hex/wstunnel
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
wstunnel/src/embedded_certificate.rs
Σrebe - Romain GERARD 5b2a34ff2a
feat: Generate self-signed at startup to avoid fingerprint
2024-08-27 09:08:17 +02:00

31 lines
1.3 KiB
Rust
Raw Blame History

use log::info;
use rcgen::{date_time_ymd, CertificateParams, DnType, KeyPair};
use std::sync::LazyLock;
use std::time::Instant;
use tokio_rustls::rustls::pki_types::{CertificateDer, PrivateKeyDer, PrivatePkcs8KeyDer};
pub static TLS_CERTIFICATE: LazyLock<(Vec<CertificateDer<'static>>, PrivateKeyDer<'static>)> = LazyLock::new(|| {
info!("Generating self-signed tls certificate");
let now = Instant::now();
let key_pair = KeyPair::generate().unwrap();
let mut cert = CertificateParams::new(vec![]).unwrap();
cert.distinguished_name = rcgen::DistinguishedName::new();
cert.distinguished_name.push(DnType::CountryName, "FR".to_string());
let el = now.elapsed();
let year = 2024 - (el.as_nanos() % 2) as i32;
let month = 1 + (el.as_nanos() % 12) as u8;
let day = 1 + (el.as_nanos() % 31) as u8;
cert.not_before = date_time_ymd(year, month, day);
let el = now.elapsed();
let year = 2024 + (el.as_nanos() % 50) as i32;
let month = 1 + (el.as_nanos() % 12) as u8;
let day = 1 + (el.as_nanos() % 31) as u8;
cert.not_after = date_time_ymd(year, month, day);
let cert = cert.self_signed(&key_pair).unwrap().der().clone();
let private_key = PrivateKeyDer::Pkcs8(PrivatePkcs8KeyDer::from(key_pair.serialized_der().to_vec()));
(vec![cert], private_key)
});
Reference in a new issue View git blame Copy permalink