Xray-core/main/commands/all/tls/certchainhash.go

package tls

import (
	"flag"
	"fmt"
	"io/ioutil"

	"github.com/xtls/xray-core/main/commands/base"
	"github.com/xtls/xray-core/transport/internet/tls"
)

var cmdCertChainHash = &base.Command{
	UsageLine: "{{.Exec}} certChainHash",
	Short:     "Calculate TLS certificates hash.",
	Long: `
	xray tls certChainHash --cert <cert.pem>
	Calculate TLS certificate chain hash.
	`,
}

func init() {
	cmdCertChainHash.Run = executeCertChainHash // break init loop
}

var input = cmdCertChainHash.Flag.String("cert", "fullchain.pem", "The file path of the certificates chain")

func executeCertChainHash(cmd *base.Command, args []string) {
	fs := flag.NewFlagSet("certChainHash", flag.ContinueOnError)
	if err := fs.Parse(args); err != nil {
		fmt.Println(err)
		return
	}
	certContent, err := ioutil.ReadFile(*input)
	if err != nil {
		fmt.Println(err)
		return
	}
	certChainHashB64 := tls.CalculatePEMCertChainSHA256Hash(certContent)
	fmt.Println(certChainHashB64)
	return
}
Verify peer cert function for better man in the middle prevention (#746) * verify peer cert function for better man in the middle prevention * publish cert chain hash generation algorithm * added calculation of certificate hash as separate command and tlsping, use base64 to represent fingerprint to align with jsonPb * apply coding style * added test case for pinned certificates * refactored cert pin * pinned cert test * added json loading of the PinnedPeerCertificateChainSha256 * removed tool to prepare for v5 * Add server cert pinning for Xtls Change command "xray tls certChainHash" to xray style Co-authored-by: Shelikhoo <xiaokangwang@outlook.com> 2021-10-22 04:04:06 +00:00			`package tls`

			`import (`
			`"flag"`
			`"fmt"`
			`"io/ioutil"`

			`"github.com/xtls/xray-core/main/commands/base"`
			`"github.com/xtls/xray-core/transport/internet/tls"`
			`)`

			`var cmdCertChainHash = &base.Command{`
			`UsageLine: "{{.Exec}} certChainHash",`
			`Short: "Calculate TLS certificates hash.",`
			Long: `
			`xray tls certChainHash --cert <cert.pem>`
			`Calculate TLS certificate chain hash.`
			`,
			`}`

			`func init() {`
			`cmdCertChainHash.Run = executeCertChainHash // break init loop`
			`}`

			`var input = cmdCertChainHash.Flag.String("cert", "fullchain.pem", "The file path of the certificates chain")`

			`func executeCertChainHash(cmd *base.Command, args []string) {`
			`fs := flag.NewFlagSet("certChainHash", flag.ContinueOnError)`
			`if err := fs.Parse(args); err != nil {`
			`fmt.Println(err)`
			`return`
			`}`
			`certContent, err := ioutil.ReadFile(*input)`
			`if err != nil {`
			`fmt.Println(err)`
			`return`
			`}`
			`certChainHashB64 := tls.CalculatePEMCertChainSHA256Hash(certContent)`
			`fmt.Println(certChainHashB64)`
			`return`
			`}`