-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathkeycert_pool.go
More file actions
74 lines (66 loc) · 1.5 KB
/
keycert_pool.go
File metadata and controls
74 lines (66 loc) · 1.5 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
package mitmproxy
import (
"crypto/rsa"
"crypto/tls"
"errors"
"math/rand"
"time"
"github.com/josexy/mitmproxy-go/internal/cache"
"github.com/josexy/mitmproxy-go/internal/cert"
)
var errNoPriKey = errors.New("no available private key")
type priKeyPool struct {
rand *rand.Rand
keys []*rsa.PrivateKey
}
func newPriKeyPool(maxSize int) *priKeyPool {
if maxSize <= 0 {
maxSize = 10
}
pool := &priKeyPool{
rand: rand.New(rand.NewSource(time.Now().UnixNano())),
keys: make([]*rsa.PrivateKey, 0, maxSize),
}
return pool
}
func (p *priKeyPool) Get() (*rsa.PrivateKey, error) {
var n, m = len(p.keys), cap(p.keys)
if m == 0 {
return nil, errNoPriKey
}
if n < m {
key, err := cert.GeneratePrivateKey()
if err != nil {
return nil, err
}
p.keys = append(p.keys, key)
return key, nil
}
index := p.rand.Intn(n)
key := p.keys[index]
return key, nil
}
type certPool struct {
cache.Cache[string, tls.Certificate]
}
func newServerCertPool(capacity int, bgCheckInterval, certExpired time.Duration) *certPool {
if capacity <= 0 {
capacity = 2048
}
if bgCheckInterval <= 0 {
bgCheckInterval = time.Second * 30
}
if certExpired <= 0 {
certExpired = time.Second * 15
}
return &certPool{
Cache: cache.NewStringCache[tls.Certificate](
cache.WithCapacity(capacity),
cache.WithStdGoTimeUnixNano(),
cache.WithBackgroundCheckInterval(bgCheckInterval),
cache.WithExpiration(certExpired),
cache.WithUpdateCacheExpirationOnGet(),
// cache.WithDeleteExpiredCacheOnGet(),
),
}
}