feat: Gen root ca

Cargo.toml

@@ -24,9 +24,8 @@ fancy-regex = "0.7"
 hudsucker = { git = "https://github.com/zu1k/hudsucker.git", branch = "good-mitm" }
 lazy_static = "1.4"
 log = "0.4"
+rcgen = { version = "0.8", features = ["x509-parser"] }
 serde = { version = "1.0", features = ["derive"] }
 serde_yaml = "0.8"
 tokio = { version = "1", features = ["full"] }
 
-[dev-dependencies]
-rcgen = { version = "0.8", features = ["x509-parser"] }

README.md

@@ -18,9 +18,9 @@ For MITM functionality, it is required that you trust the self-signed root certi
 
 For security reasons, you need to generate your own root certificate.
 
-**DO NOT USE** the cert in the `assets/ca` directory, otherwise a security risk will lurk.
-
-Use [examples/gen_ca.rs](examples/gen_ca.rs) to generate your own root certificate.
+```shell
+good-mitm.exe genca
+```
 
 #### Trust your root certificate
 
@@ -30,11 +30,11 @@ You need to trust the root certificate just generated, either by adding trust in
 
 Adding `http` and `https` proxies to the browser, `http://127.0.0.1:34567` if not modified.
 
-### Test Demo Websites
+### Test Demo Rules
 
 Now I add two demo websites, removing ADs using good-MITM `rewrite` feature.
 
-You should use the demo rule file, `good-mitm.exe -k private.key -c cert.crt -r demo.yaml`
+You should use the demo rule file, `good-mitm.exe -k private.key -c cert.crt -r ads.yaml`
 
 See the effect by comparing the content(ads) with and without using `good-MITM`.
 

assets/ca/cert.crt

@@ -1,9 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIBJjCBzaADAgECAgkAhGDxwOQpHTQwCgYIKoZIzj0EAwIwDzENMAsGA1UEAwwE
-TUlUTTAgFw03NTAxMDEwMDAwMDBaGA80MDk2MDEwMTAwMDAwMFowDzENMAsGA1UE
-AwwETUlUTTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABCAg+gY9cS9uc0PC8/V0
-gA6NdO6rfJ+TBldeoBUxoX2FfTpp1f7b+R8OzKdjqvLdf50wtr32d4EvC+WLytTU
-wuijEDAOMAwGA1UdEQQFMAOCASowCgYIKoZIzj0EAwIDSAAwRQIhAJaaamdkhdWW
-SPka9aY0ARQxG3GJCDaxIsITerzQC6q+AiB/TWfqwc77mg/bFuQTIqyAUzs5vtoY
-sD0njNknkqD/EA==
------END CERTIFICATE-----

assets/ca/private.key

@@ -1,5 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgLlfzfUW03wtnR4Ge
-kpOsV/BBRzyO7N3VZWQqzLjUAYehRANCAAQgIPoGPXEvbnNDwvP1dIAOjXTuq3yf
-kwZXXqAVMaF9hX06adX+2/kfDsynY6ry3X+dMLa99neBLwvli8rU1MLo        
------END PRIVATE KEY-----

examples/gen_ca.rs

@@ -1,13 +0,0 @@
-extern crate rcgen;
-use rcgen::*;
-
-fn main() {
-    let subject_alt_names = vec!["*".to_string()];
-    let mut param = CertificateParams::new(subject_alt_names);
-    let mut distinguished_name = DistinguishedName::new();
-    distinguished_name.push(DnType::CommonName, "MITM");
-    param.distinguished_name = distinguished_name;
-    let cert = Certificate::from_params(param).unwrap();
-    println!("{}", cert.serialize_pem().unwrap());
-    println!("{}", cert.serialize_private_key_pem());
-}

src/ca.rs

@@ -0,0 +1,25 @@
+extern crate rcgen;
+use log::error;
+use rcgen::*;
+use std::fs;
+
+pub fn gen_ca() {
+    let subject_alt_names = vec!["*".to_string()];
+    let mut param = CertificateParams::new(subject_alt_names);
+    let mut distinguished_name = DistinguishedName::new();
+    distinguished_name.push(DnType::CommonName, "MITM");
+    param.distinguished_name = distinguished_name;
+    let cert = Certificate::from_params(param).unwrap();
+    let cert_crt = cert.serialize_pem().unwrap();
+
+    println!("{}", cert_crt);
+    if let Err(err) = fs::write("cert.crt", cert_crt) {
+        error!("cert file write failed: {}", err);
+    }
+
+    let private_key = cert.serialize_private_key_pem();
+    println!("{}", private_key);
+    if let Err(err) = fs::write("private.key", private_key) {
+        error!("private key file write failed: {}", err);
+    }
+}

src/main.rs

@@ -1,10 +1,11 @@
 #[macro_use]
 extern crate lazy_static;
 
+mod ca;
 mod handler;
 mod rule;
 
-use clap::{App, Arg};
+use clap::{App, Arg, SubCommand};
 use hudsucker::{rustls::internal::pemfile, *};
 use log::*;
 use std::fs;
@@ -52,50 +53,69 @@ fn main() {
     let matches = App::new("Good Man in the Middle")
         .author("zu1k <[email protected]>")
         .about("Use MITM technology to provide features like rewrite, redirect.")
-        .arg(
-            Arg::with_name("key")
-                .short("k")
-                .long("key")
-                .alias("private")
-                .help("private key file path")
-                .long_help("private key file path")
-                .default_value("ca/private.key")
-                .takes_value(true)
-                .required(true),
+        .subcommand(
+            SubCommand::with_name("run")
+                .about("start to run")
+                .display_order(1)
+                .arg(
+                    Arg::with_name("key")
+                        .short("k")
+                        .long("key")
+                        .alias("private")
+                        .help("private key file path")
+                        .long_help("private key file path")
+                        .default_value("private.key")
+                        .takes_value(true)
+                        .required(true),
+                )
+                .arg(
+                    Arg::with_name("cert")
+                        .short("c")
+                        .long("cert")
+                        .help("cert file path")
+                        .long_help("cert file path")
+                        .default_value("cert.crt")
+                        .takes_value(true)
+                        .required(true),
+                )
+                .arg(
+                    Arg::with_name("rule")
+                        .short("r")
+                        .long("rule")
+                        .help("rule file")
+                        .long_help("load rules from file")
+                        .takes_value(true)
+                        .required(true),
+                ),
         )
-        .arg(
-            Arg::with_name("cert")
-                .short("c")
-                .long("cert")
-                .help("cert file path")
-                .long_help("cert file path")
-                .default_value("ca/cert.crt")
-                .takes_value(true)
-                .required(true),
-        )
-        .arg(
-            Arg::with_name("rule")
-                .short("r")
-                .long("rule")
-                .help("rule file")
-                .long_help("load rules from file")
-                .takes_value(true)
-                .required(true),
+        .subcommand(
+            SubCommand::with_name("genca")
+                .display_order(2)
+                .about("generate your own ca private key and certificate"),
         )
         .get_matches();
 
-    let rule_file = matches
-        .value_of("rule")
-        .expect("rule file path should not be none");
-    if let Err(err) = rule::add_rule_file(rule_file) {
-        error!("parse rule file failed, err: {}", err);
-        std::process::exit(3);
-    }
+    match matches.subcommand_name() {
+        Some("run") => {
+            let matches = matches.subcommand_matches("run").unwrap();
+            let rule_file = matches
+                .value_of("rule")
+                .expect("rule file path should not be none");
+            if let Err(err) = rule::add_rule_file(rule_file) {
+                error!("parse rule file failed, err: {}", err);
+                std::process::exit(3);
+            }
 
-    let key_path = matches
-        .value_of("key")
-        .expect("need root ca private key file");
-    let cert_path = matches.value_of("cert").expect("need root ca cert file");
+            let key_path = matches
+                .value_of("key")
+                .expect("need root ca private key file");
+            let cert_path = matches.value_of("cert").expect("need root ca cert file");
 
-    run(key_path, cert_path)
+            run(key_path, cert_path)
+        }
+        Some("genca") => ca::gen_ca(),
+        _ => {
+            println!("subcommand not valid!")
+        }
+    }
 }