package main import ( "encoding/csv" "io" "net/http" "os" "strings" "github.com/sagernet/sing-box/log" "golang.org/x/exp/slices" ) func main() { err := updateMozillaIncludedRootCAs() if err != nil { log.Error(err) } err = updateChromeIncludedRootCAs() if err != nil { log.Error(err) } } func updateMozillaIncludedRootCAs() error { response, err := http.Get("https://ccadb.my.salesforce-sites.com/mozilla/IncludedCACertificateReportPEMCSV") if err != nil { return err } defer response.Body.Close() reader := csv.NewReader(response.Body) header, err := reader.Read() if err != nil { return err } geoIndex := slices.Index(header, "Geographic Focus") nameIndex := slices.Index(header, "Common Name or Certificate Name") certIndex := slices.Index(header, "PEM Info") generated := strings.Builder{} generated.WriteString(`// Code generated by 'make update_certificates'. DO NOT EDIT. package certificate import "crypto/x509" var mozillaIncluded *x509.CertPool func init() { mozillaIncluded = x509.NewCertPool() `) for { record, err := reader.Read() if err == io.EOF { break } else if err != nil { return err } if record[geoIndex] == "China" { continue } generated.WriteString("\n // ") generated.WriteString(record[nameIndex]) generated.WriteString("\n") generated.WriteString(" mozillaIncluded.AppendCertsFromPEM([]byte(`") cert := record[certIndex] // Remove single quotes cert = cert[1 : len(cert)-1] generated.WriteString(cert) generated.WriteString("`))\n") } generated.WriteString("}\n") return os.WriteFile("common/certificate/mozilla.go", []byte(generated.String()), 0o644) } func fetchChinaFingerprints() (map[string]bool, error) { response, err := http.Get("https://ccadb.my.salesforce-sites.com/ccadb/AllCertificateRecordsCSVFormatv4") if err != nil { return nil, err } defer response.Body.Close() reader := csv.NewReader(response.Body) header, err := reader.Read() if err != nil { return nil, err } countryIndex := slices.Index(header, "Country") fingerprintIndex := slices.Index(header, "SHA-256 Fingerprint") chinaFingerprints := make(map[string]bool) for { record, err := reader.Read() if err == io.EOF { break } else if err != nil { return nil, err } if record[countryIndex] == "China" { chinaFingerprints[record[fingerprintIndex]] = true } } return chinaFingerprints, nil } func updateChromeIncludedRootCAs() error { chinaFingerprints, err := fetchChinaFingerprints() if err != nil { return err } response, err := http.Get("https://ccadb.my.salesforce-sites.com/ccadb/RootCACertificatesIncludedByRSReportCSV") if err != nil { return err } defer response.Body.Close() reader := csv.NewReader(response.Body) header, err := reader.Read() if err != nil { return err } subjectIndex := slices.Index(header, "Subject") statusIndex := slices.Index(header, "Google Chrome Status") certIndex := slices.Index(header, "X.509 Certificate (PEM)") fingerprintIndex := slices.Index(header, "SHA-256 Fingerprint") generated := strings.Builder{} generated.WriteString(`// Code generated by 'make update_certificates'. DO NOT EDIT. package certificate import "crypto/x509" var chromeIncluded *x509.CertPool func init() { chromeIncluded = x509.NewCertPool() `) for { record, err := reader.Read() if err == io.EOF { break } else if err != nil { return err } if record[statusIndex] != "Included" { continue } if chinaFingerprints[record[fingerprintIndex]] { continue } generated.WriteString("\n // ") generated.WriteString(record[subjectIndex]) generated.WriteString("\n") generated.WriteString(" chromeIncluded.AppendCertsFromPEM([]byte(`") cert := record[certIndex] // Remove single quotes if present if len(cert) > 0 && cert[0] == '\'' { cert = cert[1 : len(cert)-1] } generated.WriteString(cert) generated.WriteString("`))\n") } generated.WriteString("}\n") return os.WriteFile("common/certificate/chrome.go", []byte(generated.String()), 0o644) }