update certs

Mag1cFall · Mag1cFall · commit 32050d562bc9 · 2025-12-10T23:53:59.000+08:00
diff --git a/docs/reverse-engineering-internals.md b/docs/reverse-engineering-internals.md
@@ -27,13 +27,14 @@
 #### 1. 根 CA 证书生成 (`CertStore._create_authority`)
 
 ```python
-key = rsa.generate_private_key(public_exponent=65537, key_size=2048)
-cert = (
-    x509.CertificateBuilder()
-    .add_extension(x509.BasicConstraints(ca=True, path_length=None), critical=True)
-    .add_extension(x509.KeyUsage(key_cert_sign=True, crl_sign=True, ...), critical=True)
-    .sign(key, hashes.SHA256())
-)
+name = x509.Name([
+    x509.NameAttribute(NameOID.COUNTRY_NAME, self._profile['country']), # 随机国家 (JP/TW/DE/NL/SG)
+    x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, self._profile['state']),
+    x509.NameAttribute(NameOID.LOCALITY_NAME, self._profile['city']),
+    x509.NameAttribute(NameOID.ORGANIZATION_NAME, self._profile['org']),
+    x509.NameAttribute(NameOID.COMMON_NAME, self._profile['cn'])
+])
+# ... 证书签发逻辑 ...
 ```
 
 生成的 `ca.crt` 需要被系统/浏览器信任，才能使后续的域名证书被接受。
@@ -105,14 +106,17 @@ elif 'GenerateContent' in path:
 
 ### 响应解码流程 (`ResponseHandler.handle_response`)
 
+```python
 ```python
 async def handle_response(self, data, host, path, headers):
+    # 使用 memoryview 优化内存复制
     decoded, completed = self._unchunk(bytes(data))
     decoded = self._inflate(decoded)
     result = self._extract_content(decoded)
     result['done'] = completed
     return result
 ```
+```
 
 #### 1. Chunked 解码 (`_unchunk`)
 
@@ -171,17 +175,24 @@ elif len(payload) > 2:
 
 通过分析包含 Function Call 的响应，发现参数使用递归嵌套数组表示：
 
+```python
 ```python
 def _parse_tool_args(self, args):
+    extractors = {
+        1: lambda v: None,
+        2: lambda v: v[1],
+        3: lambda v: v[2],
+        4: lambda v: v[3] == 1,
+        5: lambda v: self._parse_tool_args(v[4]),
+    }
+    
     for param in params:
-        name = param[0]
-        value = param[1]
-        
-        if len(value) == 1: result[name] = None
-        elif len(value) == 2: result[name] = value[1]
-        elif len(value) == 3: result[name] = value[2]
-        elif len(value) == 4: result[name] = value[3] == 1
-        elif len(value) == 5: result[name] = self._parse_tool_args(value[4])
+        name, value = param[0], param[1]
+        if isinstance(value, list):
+            extractor = extractors.get(len(value))
+            if extractor:
+                result[name] = extractor(value)
+```
 ```
 
 value 数组长度与数据类型的映射关系：
diff --git a/src/proxy/connection.py b/src/proxy/connection.py
@@ -1,6 +1,7 @@
 import datetime
 import os
 import ssl
+import random
 from pathlib import Path
 from typing import Optional, Tuple
 from urllib.parse import urlparse
@@ -16,13 +17,23 @@
 import ssl as ssl_module
 
 
+CERT_PROFILES = [
+    {'country': 'JP', 'state': 'Tokyo', 'city': 'Shibuya', 'org': 'Interceptor Ltd', 'cn': 'Local Proxy Root'},
+    {'country': 'TW', 'state': 'Taiwan', 'city': 'Taipei', 'org': 'Secure Gateway', 'cn': 'Gateway CA'},
+    {'country': 'DE', 'state': 'Hessen', 'city': 'Frankfurt', 'org': 'Network Services', 'cn': 'Network CA'},
+    {'country': 'NL', 'state': 'Noord-Holland', 'city': 'Amsterdam', 'org': 'Privacy Tools', 'cn': 'Privacy CA Root'},
+    {'country': 'SG', 'state': 'Singapore', 'city': 'Singapore', 'org': 'Cloud Proxy', 'cn': 'Cloud CA'},
+]
+
+
 class CertStore:
 
     def __init__(self, storage_path: str = 'certs'):
         self.storage_dir = Path(storage_path)
         self.storage_dir.mkdir(exist_ok=True)
         self.authority_key_file = self.storage_dir / 'ca.key'
         self.authority_cert_file = self.storage_dir / 'ca.crt'
+        self._profile = random.choice(CERT_PROFILES)
         if not self.authority_cert_file.exists() or not self.authority_key_file.exists():
             self._create_authority()
         self._load_authority()
@@ -41,11 +52,11 @@ def _create_authority(self) -> None:
             ))
         
         name = x509.Name([
-            x509.NameAttribute(NameOID.COUNTRY_NAME, 'US'),
-            x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, 'California'),
-            x509.NameAttribute(NameOID.LOCALITY_NAME, 'San Francisco'),
-            x509.NameAttribute(NameOID.ORGANIZATION_NAME, 'Proxy CA'),
-            x509.NameAttribute(NameOID.COMMON_NAME, 'Proxy CA Root')
+            x509.NameAttribute(NameOID.COUNTRY_NAME, self._profile['country']),
+            x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, self._profile['state']),
+            x509.NameAttribute(NameOID.LOCALITY_NAME, self._profile['city']),
+            x509.NameAttribute(NameOID.ORGANIZATION_NAME, self._profile['org']),
+            x509.NameAttribute(NameOID.COMMON_NAME, self._profile['cn'])
         ])
         
         cert = (
diff --git a/src/proxy/handler.py b/src/proxy/handler.py
@@ -102,22 +102,20 @@ def _parse_tool_args(self, args: List) -> Dict:
             params = args[0]
             result = {}
             
+            extractors = {
+                1: lambda v: None,
+                2: lambda v: v[1],
+                3: lambda v: v[2],
+                4: lambda v: v[3] == 1,
+                5: lambda v: self._parse_tool_args(v[4]),
+            }
+            
             for param in params:
-                name = param[0]
-                value = param[1]
-                
+                name, value = param[0], param[1]
                 if isinstance(value, list):
-                    length = len(value)
-                    if length == 1:
-                        result[name] = None
-                    elif length == 2:
-                        result[name] = value[1]
-                    elif length == 3:
-                        result[name] = value[2]
-                    elif length == 4:
-                        result[name] = value[3] == 1
-                    elif length == 5:
-                        result[name] = self._parse_tool_args(value[4])
+                    extractor = extractors.get(len(value))
+                    if extractor:
+                        result[name] = extractor(value)
             
             return result
         except Exception as e:
@@ -130,35 +128,32 @@ def _inflate(compressed: bytes) -> bytes:
 
     @staticmethod
     def _unchunk(body: bytes) -> Tuple[bytes, bool]:
+        mv = memoryview(body)
         result = bytearray()
+        offset = 0
+        body_len = len(mv)
         
-        while True:
-            crlf_pos = body.find(b'\r\n')
+        while offset < body_len:
+            crlf_pos = body.find(b'\r\n', offset)
             if crlf_pos == -1:
                 break
             
-            hex_size = body[:crlf_pos]
             try:
-                chunk_size = int(hex_size, 16)
+                chunk_size = int(mv[offset:crlf_pos].tobytes(), 16)
             except ValueError as e:
                 logging.error(f'Chunk parse error: {e}')
                 break
             
             if chunk_size == 0:
-                end_marker = body.find(b'0\r\n\r\n')
-                if end_marker != -1:
-                    return bytes(result), True
-            
-            if chunk_size + 2 > len(body):
-                break
+                return bytes(result), True
             
-            start = crlf_pos + 2
-            end = start + chunk_size
-            result.extend(body[start:end])
+            data_start = crlf_pos + 2
+            data_end = data_start + chunk_size
             
-            if end + 2 > len(body):
+            if data_end > body_len:
                 break
             
-            body = body[end + 2:]
+            result.extend(mv[data_start:data_end])
+            offset = data_end + 2
         
         return bytes(result), False
