mirror/mihomo
1
1
Fork 0
mirror of https://github.com/MetaCubeX/mihomo.git synced 2025-12-21 01:20:07 +08:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

chore: remove unused import path

Browse Source
This commit is contained in:
wwqgtxx 2025-12-19 17:05:16 +08:00
parent 35a1130c92
commit 93cf46e430
13 changed files with 49 additions and 61 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
component/ca/config.go
View File

@ -10,7 +10,6 @@ import (
"sync" "sync"
"github.com/metacubex/mihomo/common/once" "github.com/metacubex/mihomo/common/once"
C "github.com/metacubex/mihomo/constant"
"github.com/metacubex/mihomo/ntp" "github.com/metacubex/mihomo/ntp"
"github.com/metacubex/tls" "github.com/metacubex/tls"
@ -107,7 +106,7 @@ func GetTLSConfig(opt Option) (tlsConfig *tls.Config, err error) {
} }
if len(opt.Certificate) > 0 || len(opt.PrivateKey) > 0 { if len(opt.Certificate) > 0 || len(opt.PrivateKey) > 0 {
certLoader, err := NewTLSKeyPairLoader(opt.Certificate, opt.PrivateKey, C.Path) certLoader, err := NewTLSKeyPairLoader(opt.Certificate, opt.PrivateKey)
if err != nil { if err != nil {
return nil, err return nil, err
} }

37
component/ca/keypair.go
View File

@ -14,19 +14,14 @@ import (
"os" "os"
"time" "time"
C "github.com/metacubex/mihomo/constant"
"github.com/metacubex/tls" "github.com/metacubex/tls"
) )
type Path interface {
Resolve(path string) string
IsSafePath(path string) bool
ErrNotSafePath(path string) error
}
// NewTLSKeyPairLoader creates a loader function for TLS key pairs from the provided certificate and private key data or file paths. // NewTLSKeyPairLoader creates a loader function for TLS key pairs from the provided certificate and private key data or file paths.
// If both certificate and privateKey are empty, generates a random TLS RSA key pair. // If both certificate and privateKey are empty, generates a random TLS RSA key pair.
// Accepts a Path interface for resolving file paths when necessary. func NewTLSKeyPairLoader(certificate, privateKey string) (func() (*tls.Certificate, error), error) {
func NewTLSKeyPairLoader(certificate, privateKey string, path Path) (func() (*tls.Certificate, error), error) {
if certificate == "" && privateKey == "" { if certificate == "" && privateKey == "" {
var err error var err error
certificate, privateKey, _, err = NewRandomTLSKeyPair(KeyPairTypeRSA) certificate, privateKey, _, err = NewRandomTLSKeyPair(KeyPairTypeRSA)
@ -40,17 +35,14 @@ func NewTLSKeyPairLoader(certificate, privateKey string, path Path) (func() (*tl
return &cert, nil return &cert, nil
}, nil }, nil
} }
if path == nil {
return nil, painTextErr
}
certificate = path.Resolve(certificate) certificate = C.Path.Resolve(certificate)
privateKey = path.Resolve(privateKey) privateKey = C.Path.Resolve(privateKey)
var loadErr error var loadErr error
if !path.IsSafePath(certificate) { if !C.Path.IsSafePath(certificate) {
loadErr = path.ErrNotSafePath(certificate) loadErr = C.Path.ErrNotSafePath(certificate)
} else if !path.IsSafePath(privateKey) { } else if !C.Path.IsSafePath(privateKey) {
loadErr = path.ErrNotSafePath(privateKey) loadErr = C.Path.ErrNotSafePath(privateKey)
} else { } else {
cert, loadErr = tls.LoadX509KeyPair(certificate, privateKey) cert, loadErr = tls.LoadX509KeyPair(certificate, privateKey)
} }
@ -62,20 +54,17 @@ func NewTLSKeyPairLoader(certificate, privateKey string, path Path) (func() (*tl
}, nil }, nil
} }
func LoadCertificates(certificate string, path Path) (*x509.CertPool, error) { func LoadCertificates(certificate string) (*x509.CertPool, error) {
pool := x509.NewCertPool() pool := x509.NewCertPool()
if pool.AppendCertsFromPEM([]byte(certificate)) { if pool.AppendCertsFromPEM([]byte(certificate)) {
return pool, nil return pool, nil
} }
painTextErr := fmt.Errorf("invalid certificate: %s", certificate) painTextErr := fmt.Errorf("invalid certificate: %s", certificate)
if path == nil {
return nil, painTextErr
}
certificate = path.Resolve(certificate) certificate = C.Path.Resolve(certificate)
var loadErr error var loadErr error
if !path.IsSafePath(certificate) { if !C.Path.IsSafePath(certificate) {
loadErr = path.ErrNotSafePath(certificate) loadErr = C.Path.ErrNotSafePath(certificate)
} else { } else {
certPEMBlock, err := os.ReadFile(certificate) certPEMBlock, err := os.ReadFile(certificate)
if pool.AppendCertsFromPEM(certPEMBlock) { if pool.AppendCertsFromPEM(certPEMBlock) {

10
component/ech/key.go
View File

@ -9,7 +9,7 @@ import (
"fmt" "fmt"
"os" "os"
"github.com/metacubex/mihomo/component/ca" C "github.com/metacubex/mihomo/constant"
"github.com/metacubex/tls" "github.com/metacubex/tls"
"golang.org/x/crypto/cryptobyte" "golang.org/x/crypto/cryptobyte"
@ -104,7 +104,7 @@ func UnmarshalECHKeys(raw []byte) ([]tls.EncryptedClientHelloKey, error) {
return keys, nil return keys, nil
} }
func LoadECHKey(key string, tlsConfig *tls.Config, path ca.Path) error { func LoadECHKey(key string, tlsConfig *tls.Config) error {
if key == "" { if key == "" {
return nil return nil
} }
@ -112,10 +112,10 @@ func LoadECHKey(key string, tlsConfig *tls.Config, path ca.Path) error {
if painTextErr == nil { if painTextErr == nil {
return nil return nil
} }
key = path.Resolve(key) key = C.Path.Resolve(key)
var loadErr error var loadErr error
if !path.IsSafePath(key) { if !C.Path.IsSafePath(key) {
loadErr = path.ErrNotSafePath(key) loadErr = C.Path.ErrNotSafePath(key)
} else { } else {
var echKey []byte var echKey []byte
echKey, loadErr = os.ReadFile(key) echKey, loadErr = os.ReadFile(key)

6
hub/route/server.go
View File

@ -191,7 +191,7 @@ func startTLS(cfg *Config) {
// handle tlsAddr // handle tlsAddr
if len(cfg.TLSAddr) > 0 { if len(cfg.TLSAddr) > 0 {
certLoader, err := ca.NewTLSKeyPairLoader(cfg.Certificate, cfg.PrivateKey, C.Path) certLoader, err := ca.NewTLSKeyPairLoader(cfg.Certificate, cfg.PrivateKey)
if err != nil { if err != nil {
log.Errorln("External controller tls listen error: %s", err) log.Errorln("External controller tls listen error: %s", err)
return return
@ -216,7 +216,7 @@ func startTLS(cfg *Config) {
} }
} }
if tlsConfig.ClientAuth == tls.VerifyClientCertIfGiven || tlsConfig.ClientAuth == tls.RequireAndVerifyClientCert { if tlsConfig.ClientAuth == tls.VerifyClientCertIfGiven || tlsConfig.ClientAuth == tls.RequireAndVerifyClientCert {
pool, err := ca.LoadCertificates(cfg.ClientAuthCert, C.Path) pool, err := ca.LoadCertificates(cfg.ClientAuthCert)
if err != nil { if err != nil {
log.Errorln("External controller tls listen error: %s", err) log.Errorln("External controller tls listen error: %s", err)
return return
@ -225,7 +225,7 @@ func startTLS(cfg *Config) {
} }
if cfg.EchKey != "" { if cfg.EchKey != "" {
err = ech.LoadECHKey(cfg.EchKey, tlsConfig, C.Path) err = ech.LoadECHKey(cfg.EchKey, tlsConfig)
if err != nil { if err != nil {
log.Errorln("External controller tls serve error: %s", err) log.Errorln("External controller tls serve error: %s", err)
return return

6
listener/anytls/server.go
View File

@ -45,7 +45,7 @@ func New(config LC.AnyTLSServer, tunnel C.Tunnel, additions ...inbound.Addition)
tlsConfig := &tls.Config{Time: ntp.Now} tlsConfig := &tls.Config{Time: ntp.Now}
if config.Certificate != "" && config.PrivateKey != "" { if config.Certificate != "" && config.PrivateKey != "" {
certLoader, err := ca.NewTLSKeyPairLoader(config.Certificate, config.PrivateKey, C.Path) certLoader, err := ca.NewTLSKeyPairLoader(config.Certificate, config.PrivateKey)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -54,7 +54,7 @@ func New(config LC.AnyTLSServer, tunnel C.Tunnel, additions ...inbound.Addition)
} }
if config.EchKey != "" { if config.EchKey != "" {
err = ech.LoadECHKey(config.EchKey, tlsConfig, C.Path) err = ech.LoadECHKey(config.EchKey, tlsConfig)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -67,7 +67,7 @@ func New(config LC.AnyTLSServer, tunnel C.Tunnel, additions ...inbound.Addition)
} }
} }
if tlsConfig.ClientAuth == tls.VerifyClientCertIfGiven || tlsConfig.ClientAuth == tls.RequireAndVerifyClientCert { if tlsConfig.ClientAuth == tls.VerifyClientCertIfGiven || tlsConfig.ClientAuth == tls.RequireAndVerifyClientCert {
pool, err := ca.LoadCertificates(config.ClientAuthCert, C.Path) pool, err := ca.LoadCertificates(config.ClientAuthCert)
if err != nil { if err != nil {
return nil, err return nil, err
} }

6
listener/http/server.go
View File

@ -71,7 +71,7 @@ func NewWithConfig(config LC.AuthServer, tunnel C.Tunnel, additions ...inbound.A
var realityBuilder *reality.Builder var realityBuilder *reality.Builder
if config.Certificate != "" && config.PrivateKey != "" { if config.Certificate != "" && config.PrivateKey != "" {
certLoader, err := ca.NewTLSKeyPairLoader(config.Certificate, config.PrivateKey, C.Path) certLoader, err := ca.NewTLSKeyPairLoader(config.Certificate, config.PrivateKey)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -80,7 +80,7 @@ func NewWithConfig(config LC.AuthServer, tunnel C.Tunnel, additions ...inbound.A
} }
if config.EchKey != "" { if config.EchKey != "" {
err = ech.LoadECHKey(config.EchKey, tlsConfig, C.Path) err = ech.LoadECHKey(config.EchKey, tlsConfig)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -93,7 +93,7 @@ func NewWithConfig(config LC.AuthServer, tunnel C.Tunnel, additions ...inbound.A
} }
} }
if tlsConfig.ClientAuth == tls.VerifyClientCertIfGiven || tlsConfig.ClientAuth == tls.RequireAndVerifyClientCert { if tlsConfig.ClientAuth == tls.VerifyClientCertIfGiven || tlsConfig.ClientAuth == tls.RequireAndVerifyClientCert {
pool, err := ca.LoadCertificates(config.ClientAuthCert, C.Path) pool, err := ca.LoadCertificates(config.ClientAuthCert)
if err != nil { if err != nil {
return nil, err return nil, err
} }

6
listener/mixed/mixed.go
View File

@ -67,7 +67,7 @@ func NewWithConfig(config LC.AuthServer, tunnel C.Tunnel, additions ...inbound.A
var realityBuilder *reality.Builder var realityBuilder *reality.Builder
if config.Certificate != "" && config.PrivateKey != "" { if config.Certificate != "" && config.PrivateKey != "" {
certLoader, err := ca.NewTLSKeyPairLoader(config.Certificate, config.PrivateKey, C.Path) certLoader, err := ca.NewTLSKeyPairLoader(config.Certificate, config.PrivateKey)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -76,7 +76,7 @@ func NewWithConfig(config LC.AuthServer, tunnel C.Tunnel, additions ...inbound.A
} }
if config.EchKey != "" { if config.EchKey != "" {
err = ech.LoadECHKey(config.EchKey, tlsConfig, C.Path) err = ech.LoadECHKey(config.EchKey, tlsConfig)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -89,7 +89,7 @@ func NewWithConfig(config LC.AuthServer, tunnel C.Tunnel, additions ...inbound.A
} }
} }
if tlsConfig.ClientAuth == tls.VerifyClientCertIfGiven || tlsConfig.ClientAuth == tls.RequireAndVerifyClientCert { if tlsConfig.ClientAuth == tls.VerifyClientCertIfGiven || tlsConfig.ClientAuth == tls.RequireAndVerifyClientCert {
pool, err := ca.LoadCertificates(config.ClientAuthCert, C.Path) pool, err := ca.LoadCertificates(config.ClientAuthCert)
if err != nil { if err != nil {
return nil, err return nil, err
} }

6
listener/sing_hysteria2/server.go
View File

@ -60,7 +60,7 @@ func New(config LC.Hysteria2Server, tunnel C.Tunnel, additions ...inbound.Additi
Time: ntp.Now, Time: ntp.Now,
MinVersion: tls.VersionTLS13, MinVersion: tls.VersionTLS13,
} }
certLoader, err := ca.NewTLSKeyPairLoader(config.Certificate, config.PrivateKey, C.Path) certLoader, err := ca.NewTLSKeyPairLoader(config.Certificate, config.PrivateKey)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -74,7 +74,7 @@ func New(config LC.Hysteria2Server, tunnel C.Tunnel, additions ...inbound.Additi
} }
} }
if tlsConfig.ClientAuth == tls.VerifyClientCertIfGiven || tlsConfig.ClientAuth == tls.RequireAndVerifyClientCert { if tlsConfig.ClientAuth == tls.VerifyClientCertIfGiven || tlsConfig.ClientAuth == tls.RequireAndVerifyClientCert {
pool, err := ca.LoadCertificates(config.ClientAuthCert, C.Path) pool, err := ca.LoadCertificates(config.ClientAuthCert)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -82,7 +82,7 @@ func New(config LC.Hysteria2Server, tunnel C.Tunnel, additions ...inbound.Additi
} }
if config.EchKey != "" { if config.EchKey != "" {
err = ech.LoadECHKey(config.EchKey, tlsConfig, C.Path) err = ech.LoadECHKey(config.EchKey, tlsConfig)
if err != nil { if err != nil {
return nil, err return nil, err
} }

6
listener/sing_vless/server.go
View File

@ -81,7 +81,7 @@ func New(config LC.VlessServer, tunnel C.Tunnel, additions ...inbound.Addition)
var httpServer http.Server var httpServer http.Server
if config.Certificate != "" && config.PrivateKey != "" { if config.Certificate != "" && config.PrivateKey != "" {
certLoader, err := ca.NewTLSKeyPairLoader(config.Certificate, config.PrivateKey, C.Path) certLoader, err := ca.NewTLSKeyPairLoader(config.Certificate, config.PrivateKey)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -90,7 +90,7 @@ func New(config LC.VlessServer, tunnel C.Tunnel, additions ...inbound.Addition)
} }
if config.EchKey != "" { if config.EchKey != "" {
err = ech.LoadECHKey(config.EchKey, tlsConfig, C.Path) err = ech.LoadECHKey(config.EchKey, tlsConfig)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -103,7 +103,7 @@ func New(config LC.VlessServer, tunnel C.Tunnel, additions ...inbound.Addition)
} }
} }
if tlsConfig.ClientAuth == tls.VerifyClientCertIfGiven || tlsConfig.ClientAuth == tls.RequireAndVerifyClientCert { if tlsConfig.ClientAuth == tls.VerifyClientCertIfGiven || tlsConfig.ClientAuth == tls.RequireAndVerifyClientCert {
pool, err := ca.LoadCertificates(config.ClientAuthCert, C.Path) pool, err := ca.LoadCertificates(config.ClientAuthCert)
if err != nil { if err != nil {
return nil, err return nil, err
} }

6
listener/sing_vmess/server.go
View File

@ -81,7 +81,7 @@ func New(config LC.VmessServer, tunnel C.Tunnel, additions ...inbound.Addition)
var httpServer http.Server var httpServer http.Server
if config.Certificate != "" && config.PrivateKey != "" { if config.Certificate != "" && config.PrivateKey != "" {
certLoader, err := ca.NewTLSKeyPairLoader(config.Certificate, config.PrivateKey, C.Path) certLoader, err := ca.NewTLSKeyPairLoader(config.Certificate, config.PrivateKey)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -90,7 +90,7 @@ func New(config LC.VmessServer, tunnel C.Tunnel, additions ...inbound.Addition)
} }
if config.EchKey != "" { if config.EchKey != "" {
err = ech.LoadECHKey(config.EchKey, tlsConfig, C.Path) err = ech.LoadECHKey(config.EchKey, tlsConfig)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -103,7 +103,7 @@ func New(config LC.VmessServer, tunnel C.Tunnel, additions ...inbound.Addition)
} }
} }
if tlsConfig.ClientAuth == tls.VerifyClientCertIfGiven || tlsConfig.ClientAuth == tls.RequireAndVerifyClientCert { if tlsConfig.ClientAuth == tls.VerifyClientCertIfGiven || tlsConfig.ClientAuth == tls.RequireAndVerifyClientCert {
pool, err := ca.LoadCertificates(config.ClientAuthCert, C.Path) pool, err := ca.LoadCertificates(config.ClientAuthCert)
if err != nil { if err != nil {
return nil, err return nil, err
} }

6
listener/socks/tcp.go
View File

@ -66,7 +66,7 @@ func NewWithConfig(config LC.AuthServer, tunnel C.Tunnel, additions ...inbound.A
var realityBuilder *reality.Builder var realityBuilder *reality.Builder
if config.Certificate != "" && config.PrivateKey != "" { if config.Certificate != "" && config.PrivateKey != "" {
certLoader, err := ca.NewTLSKeyPairLoader(config.Certificate, config.PrivateKey, C.Path) certLoader, err := ca.NewTLSKeyPairLoader(config.Certificate, config.PrivateKey)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -75,7 +75,7 @@ func NewWithConfig(config LC.AuthServer, tunnel C.Tunnel, additions ...inbound.A
} }
if config.EchKey != "" { if config.EchKey != "" {
err = ech.LoadECHKey(config.EchKey, tlsConfig, C.Path) err = ech.LoadECHKey(config.EchKey, tlsConfig)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -88,7 +88,7 @@ func NewWithConfig(config LC.AuthServer, tunnel C.Tunnel, additions ...inbound.A
} }
} }
if tlsConfig.ClientAuth == tls.VerifyClientCertIfGiven || tlsConfig.ClientAuth == tls.RequireAndVerifyClientCert { if tlsConfig.ClientAuth == tls.VerifyClientCertIfGiven || tlsConfig.ClientAuth == tls.RequireAndVerifyClientCert {
pool, err := ca.LoadCertificates(config.ClientAuthCert, C.Path) pool, err := ca.LoadCertificates(config.ClientAuthCert)
if err != nil { if err != nil {
return nil, err return nil, err
} }

6
listener/trojan/server.go
View File

@ -76,7 +76,7 @@ func New(config LC.TrojanServer, tunnel C.Tunnel, additions ...inbound.Addition)
var httpServer http.Server var httpServer http.Server
if config.Certificate != "" && config.PrivateKey != "" { if config.Certificate != "" && config.PrivateKey != "" {
certLoader, err := ca.NewTLSKeyPairLoader(config.Certificate, config.PrivateKey, C.Path) certLoader, err := ca.NewTLSKeyPairLoader(config.Certificate, config.PrivateKey)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -85,7 +85,7 @@ func New(config LC.TrojanServer, tunnel C.Tunnel, additions ...inbound.Addition)
} }
if config.EchKey != "" { if config.EchKey != "" {
err = ech.LoadECHKey(config.EchKey, tlsConfig, C.Path) err = ech.LoadECHKey(config.EchKey, tlsConfig)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -98,7 +98,7 @@ func New(config LC.TrojanServer, tunnel C.Tunnel, additions ...inbound.Addition)
} }
} }
if tlsConfig.ClientAuth == tls.VerifyClientCertIfGiven || tlsConfig.ClientAuth == tls.RequireAndVerifyClientCert { if tlsConfig.ClientAuth == tls.VerifyClientCertIfGiven || tlsConfig.ClientAuth == tls.RequireAndVerifyClientCert {
pool, err := ca.LoadCertificates(config.ClientAuthCert, C.Path) pool, err := ca.LoadCertificates(config.ClientAuthCert)
if err != nil { if err != nil {
return nil, err return nil, err
} }

6
listener/tuic/server.go
View File

@ -53,7 +53,7 @@ func New(config LC.TuicServer, tunnel C.Tunnel, additions ...inbound.Addition) (
Time: ntp.Now, Time: ntp.Now,
MinVersion: tls.VersionTLS13, MinVersion: tls.VersionTLS13,
} }
certLoader, err := ca.NewTLSKeyPairLoader(config.Certificate, config.PrivateKey, C.Path) certLoader, err := ca.NewTLSKeyPairLoader(config.Certificate, config.PrivateKey)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -67,7 +67,7 @@ func New(config LC.TuicServer, tunnel C.Tunnel, additions ...inbound.Addition) (
} }
} }
if tlsConfig.ClientAuth == tls.VerifyClientCertIfGiven || tlsConfig.ClientAuth == tls.RequireAndVerifyClientCert { if tlsConfig.ClientAuth == tls.VerifyClientCertIfGiven || tlsConfig.ClientAuth == tls.RequireAndVerifyClientCert {
pool, err := ca.LoadCertificates(config.ClientAuthCert, C.Path) pool, err := ca.LoadCertificates(config.ClientAuthCert)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -75,7 +75,7 @@ func New(config LC.TuicServer, tunnel C.Tunnel, additions ...inbound.Addition) (
} }
if config.EchKey != "" { if config.EchKey != "" {
err = ech.LoadECHKey(config.EchKey, tlsConfig, C.Path) err = ech.LoadECHKey(config.EchKey, tlsConfig)
if err != nil { if err != nil {
return nil, err return nil, err
} }