mirror of
https://github.com/cedar2025/hysteria.git
synced 2025-06-15 08:59:54 +00:00
feat(server): add ZeroSSL EAB
add ZeroSSL EAB Signed-off-by: kovacs <mritd@linux.com>
This commit is contained in:
kovacs
parent
8faaf3b2e8
commit
8a065b1368
@ -3,7 +3,10 @@ package cmd
|
||||
import (
|
||||
"context"
|
||||
"crypto/tls"
|
||||
"encoding/json"
|
||||
"errors"
|
||||
"fmt"
|
||||
"github.com/mholt/acmez/acme"
|
||||
"net"
|
||||
"net/http"
|
||||
"net/http/httputil"
|
||||
@ -264,6 +267,11 @@ func (c *serverConfig) fillTLSConfig(hyConfig *server.Config) error {
|
||||
cmIssuer.CA = certmagic.LetsEncryptProductionCA
|
||||
case "zerossl", "zero":
|
||||
cmIssuer.CA = certmagic.ZeroSSLProductionCA
|
||||
eab, err := genZeroSSLEAB(c.ACME.Email)
|
||||
if err != nil {
|
||||
return configError{Field: "acme.ca", Err: err}
|
||||
}
|
||||
cmIssuer.ExternalAccount = eab
|
||||
default:
|
||||
return configError{Field: "acme.ca", Err: errors.New("unknown CA")}
|
||||
}
|
||||
@ -288,6 +296,48 @@ func (c *serverConfig) fillTLSConfig(hyConfig *server.Config) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
func genZeroSSLEAB(email string) (*acme.EAB, error) {
|
||||
req, err := http.NewRequest(
|
||||
http.MethodPost,
|
||||
"https://api.zerossl.com/acme/eab-credentials-email",
|
||||
strings.NewReader(url.Values{"email": []string{email}}.Encode()),
|
||||
)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to creare ZeroSSL EAB request: %w", err)
|
||||
}
|
||||
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
|
||||
req.Header.Set("User-Agent", certmagic.UserAgent)
|
||||
resp, err := http.DefaultClient.Do(req)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to send ZeroSSL EAB request: %w", err)
|
||||
}
|
||||
defer func() { _ = resp.Body.Close() }()
|
||||
|
||||
var result struct {
|
||||
Success bool `json:"success"`
|
||||
Error struct {
|
||||
Code int `json:"code"`
|
||||
Type string `json:"type"`
|
||||
} `json:"error"`
|
||||
EABKID string `json:"eab_kid"`
|
||||
EABHMACKey string `json:"eab_hmac_key"`
|
||||
}
|
||||
if err = json.NewDecoder(resp.Body).Decode(&result); err != nil {
|
||||
return nil, fmt.Errorf("failed decoding ZeroSSL EAB API response: %w", err)
|
||||
}
|
||||
if result.Error.Code != 0 {
|
||||
return nil, fmt.Errorf("failed getting ZeroSSL EAB credentials: HTTP %d: %s (code %d)", resp.StatusCode, result.Error.Type, result.Error.Code)
|
||||
}
|
||||
if resp.StatusCode != http.StatusOK {
|
||||
return nil, fmt.Errorf("failed getting EAB credentials: HTTP %d", resp.StatusCode)
|
||||
}
|
||||
|
||||
return &acme.EAB{
|
||||
KeyID: result.EABKID,
|
||||
MACKey: result.EABHMACKey,
|
||||
}, nil
|
||||
}
|
||||
|
||||
func (c *serverConfig) fillQUICConfig(hyConfig *server.Config) error {
|
||||
hyConfig.QUICConfig = server.QUICConfig{
|
||||
InitialStreamReceiveWindow: c.QUIC.InitStreamReceiveWindow,
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user