v1.1.0

2025-04-29 16:58:34 +00:00 · 2020-12-04 09:36:16 +08:00 · 2020-12-04 09:36:16 +08:00 · 16544c18ab
commit 16544c18ab
parent ed8d6d743c
627 changed files with 3247 additions and 2635 deletions
--- a/main/commands/all/tls/cert.go
+++ b/main/commands/all/tls/cert.go
@ -0,0 +1,143 @@
+package tls
+
+import (
+	"context"
+	"crypto/x509"
+	"encoding/json"
+	"os"
+	"strings"
+	"time"
+
+	"github.com/xtls/xray-core/common"
+	"github.com/xtls/xray-core/common/protocol/tls/cert"
+	"github.com/xtls/xray-core/common/task"
+	"github.com/xtls/xray-core/main/commands/base"
+)
+
+// cmdCert is the tls cert command
+var cmdCert = &base.Command{
+	UsageLine: "{{.Exec}} tls cert [--ca] [--domain=example.com] [--expire=240h]",
+	Short:     "Generate TLS certificates",
+	Long: `
+Generate TLS certificates.
+
+Arguments:
+
+	-domain=domain_name 
+		The domain name for the certificate.
+
+	-org=organization 
+		The organization name for the certificate.
+
+	-ca 
+		Whether this certificate is a CA
+
+	-json 
+		The output of certificate to JSON
+
+	-file 
+		The certificate path to save.
+
+	-expire 
+		Expire time of the certificate. Default value 3 months.
+`,
+}
+
+func init() {
+	cmdCert.Run = executeCert // break init loop
+}
+
+var (
+	certDomainNames stringList
+	_               = func() bool {
+		cmdCert.Flag.Var(&certDomainNames, "domain", "Domain name for the certificate")
+		return true
+	}()
+
+	certCommonName   = cmdCert.Flag.String("name", "Xray Inc", "The common name of this certificate")
+	certOrganization = cmdCert.Flag.String("org", "Xray Inc", "Organization of the certificate")
+	certIsCA         = cmdCert.Flag.Bool("ca", false, "Whether this certificate is a CA")
+	certJSONOutput   = cmdCert.Flag.Bool("json", true, "Print certificate in JSON format")
+	certFileOutput   = cmdCert.Flag.String("file", "", "Save certificate in file.")
+	certExpire       = cmdCert.Flag.Duration("expire", time.Hour*24*90 /* 90 days */, "Time until the certificate expires. Default value 3 months.")
+)
+
+func executeCert(cmd *base.Command, args []string) {
+	var opts []cert.Option
+	if *certIsCA {
+		opts = append(opts, cert.Authority(*certIsCA))
+		opts = append(opts, cert.KeyUsage(x509.KeyUsageCertSign|x509.KeyUsageKeyEncipherment|x509.KeyUsageDigitalSignature))
+	}
+
+	opts = append(opts, cert.NotAfter(time.Now().Add(*certExpire)))
+	opts = append(opts, cert.CommonName(*certCommonName))
+	if len(certDomainNames) > 0 {
+		opts = append(opts, cert.DNSNames(certDomainNames...))
+	}
+	opts = append(opts, cert.Organization(*certOrganization))
+
+	cert, err := cert.Generate(nil, opts...)
+	if err != nil {
+		base.Fatalf("failed to generate TLS certificate: %s", err)
+	}
+
+	if *certJSONOutput {
+		printJSON(cert)
+	}
+
+	if len(*certFileOutput) > 0 {
+		if err := printFile(cert, *certFileOutput); err != nil {
+			base.Fatalf("failed to save file: %s", err)
+		}
+	}
+}
+
+func printJSON(certificate *cert.Certificate) {
+	certPEM, keyPEM := certificate.ToPEM()
+	jCert := &jsonCert{
+		Certificate: strings.Split(strings.TrimSpace(string(certPEM)), "\n"),
+		Key:         strings.Split(strings.TrimSpace(string(keyPEM)), "\n"),
+	}
+	content, err := json.MarshalIndent(jCert, "", "  ")
+	common.Must(err)
+	os.Stdout.Write(content)
+	os.Stdout.WriteString("\n")
+}
+
+func writeFile(content []byte, name string) error {
+	f, err := os.Create(name)
+	if err != nil {
+		return err
+	}
+	defer f.Close()
+
+	return common.Error2(f.Write(content))
+}
+
+func printFile(certificate *cert.Certificate, name string) error {
+	certPEM, keyPEM := certificate.ToPEM()
+	return task.Run(context.Background(), func() error {
+		return writeFile(certPEM, name+"_cert.pem")
+	}, func() error {
+		return writeFile(keyPEM, name+"_key.pem")
+	})
+}
+
+type stringList []string
+
+func (l *stringList) String() string {
+	return "String list"
+}
+
+func (l *stringList) Set(v string) error {
+	if v == "" {
+		base.Fatalf("empty value")
+	}
+	*l = append(*l, v)
+	return nil
+}
+
+type jsonCert struct {
+	Certificate []string `json:"certificate"`
+	Key         []string `json:"key"`
+}
--- a/main/commands/all/tls/ping.go
+++ b/main/commands/all/tls/ping.go
@ -0,0 +1,114 @@
+package tls
+
+import (
+	"crypto/tls"
+	"crypto/x509"
+	"fmt"
+	"net"
+
+	"github.com/xtls/xray-core/main/commands/base"
+)
+
+// cmdPing is the tls ping command
+var cmdPing = &base.Command{
+	UsageLine: "{{.Exec}} tls ping [-ip <ip>] <domain>",
+	Short:     "Ping the domain with TLS handshake",
+	Long: `
+Ping the domain with TLS handshake.
+
+Arguments:
+
+	-ip
+		The IP address of the domain.
+`,
+}
+
+func init() {
+	cmdPing.Run = executePing // break init loop
+}
+
+var (
+	pingIPStr = cmdPing.Flag.String("ip", "", "")
+)
+
+func executePing(cmd *base.Command, args []string) {
+	if cmdPing.Flag.NArg() < 1 {
+		base.Fatalf("domain not specified")
+	}
+
+	domain := cmdPing.Flag.Arg(0)
+	fmt.Println("Tls ping: ", domain)
+
+	var ip net.IP
+	if len(*pingIPStr) > 0 {
+		v := net.ParseIP(*pingIPStr)
+		if v == nil {
+			base.Fatalf("invalid IP: %s", *pingIPStr)
+		}
+		ip = v
+	} else {
+		v, err := net.ResolveIPAddr("ip", domain)
+		if err != nil {
+			base.Fatalf("Failed to resolve IP: %s", err)
+		}
+		ip = v.IP
+	}
+	fmt.Println("Using IP: ", ip.String())
+
+	fmt.Println("-------------------")
+	fmt.Println("Pinging without SNI")
+	{
+		tcpConn, err := net.DialTCP("tcp", nil, &net.TCPAddr{IP: ip, Port: 443})
+		if err != nil {
+			base.Fatalf("Failed to dial tcp: %s", err)
+		}
+		tlsConn := tls.Client(tcpConn, &tls.Config{
+			InsecureSkipVerify: true,
+			NextProtos:         []string{"http/1.1"},
+			MaxVersion:         tls.VersionTLS12,
+			MinVersion:         tls.VersionTLS12,
+		})
+		err = tlsConn.Handshake()
+		if err != nil {
+			fmt.Println("Handshake failure: ", err)
+		} else {
+			fmt.Println("Handshake succeeded")
+			printCertificates(tlsConn.ConnectionState().PeerCertificates)
+		}
+		tlsConn.Close()
+	}
+
+	fmt.Println("-------------------")
+	fmt.Println("Pinging with SNI")
+	{
+		tcpConn, err := net.DialTCP("tcp", nil, &net.TCPAddr{IP: ip, Port: 443})
+		if err != nil {
+			base.Fatalf("Failed to dial tcp: %s", err)
+		}
+		tlsConn := tls.Client(tcpConn, &tls.Config{
+			ServerName: domain,
+			NextProtos: []string{"http/1.1"},
+			MaxVersion: tls.VersionTLS12,
+			MinVersion: tls.VersionTLS12,
+		})
+		err = tlsConn.Handshake()
+		if err != nil {
+			fmt.Println("handshake failure: ", err)
+		} else {
+			fmt.Println("handshake succeeded")
+			printCertificates(tlsConn.ConnectionState().PeerCertificates)
+		}
+		tlsConn.Close()
+	}
+
+	fmt.Println("Tls ping finished")
+}
+
+func printCertificates(certs []*x509.Certificate) {
+	for _, cert := range certs {
+		if len(cert.DNSNames) == 0 {
+			continue
+		}
+		fmt.Println("Allowed domains: ", cert.DNSNames)
+	}
+}
--- a/main/commands/all/tls/tls.go
+++ b/main/commands/all/tls/tls.go
@ -0,0 +1,17 @@
+package tls
+
+import (
+	"github.com/xtls/xray-core/main/commands/base"
+)
+
+// CmdTLS holds all tls sub commands
+var CmdTLS = &base.Command{
+	UsageLine: "{{.Exec}} tls",
+	Short:     "TLS tools",
+	Long: `{{.Exec}} {{.LongName}} provides tools for TLS.
+`,
+	Commands: []*base.Command{
+		cmdCert,
+		cmdPing,
+	},
+}