From 7622a3d21df46424407f7497e35b0198ea54520c Mon Sep 17 00:00:00 2001
From: lqqyt2423 <974923609@qq.com>
Date: Fri, 4 Dec 2020 19:53:47 +0800
Subject: [PATCH] DummyCert

---
 proxy/cert.go | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)

diff --git a/proxy/cert.go b/proxy/cert.go
index 4ebfede..e0ea474 100644
--- a/proxy/cert.go
+++ b/proxy/cert.go
@@ -3,6 +3,7 @@ package proxy
 import (
 	"crypto/rand"
 	"crypto/rsa"
+	"crypto/tls"
 	"crypto/x509"
 	"crypto/x509/pkix"
 	"encoding/pem"
@@ -229,3 +230,31 @@ func (ca *CA) saveCert() error {
 
 	return ca.saveCertTo(file)
 }
+
+// TODO: 是否应该支持多个 SubjectAltName
+func (ca *CA) DummyCert(commonName string) (*tls.Certificate, error) {
+	template := &x509.Certificate{
+		SerialNumber: big.NewInt(time.Now().UnixNano() / 100000),
+		Subject: pkix.Name{
+			CommonName:   commonName,
+			Organization: []string{"mitmproxy"},
+		},
+		NotBefore:          time.Now().Add(-time.Hour * 48),
+		NotAfter:           time.Now().Add(time.Hour * 24 * 365),
+		SignatureAlgorithm: x509.SHA256WithRSA,
+		ExtKeyUsage:        []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth, x509.ExtKeyUsageClientAuth},
+		DNSNames:           []string{commonName},
+	}
+
+	certBytes, err := x509.CreateCertificate(rand.Reader, template, &ca.RootCert, &ca.PrivateKey.PublicKey, &ca.PrivateKey)
+	if err != nil {
+		return nil, err
+	}
+
+	cert := &tls.Certificate{
+		Certificate: [][]byte{certBytes},
+		PrivateKey:  ca.PrivateKey,
+	}
+
+	return cert, nil
+}