From bdf57bdd1da8f31dc32de10b2593b19851abdef0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?haifangwang=28=E7=8E=8B=E6=B5=B7=E8=8A=B3=29?=
 <admin@lovedboy.com>
Date: Wed, 19 Jul 2017 09:47:52 +0800
Subject: [PATCH] user specify the certificate path

---
 README.md              | 13 ++++---------
 cracker/proxy/http.go  | 22 ++++++++++++----------
 cracker/proxy/local.go |  8 ++++----
 local/main.go          |  5 ++++-
 server/main.go         | 16 ++++++++++------
 5 files changed, 34 insertions(+), 30 deletions(-)

diff --git a/README.md b/README.md
index 02d2194..d46db75 100644
--- a/README.md
+++ b/README.md
@@ -47,18 +47,14 @@ It is strongly recommended to open the https option on the server side.
 
 ### Notice
 
-The file name of certificate and private key must be `cert.pem` and `key.pem` and with the server bin under the same folder.
-
 If you have a ssl certificate, It would be easy.
 
-copy the certificate and private key into the same folder with server bin
-
 ```
-./server -addr :8080 -secret <password> -https
+./server -addr :443 -secret <password> -https -cert /etc/cert.pem -key /etc/key.pem
 ```
 
 ```
-./local -raddr https://example.com:8080 -secret <password>
+./local -raddr https://example.com -secret <password>
 ```
 
 Of Course, you can create a self-signed ssl certificate by openssl.
@@ -68,12 +64,11 @@ sh -c "$(curl https://raw.githubusercontent.com/lovedboy/cracker/master/gen_key_
 ```
 
 ```
-./server -addr :8080 -secret <password> -https
+./server -addr :443 -secret <password> -https -cert /etc/self-signed-cert.pem -key /etc/self-ca-key.pem
 ```
-copy the certificate into the same folder with local bin.
 
 ```
-./local -raddr https://<ip>:8080 -secret <password>
+./local -raddr https://example.com -secret <password> -cert /etc/self-signed-cert.pem
 ```
 
 
diff --git a/cracker/proxy/http.go b/cracker/proxy/http.go
index 03e1f0c..9352bc1 100644
--- a/cracker/proxy/http.go
+++ b/cracker/proxy/http.go
@@ -55,21 +55,23 @@ func NewHttpProxy(addr, secret string, https bool) *httpProxy {
 	}
 }
 
-func (hp *httpProxy) Listen() {
+func (hp *httpProxy) handler() {
 	http.HandleFunc(CONNECT, hp.connect)
 	http.HandleFunc(PULL, hp.pull)
 	http.HandleFunc(PUSH, hp.push)
 	http.HandleFunc(PING, hp.ping)
+}
+
+func (hp *httpProxy) ListenHTTPS(cert, key string) {
+	hp.handler()
 	g.Infof("listen at:[%s]", hp.addr)
-	var err error
-	if hp.https {
-		err = http.ListenAndServeTLS(hp.addr, "cert.pem", "key.pem", nil)
-	} else {
-		err = http.ListenAndServe(hp.addr, nil)
-	}
-	if err != nil {
-		g.Fatal("ListenAndServe: ", err)
-	}
+	g.Fatal("ListenAndServe: ", http.ListenAndServeTLS(hp.addr, cert, key, nil))
+}
+
+func (hp *httpProxy) Listen() {
+	hp.handler()
+	g.Infof("listen at:[%s]", hp.addr)
+	g.Fatal("ListenAndServe: ", http.ListenAndServe(hp.addr, nil))
 }
 
 func (hp *httpProxy) verify(r *http.Request) error {
diff --git a/cracker/proxy/local.go b/cracker/proxy/local.go
index e77c2df..486ab67 100644
--- a/cracker/proxy/local.go
+++ b/cracker/proxy/local.go
@@ -26,15 +26,15 @@ var tr = &http.Transport{
 	Proxy:               http.ProxyFromEnvironment,
 }
 
-func Init() {
-	if f, err := os.Stat("cert.pem"); err == nil && !f.IsDir() {
+func Init(cert string) {
+	if f, err := os.Stat(cert); err == nil && !f.IsDir() {
 		var CAPOOL *x509.CertPool
 		CAPOOL, err := x509.SystemCertPool()
 		if err != nil {
 			g.Warning(err)
 			CAPOOL = x509.NewCertPool()
 		}
-		serverCert, err := ioutil.ReadFile("cert.pem")
+		serverCert, err := ioutil.ReadFile(cert)
 		if err != nil {
 			g.Errorf("read cert.pem err:%s ", err)
 			return
@@ -42,7 +42,7 @@ func Init() {
 		CAPOOL.AppendCertsFromPEM(serverCert)
 		config := &tls.Config{RootCAs: CAPOOL}
 		tr.TLSClientConfig = config
-		g.Info("load cert.pem success ... ")
+		g.Infof("load %s success ... ", cert)
 	}
 }
 
diff --git a/local/main.go b/local/main.go
index 1d4957e..69b078e 100644
--- a/local/main.go
+++ b/local/main.go
@@ -23,6 +23,7 @@ func main() {
 	secret := flag.String("secret", "", "secret key")
 	debug := flag.Bool("debug", false, "debug mode")
 	version := flag.Bool("v", false, "version")
+	cert := flag.String("cert", "", "cert file")
 	flag.Parse()
 
 	if *version {
@@ -31,7 +32,9 @@ func main() {
 		os.Exit(0)
 	}
 	logger.InitLogger(*debug)
-	proxy.Init()
+	if *cert != "" {
+		proxy.Init(*cert)
+	}
 	s, err := NewLocalProxyServer(*addr, *raddr, *secret)
 	if err != nil {
 		g.Fatal(err)
diff --git a/server/main.go b/server/main.go
index a9adf79..e3cca61 100644
--- a/server/main.go
+++ b/server/main.go
@@ -23,6 +23,8 @@ func main() {
 	debug := flag.Bool("debug", false, "debug mode")
 	version := flag.Bool("v", false, "version")
 	https := flag.Bool("https", false, "https")
+	cert := flag.String("cert", "", "cert file")
+	key := flag.String("key", "", "private key file")
 	flag.Parse()
 	logger.InitLogger(*debug)
 	if *version {
@@ -30,23 +32,25 @@ func main() {
 		fmt.Printf("BuildTime: %s \n", BuildTime)
 		os.Exit(0)
 	}
+	p := proxy.NewHttpProxy(*addr, *secret, *https)
 	if *https {
-		f, err := os.Stat("cert.pem")
+		f, err := os.Stat(*cert)
 		if err != nil {
 			g.Fatal(err)
 		}
 		if f.IsDir() {
-			g.Fatal("cert.pem should be file")
+			g.Fatal("cert should be file")
 		}
-		f, err = os.Stat("key.pem")
+		f, err = os.Stat(*key)
 		if err != nil {
 			g.Fatal(err)
 		}
 		if f.IsDir() {
-			g.Fatal("key.pem should be file")
+			g.Fatal("key should be file")
 		}
+		p.ListenHTTPS(*cert, *key)
+	} else {
+		p.Listen()
 	}
-	p := proxy.NewHttpProxy(*addr, *secret, *https)
-	p.Listen()
 
 }