autocert

2022-09-04 23:07:14 +03:00 · 2022-09-04 23:07:14 +03:00 · 8b5dc9dccb
parent 7436b359d2
commit 8b5dc9dccb
2 changed files with 43 additions and 2 deletions
--- a/go.sum
+++ b/go.sum
@ -1,7 +1,9 @@
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20200510223506-06a226fb4e37 h1:cg5LA/zNPRzIXIWSCxQW10Rvpy94aQh3LT/ShoCpkHw=
 golang.org/x/crypto v0.0.0-20200510223506-06a226fb4e37/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3 h1:0GoQqolDA55aaLxZyTzK/Y2ePZzZTUrRacwib7cNsYQ=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
--- a/main.go
+++ b/main.go
@ -7,10 +7,15 @@ import (
 	"log"
 	"net/http"
 	"os"
+	"path/filepath"
+	"strings"
 	"time"
+
+	"golang.org/x/crypto/acme/autocert"
 )

 var (
+	home, _ = os.UserHomeDir()
 	version = "undefined"
 )

@ -26,6 +31,23 @@ func arg_fail(msg string) {
 	os.Exit(2)
 }

+type CSVArg []string
+
+func (a *CSVArg) Set(s string) error {
+	*a = strings.Split(s, ",")
+	return nil
+}
+
+func (a *CSVArg) String() string {
+	if a == nil {
+		return "<nil>"
+	}
+	if *a == nil {
+		return "<empty>"
+	}
+	return strings.Join(*a, ",")
+}
+
 type CLIArgs struct {
 	bind_address      string
 	auth              string
@ -35,7 +57,10 @@ type CLIArgs struct {
 	list_ciphers      bool
 	ciphers           string
 	disableHTTP2      bool
-	showVersion         bool
+	showVersion       bool
+	autocert          bool
+	autocertWhitelist CSVArg
+	autocertDir       string
 }

 func list_ciphers() {
@ -58,6 +83,9 @@ func parse_args() CLIArgs {
 	flag.StringVar(&args.ciphers, "ciphers", "", "colon-separated list of enabled ciphers")
 	flag.BoolVar(&args.disableHTTP2, "disable-http2", false, "disable HTTP2")
 	flag.BoolVar(&args.showVersion, "version", false, "show program version and exit")
+	flag.BoolVar(&args.autocert, "autocert", false, "issue TLS certificates automatically")
+	flag.Var(&args.autocertWhitelist, "autocert-whitelist", "restrict autocert domains to this comma-separated list")
+	flag.StringVar(&args.autocertDir, "autocert-dir", filepath.Join(home, ".dumbproxy", "autocert"), "path to autocert cache")
 	flag.Parse()
 	return args
 }
@ -70,7 +98,6 @@ func run() int {
 		return 0
 	}

-
 	if args.list_ciphers {
 		list_ciphers()
 		return 0
@ -116,6 +143,18 @@ func run() int {
 		cfg.CipherSuites = makeCipherList(args.ciphers)
 		server.TLSConfig = cfg
 		err = server.ListenAndServeTLS("", "")
+	} else if args.autocert {
+		m := &autocert.Manager{
+			Cache:  autocert.DirCache(args.autocertDir),
+			Prompt: autocert.AcceptTOS,
+		}
+		if args.autocertWhitelist != nil {
+			m.HostPolicy = autocert.HostWhitelist([]string(args.autocertWhitelist)...)
+		}
+		cfg := m.TLSConfig()
+		cfg.CipherSuites = makeCipherList(args.ciphers)
+		server.TLSConfig = cfg
+		err = server.ListenAndServeTLS("", "")
 	} else {
 		err = server.ListenAndServe()
 	}