mitm

package

v0.1.0 Latest Latest Go to latest Published: Apr 17, 2026 License: Apache-2.0 Imports: 15 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/cherrypick-agency/proxykit

Links

Open Source Insights

Documentation ¶

Overview ¶

Package mitm provides optional TLS interception primitives for proxykit.

The package focuses on certificate authority lifecycle, per-host certificate issuance, interception policy, and PEM helpers. It does not own transport handlers, persistence, or application-specific MITM workflows.

Index ¶

func EncodeCertificatePEM(w io.Writer, der []byte) error
func GenerateDevCA(commonName string, yearsValid int) (certPEM, keyPEM []byte, err error)
type Authority
- func LoadAuthority(certPath, keyPath string) (*Authority, error)
- func LoadAuthorityFromPEM(certPEM, keyPEM []byte) (*Authority, error)
type Policy
- func (p Policy) ShouldIntercept(host string) bool

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func EncodeCertificatePEM ¶

func EncodeCertificatePEM(w io.Writer, der []byte) error

EncodeCertificatePEM writes a single certificate DER block as PEM.

func GenerateDevCA ¶

func GenerateDevCA(commonName string, yearsValid int) (certPEM, keyPEM []byte, err error)

GenerateDevCA generates a self-signed development root CA (RSA).

Types ¶

type Authority ¶

type Authority struct {
	// contains filtered or unexported fields
}

Authority encapsulates CA loading and issuing short-lived certificates for domains.

func LoadAuthority ¶

func LoadAuthority(certPath, keyPath string) (*Authority, error)

func LoadAuthorityFromPEM ¶

func LoadAuthorityFromPEM(certPEM, keyPEM []byte) (*Authority, error)

LoadAuthorityFromPEM loads a CA from PEM content without temporary files.

func (*Authority) CacheSize ¶

func (a *Authority) CacheSize() int

CacheSize reports the number of cached leaf certificates.

func (*Authority) HasCached ¶

func (a *Authority) HasCached(host string) bool

HasCached reports whether a normalized host is present in the cache.

func (*Authority) IssueFor ¶

func (a *Authority) IssueFor(host string) (tls.Certificate, error)

IssueFor issues or returns from cache a certificate for host.

func (*Authority) PrivateKey ¶

func (a *Authority) PrivateKey() *rsa.PrivateKey

PrivateKey returns the parsed RSA private key used by the authority.

func (*Authority) RootCertificate ¶

func (a *Authority) RootCertificate() *x509.Certificate

RootCertificate returns the parsed root certificate.

func (*Authority) TLSCertificate ¶

func (a *Authority) TLSCertificate() tls.Certificate

TLSCertificate returns the loaded tls.Certificate for the root CA.

type Policy ¶

type Policy struct {
	Authority   *Authority
	AllowSuffix []string
	DenySuffix  []string
}

Policy decides whether a host should be intercepted.

func (Policy) ShouldIntercept ¶

func (p Policy) ShouldIntercept(host string) bool

ShouldIntercept returns true when host is allowed by the policy and an authority exists.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL