feat: use self-signed certificate

Dockerfile

@@ -437,6 +437,17 @@ RUN \
 COPY --from=upx /upx/ /usr/
 RUN upx -9 /tmp/dnsproxy
 
+# Compile mad
+FROM golang:1.16-alpine3.15 AS mad
+ENV MAD_VERSION="v20210401"
+RUN \
+  wget https://github.com/txthinking/mad/archive/refs/tags/${MAD_VERSION}.tar.gz && \
+  tar xf ${MAD_VERSION}.tar.gz && cd ./mad-*/cli/mad/ && \
+  CGO_ENABLED=0 go build -ldflags="-s -w" && \
+  mv ./mad /tmp/
+COPY --from=upx /upx/ /usr/
+RUN upx -9 /tmp/mad
+
 # Combine all release
 FROM python:3.10-alpine3.16 AS asset
 COPY --from=python-pkg /packages.tar.gz /
@@ -460,6 +471,7 @@ COPY --from=relaybaton /tmp/relaybaton /asset/usr/bin/
 COPY --from=pingtunnel /tmp/pingtunnel /asset/usr/bin/
 COPY --from=wireproxy /tmp/wireproxy /asset/usr/bin/
 COPY --from=dnsproxy /tmp/dnsproxy /asset/usr/bin/
+COPY --from=mad /tmp/mad /asset/usr/bin/
 
 # Release docker image
 FROM python:3.10-alpine3.16

Tester/Plugin.py

@@ -12,10 +12,7 @@ from Basis.Functions import genFlag, hostFormat, getAvailablePort
 
 
 pluginParams = {
-    'SITE': Settings['site'],
-    'HOST': Settings['host'],
-    'CERT': Settings['cert'],
-    'KEY': Settings['key'],
+    'SITE': Settings['site']
 }
 
 pluginConfig = {
@@ -321,8 +318,13 @@ def load(proxyType: str):
         raise RuntimeError('Unknown proxy type for sip003 plugin')
     cloakLoad()  # init cloak config
     kcptunLoad()  # init kcptun config
-    pluginParams['PASSWD'] = genFlag(length = 8)  # random password for test
-    pluginParams['PATH'] = '/' + genFlag(length = 6)  # random uri path for test
+    pluginParams.update({
+        'HOST': Settings['host'],
+        'CERT': Settings['cert'],
+        'KEY': Settings['key'],
+        'PASSWD': genFlag(length = 8),  # random password for test
+        'PATH': '/' + genFlag(length = 6),  # random uri path for test
+    })
     for pluginType in pluginConfig:
         for pluginTest, pluginTestInfo in pluginConfig[pluginType].items():  # traverse all plugin test item
             pluginParams['RANDOM'] = genFlag(length = 8)  # refresh RANDOM field

Tester/Settings.py

@@ -6,7 +6,7 @@ Settings = {
     'serverBind': '127.0.0.1',
     'clientBind': '127.0.0.1',
     'site': 'www.bing.com',
-    'host': '343.re',
-    'cert': '/etc/ssl/certs/343.re/fullchain.pem',
-    'key': '/etc/ssl/certs/343.re/privkey.pem',
+    'host': '',
+    'cert': '',
+    'key': '',
 }

Tester/__init__.py

@@ -1,11 +1,13 @@
 #!/usr/bin/env python3
 # -*- coding: utf-8 -*-
 
+import os
 import time
 import requests
 from threading import Thread
 from Basis.Logger import logging
-from Basis.Functions import md5Sum, hostFormat, checkPortStatus
+from Tester.Settings import Settings
+from Basis.Functions import md5Sum, genFlag, hostFormat, checkPortStatus
 
 from Tester import Brook
 from Tester import VMess
@@ -16,7 +18,7 @@ from Tester import Hysteria
 from Tester import Shadowsocks
 from Tester import ShadowsocksR
 
-testEntry = {
+entry = {
     'ss': Shadowsocks.load(),
     'ss-all': Shadowsocks.load(isExtra = True),
     'ssr': ShadowsocksR.load(),
@@ -108,3 +110,35 @@ def test(testIter: iter, threadNum: int, testUrl: str, testFilter: set or None =
             break
     for thread in threads:  # wait until all threads exit
         thread.join()
+
+
+def loadCert(host: str = 'proxyc.net', remark: str = 'ProxyC'):
+    loadPath = lambda x: os.path.join(Settings['workDir'], x)
+    certFlag = genFlag(length = 8)
+    caCert = loadPath('proxyc_%s_ca.pem' % certFlag)
+    caKey = loadPath('proxyc_%s_ca_key.pem' % certFlag)
+    cert = loadPath('proxyc_%s_cert.pem' % certFlag)
+    key = loadPath('proxyc_%s_cert_key.pem' % certFlag)
+    logging.critical('Create self-signed certificate')
+    os.system('mkdir -p %s' % Settings['workDir'])  # create work directory
+    logging.critical('Create CA certificate and key')
+    os.system(' '.join(['mad', 'ca'] + [
+        '--ca', caCert, '--key', caKey,
+        '--commonName', remark,
+        '--organization', remark,
+        '--organizationUnit', remark,
+    ]))
+    logging.critical('Signing certificate')
+    os.system(' '.join(['mad', 'cert'] + [
+        '--ca', caCert, '--ca_key', caKey,
+        '--cert', cert, '--key', key,
+        '--domain', host,
+        '--organization', remark,
+        '--organizationUnit', remark,
+    ]))
+    logging.critical('Install CA certificate')
+    os.system('cat %s >> /etc/ssl/certs/ca-certificates.crt' % caCert)
+    Settings['host'] = host
+    Settings['cert'] = cert
+    Settings['key'] = key
+    logging.warning('Certificate loading complete')

test.py

@@ -1,9 +1,9 @@
 #!/usr/bin/env python3
 # -*- coding: utf-8 -*-
 
+import os
 import sys
 import Tester
-from Tester import testEntry
 from Basis.Logger import logging
 
 threadNum = 16
@@ -31,6 +31,7 @@ def getArg(field: str) -> str or None:
     except:
         return None
 
+
 if '--help' in sys.argv:
     print(helpMsg)
     sys.exit(0)
@@ -43,17 +44,18 @@ if getArg('--thread') is not None:
 if getArg('--filter') is not None:
     testFilter = set(getArg('--filter').split(','))
 
-logging.critical('test item: ' + ('all' if testItem is None else testItem))
-logging.critical('filter: %s' % testFilter)
-logging.critical('url: ' + testUrl)
-logging.critical('thread number: %i' % threadNum)
+Tester.loadCert('proxyc.net', 'ProxyC')
+logging.critical('TEST ITEM: ' + ('all' if testItem is None else testItem))
+logging.critical('FILTER: %s' % testFilter)
+logging.critical('URL: ' + testUrl)
+logging.critical('THREAD NUMBER: %i' % threadNum)
 logging.critical('TEST START')
 if testItem is not None:
-    Tester.test(testEntry[testItem], threadNum, testUrl, testFilter)
+    Tester.test(Tester.entry[testItem], threadNum, testUrl, testFilter)
 else:
-    for item in testEntry:
+    for item in Tester.entry:
         if item == ('ss' if '--all' in sys.argv else 'ss-all'):  # skip ss / ss-all
             continue
         logging.critical('TEST ITEM -> ' + item)
-        Tester.test(testEntry[item], threadNum, testUrl, testFilter)
+        Tester.test(Tester.entry[item], threadNum, testUrl, testFilter)
 logging.critical('TEST COMPLETE')