From e7f816b1100ae68d082d3bd50da93fa7cc14af1d Mon Sep 17 00:00:00 2001 From: telan Date: Fri, 1 Sep 2023 13:57:21 +0800 Subject: [PATCH] global rand seed --- go.mod | 2 +- mitm_handler.go | 11 +++++++---- mps.go | 11 +++++++++++ 3 files changed, 19 insertions(+), 5 deletions(-) create mode 100644 mps.go diff --git a/go.mod b/go.mod index 3d80ed4..56cc28c 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/telanflow/mps -go 1.16 +go 1.20 require ( github.com/gorilla/websocket v1.5.0 diff --git a/mitm_handler.go b/mitm_handler.go index c6ecc6e..0f60aad 100644 --- a/mitm_handler.go +++ b/mitm_handler.go @@ -15,7 +15,6 @@ import ( "fmt" "io" "math/big" - "math/rand" "net" "net/http" "net/http/httputil" @@ -272,6 +271,9 @@ func signHost(ca tls.Certificate, hosts []string) (cert *tls.Certificate, err er return } + start := time.Unix(time.Now().Unix()-2592000, 0) // 2592000 = 30 day + end := time.Unix(time.Now().Unix()+31536000, 0) // 31536000 = 365 day + var random CounterEncryptorRand random, err = NewCounterEncryptorRand(ca.PrivateKey, hashHosts(hosts)) if err != nil { @@ -292,14 +294,15 @@ func signHost(ca tls.Certificate, hosts []string) (cert *tls.Certificate, err er } // certificate template + serial := big.NewInt(mpsRand.Int63()) tpl := x509.Certificate{ - SerialNumber: big.NewInt(rand.Int63()), + SerialNumber: serial, Issuer: x509ca.Subject, Subject: pkix.Name{ Organization: []string{"MPS untrusted MITM proxy Inc"}, }, - NotBefore: time.Unix(0, 0), - NotAfter: time.Now().AddDate(20, 0, 0), + NotBefore: start, + NotAfter: end, KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature, ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}, BasicConstraintsValid: true, diff --git a/mps.go b/mps.go new file mode 100644 index 0000000..bda1bfe --- /dev/null +++ b/mps.go @@ -0,0 +1,11 @@ +package mps + +import ( + "math/rand" + "time" +) + +var ( + // global random numbers for MPS. Go v1.20 + mpsRand = rand.New(rand.NewSource(time.Now().UnixNano())) +)