- common/net/tls.go | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/common/net/tls.go b/common/net/tls.go index 4f5263b8..5e1c81f2 100644 --- a/common/net/tls.go +++ b/common/net/tls.go @@ -1,11 +1,19 @@ package net import ( + "crypto/rand" + "crypto/rsa" "crypto/tls" + "crypto/x509" + "encoding/pem" "fmt" + "math/big" ) func ParseCert(certificate, privateKey string) (tls.Certificate, error) { + if certificate == "" || privateKey == "" { + return newRandomTLSKeyPair() + } cert, painTextErr := tls.X509KeyPair([]byte(certificate), []byte(privateKey)) if painTextErr == nil { return cert, nil @@ -17,3 +25,28 @@ func ParseCert(certificate, privateKey string) (tls.Certificate, error) { } return cert, nil } + +func newRandomTLSKeyPair() (tls.Certificate, error) { + key, err := rsa.GenerateKey(rand.Reader, 2048) + if err != nil { + return tls.Certificate{}, err + } + template := x509.Certificate{SerialNumber: big.NewInt(1)} + certDER, err := x509.CreateCertificate( + rand.Reader, + &template, + &template, + &key.PublicKey, + key) + if err != nil { + return tls.Certificate{}, err + } + keyPEM := pem.EncodeToMemory(&pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(key)}) + certPEM := pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: certDER}) + + tlsCert, err := tls.X509KeyPair(certPEM, keyPEM) + if err != nil { + return tls.Certificate{}, err + } + return tlsCert, nil +}