Skip to content

Commit 48dae8f

Browse files
hatoohatoo
authored
Merge pull request #106 from hatoo/update-deps
Update rcgen
2 parents 393c264 + 21b98f7 commit 48dae8f

File tree

12 files changed

+375
-343
lines changed

12 files changed

+375
-343
lines changed

Cargo.lock

Lines changed: 86 additions & 62 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

Cargo.toml

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -35,7 +35,7 @@ hyper = { version = "1.0.1", features = ["http1", "http2", "server", "client"] }
3535
futures = "0.3.29"
3636
bytes = "1.7.1"
3737
http-body-util = "0.1.0"
38-
rcgen = "0.13.1"
38+
rcgen = "0.14.3"
3939
tokio-rustls = "0.26.1"
4040
tracing = "0.1.40"
4141
hyper-util = { version = "0.1.11", features = ["tokio"] }
@@ -51,7 +51,8 @@ webpki-roots = { version = "1.0.1", optional = true }
5151
axum = { version = "0.8.3", features = ["http2"] }
5252
clap = { version = "4.5.35", features = ["derive"] }
5353
ctor = "0.4.1"
54-
rcgen = { version = "0.13.1", features = ["x509-parser"] }
54+
rcgen = { version = "0.14.3", features = ["x509-parser", "pem"] }
5555
reqwest = { version = "0.12.15", features = ["native-tls-alpn"] }
56+
rustls-pki-types = "1.12.0"
5657
tracing-subscriber = { version = "0.3.18", features = ["env-filter"] }
5758
winnow = "0.7.4"

README.md

Lines changed: 36 additions & 39 deletions
Original file line numberDiff line numberDiff line change
@@ -20,35 +20,50 @@ use tracing_subscriber::EnvFilter;
2020
#[derive(Parser)]
2121
struct Opt {
2222
#[clap(flatten)]
23-
external_cert: Option<ExternalCert>,
23+
external_issuer: Option<ExternalIssuer>,
2424
}
2525
2626
#[derive(Args, Debug)]
27-
struct ExternalCert {
27+
struct ExternalIssuer {
2828
#[arg(required = false)]
2929
cert: PathBuf,
3030
#[arg(required = false)]
3131
private_key: PathBuf,
3232
}
3333
34-
fn make_root_cert() -> rcgen::CertifiedKey {
35-
let mut param = rcgen::CertificateParams::default();
34+
fn make_root_issuer() -> rcgen::Issuer<'static, rcgen::KeyPair> {
35+
let mut params = rcgen::CertificateParams::default();
3636
37-
param.distinguished_name = rcgen::DistinguishedName::new();
38-
param.distinguished_name.push(
37+
params.distinguished_name = rcgen::DistinguishedName::new();
38+
params.distinguished_name.push(
3939
rcgen::DnType::CommonName,
4040
rcgen::DnValue::Utf8String("<HTTP-MITM-PROXY CA>".to_string()),
4141
);
42-
param.key_usages = vec![
42+
params.key_usages = vec![
4343
rcgen::KeyUsagePurpose::KeyCertSign,
4444
rcgen::KeyUsagePurpose::CrlSign,
4545
];
46-
param.is_ca = rcgen::IsCa::Ca(rcgen::BasicConstraints::Unconstrained);
46+
params.is_ca = rcgen::IsCa::Ca(rcgen::BasicConstraints::Unconstrained);
4747
48-
let key_pair = rcgen::KeyPair::generate().unwrap();
49-
let cert = param.self_signed(&key_pair).unwrap();
48+
let signing_key = rcgen::KeyPair::generate().unwrap();
5049
51-
rcgen::CertifiedKey { cert, key_pair }
50+
let cert = params.self_signed(&signing_key).unwrap();
51+
52+
println!();
53+
println!("Trust this cert if you want to use HTTPS");
54+
println!();
55+
println!("{}", cert.pem());
56+
println!();
57+
58+
/*
59+
Save this cert to ca.crt and use it with curl like this:
60+
curl https://www.google.com -x http://127.0.0.1:3003 --cacert ca.crt
61+
*/
62+
63+
println!("Private key");
64+
println!("{}", signing_key.serialize_pem());
65+
66+
rcgen::Issuer::new(params, signing_key)
5267
}
5368
5469
#[tokio::main]
@@ -59,29 +74,25 @@ async fn main() {
5974
.with_env_filter(EnvFilter::from_default_env())
6075
.init();
6176
62-
let root_cert = if let Some(external_cert) = opt.external_cert {
77+
let root_issuer = if let Some(external_issuer) = opt.external_issuer {
6378
// Use existing key
64-
let param = rcgen::CertificateParams::from_ca_cert_pem(
65-
&std::fs::read_to_string(&external_cert.cert).unwrap(),
79+
let signing_key = rcgen::KeyPair::from_pem(
80+
&std::fs::read_to_string(&external_issuer.private_key).unwrap(),
6681
)
6782
.unwrap();
68-
let key_pair =
69-
rcgen::KeyPair::from_pem(&std::fs::read_to_string(&external_cert.private_key).unwrap())
70-
.unwrap();
71-
72-
let cert = param.self_signed(&key_pair).unwrap();
7383
74-
rcgen::CertifiedKey { cert, key_pair }
84+
rcgen::Issuer::from_ca_cert_pem(
85+
&std::fs::read_to_string(&external_issuer.cert).unwrap(),
86+
signing_key,
87+
)
88+
.unwrap()
7589
} else {
76-
make_root_cert()
90+
make_root_issuer()
7791
};
7892
79-
let root_cert_pem = root_cert.cert.pem();
80-
let root_cert_key = root_cert.key_pair.serialize_pem();
81-
8293
let proxy = MitmProxy::new(
8394
// This is the root cert that will be used to sign the fake certificates
84-
Some(root_cert),
95+
Some(root_issuer),
8596
Some(Cache::new(128)),
8697
);
8798
@@ -112,20 +123,6 @@ async fn main() {
112123
113124
println!("HTTP Proxy is listening on http://127.0.0.1:3003");
114125
115-
println!();
116-
println!("Trust this cert if you want to use HTTPS");
117-
println!();
118-
println!("{}", root_cert_pem);
119-
println!();
120-
121-
/*
122-
Save this cert to ca.crt and use it with curl like this:
123-
curl https://www.google.com -x http://127.0.0.1:3003 --cacert ca.crt
124-
*/
125-
126-
println!("Private key");
127-
println!("{}", root_cert_key);
128-
129126
server.await;
130127
}
131128
```

examples/dev_proxy.rs

Lines changed: 38 additions & 43 deletions
Original file line numberDiff line numberDiff line change
@@ -13,35 +13,50 @@ use http_mitm_proxy::{
1313
#[derive(Parser)]
1414
struct Opt {
1515
#[clap(flatten)]
16-
external_cert: Option<ExternalCert>,
16+
external_issuer: Option<ExternalIssuer>,
1717
}
1818

1919
#[derive(Args, Debug)]
20-
struct ExternalCert {
20+
struct ExternalIssuer {
2121
#[arg(required = false)]
2222
cert: PathBuf,
2323
#[arg(required = false)]
2424
private_key: PathBuf,
2525
}
2626

27-
fn make_root_cert() -> rcgen::CertifiedKey {
28-
let mut param = rcgen::CertificateParams::default();
27+
fn make_root_issuer() -> rcgen::Issuer<'static, rcgen::KeyPair> {
28+
let mut params = rcgen::CertificateParams::default();
2929

30-
param.distinguished_name = rcgen::DistinguishedName::new();
31-
param.distinguished_name.push(
30+
params.distinguished_name = rcgen::DistinguishedName::new();
31+
params.distinguished_name.push(
3232
rcgen::DnType::CommonName,
3333
rcgen::DnValue::Utf8String("<HTTP-MITM-PROXY CA>".to_string()),
3434
);
35-
param.key_usages = vec![
35+
params.key_usages = vec![
3636
rcgen::KeyUsagePurpose::KeyCertSign,
3737
rcgen::KeyUsagePurpose::CrlSign,
3838
];
39-
param.is_ca = rcgen::IsCa::Ca(rcgen::BasicConstraints::Unconstrained);
39+
params.is_ca = rcgen::IsCa::Ca(rcgen::BasicConstraints::Unconstrained);
4040

41-
let key_pair = rcgen::KeyPair::generate().unwrap();
42-
let cert = param.self_signed(&key_pair).unwrap();
41+
let signing_key = rcgen::KeyPair::generate().unwrap();
4342

44-
rcgen::CertifiedKey { cert, key_pair }
43+
let cert = params.self_signed(&signing_key).unwrap();
44+
45+
println!();
46+
println!("Trust this cert if you want to use HTTPS");
47+
println!();
48+
println!("{}", cert.pem());
49+
println!();
50+
51+
/*
52+
Save this cert to ca.crt and use it with curl like this:
53+
curl https://www.google.com -x http://127.0.0.1:3003 --cacert ca.crt
54+
*/
55+
56+
println!("Private key");
57+
println!("{}", signing_key.serialize_pem());
58+
59+
rcgen::Issuer::new(params, signing_key)
4560
}
4661

4762
#[tokio::main]
@@ -56,29 +71,25 @@ async fn main() {
5671
.unwrap();
5772
tokio::spawn(async { axum::serve(listener, app).await });
5873

59-
let root_cert = if let Some(external_cert) = opt.external_cert {
74+
let root_issuer = if let Some(external_issuer) = opt.external_issuer {
6075
// Use existing key
61-
let param = rcgen::CertificateParams::from_ca_cert_pem(
62-
&std::fs::read_to_string(&external_cert.cert).unwrap(),
76+
let signing_key = rcgen::KeyPair::from_pem(
77+
&std::fs::read_to_string(&external_issuer.private_key).unwrap(),
6378
)
6479
.unwrap();
65-
let key_pair =
66-
rcgen::KeyPair::from_pem(&std::fs::read_to_string(&external_cert.private_key).unwrap())
67-
.unwrap();
68-
69-
let cert = param.self_signed(&key_pair).unwrap();
7080

71-
rcgen::CertifiedKey { cert, key_pair }
81+
rcgen::Issuer::from_ca_cert_pem(
82+
&std::fs::read_to_string(&external_issuer.cert).unwrap(),
83+
signing_key,
84+
)
85+
.unwrap()
7286
} else {
73-
make_root_cert()
87+
make_root_issuer()
7488
};
7589

76-
let root_cert_pem = root_cert.cert.pem();
77-
let root_cert_key = root_cert.key_pair.serialize_pem();
78-
7990
let proxy = MitmProxy::new(
8091
// This is the root cert that will be used to sign the fake certificates
81-
Some(root_cert),
92+
Some(root_issuer),
8293
Some(Cache::new(128)),
8394
);
8495

@@ -107,8 +118,7 @@ async fn main() {
107118
req.headers_mut().insert(
108119
hyper::header::HOST,
109120
hyper::header::HeaderValue::from_maybe_shared(format!(
110-
"127.0.0.1:{}",
111-
port
121+
"127.0.0.1:{port}"
112122
))
113123
.unwrap(),
114124
);
@@ -117,8 +127,7 @@ async fn main() {
117127
parts.scheme = Some(hyper::http::uri::Scheme::HTTP);
118128
parts.authority = Some(
119129
hyper::http::uri::Authority::from_maybe_shared(format!(
120-
"127.0.0.1:{}",
121-
port
130+
"127.0.0.1:{port}"
122131
))
123132
.unwrap(),
124133
);
@@ -136,19 +145,5 @@ async fn main() {
136145

137146
println!("HTTP Proxy is listening on http://127.0.0.1:3003");
138147

139-
println!();
140-
println!("Trust this cert if you want to use HTTPS");
141-
println!();
142-
println!("{}", root_cert_pem);
143-
println!();
144-
145-
/*
146-
Save this cert to ca.crt and use it with curl like this:
147-
curl https://www.google.com -x http://127.0.0.1:3003 --cacert ca.crt
148-
*/
149-
150-
println!("Private key");
151-
println!("{}", root_cert_key);
152-
153148
proxy.await;
154149
}

0 commit comments

Comments
 (0)