optimize(juicity): support Base64URLEncoding for PinnedCertchainSha256 (#265)

2024-12-22 21:05:06 +07:00 · 2023-08-07 22:23:18 +08:00 · 2023-08-07 22:23:18 +08:00 · 054f569c2f
commit 054f569c2f
parent 62ca625aaf
1 changed files with 9 additions and 2 deletions
--- a/component/outbound/dialer/juicity/juicity.go
+++ b/component/outbound/dialer/juicity/juicity.go
@ -5,6 +5,7 @@ import (
 	"crypto/tls"
 	"crypto/x509"
 	"encoding/base64"
+	"encoding/hex"
 	"fmt"
 	"net"
 	"net/url"
@ -52,9 +53,15 @@ func (s *Juicity) Dialer(option *dialer.GlobalOption, nextDialer netproxy.Dialer
 		InsecureSkipVerify: s.AllowInsecure || option.AllowInsecure,
 	}
 	if s.PinnedCertchainSha256 != "" {
-		pinnedHash, err := base64.StdEncoding.DecodeString(s.PinnedCertchainSha256)
+		pinnedHash, err := base64.URLEncoding.DecodeString(s.PinnedCertchainSha256)
 		if err != nil {
-			return nil, nil, fmt.Errorf("decode pin_certchain_sha256: %w", err)
+			pinnedHash, err = base64.StdEncoding.DecodeString(s.PinnedCertchainSha256)
+			if err != nil {
+				pinnedHash, err = hex.DecodeString(s.PinnedCertchainSha256)
+				if err != nil {
+					return nil, nil, fmt.Errorf("failed to decode PinnedCertchainSha256")
+				}
+			}
 		}
 		tlsConfig.InsecureSkipVerify = true
 		tlsConfig.VerifyPeerCertificate = func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error {