From 054f569c2fc505006e8b6a4b901a8d046bd1e585 Mon Sep 17 00:00:00 2001
From: mzz <2017@duck.com>
Date: Mon, 7 Aug 2023 22:23:18 +0800
Subject: [PATCH] optimize(juicity): support Base64URLEncoding for
 PinnedCertchainSha256 (#265)

---
 component/outbound/dialer/juicity/juicity.go | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/component/outbound/dialer/juicity/juicity.go b/component/outbound/dialer/juicity/juicity.go
index 2dd9dd31e..e6bf3879d 100644
--- a/component/outbound/dialer/juicity/juicity.go
+++ b/component/outbound/dialer/juicity/juicity.go
@@ -5,6 +5,7 @@ import (
 	"crypto/tls"
 	"crypto/x509"
 	"encoding/base64"
+	"encoding/hex"
 	"fmt"
 	"net"
 	"net/url"
@@ -52,9 +53,15 @@ func (s *Juicity) Dialer(option *dialer.GlobalOption, nextDialer netproxy.Dialer
 		InsecureSkipVerify: s.AllowInsecure || option.AllowInsecure,
 	}
 	if s.PinnedCertchainSha256 != "" {
-		pinnedHash, err := base64.StdEncoding.DecodeString(s.PinnedCertchainSha256)
+		pinnedHash, err := base64.URLEncoding.DecodeString(s.PinnedCertchainSha256)
 		if err != nil {
-			return nil, nil, fmt.Errorf("decode pin_certchain_sha256: %w", err)
+			pinnedHash, err = base64.StdEncoding.DecodeString(s.PinnedCertchainSha256)
+			if err != nil {
+				pinnedHash, err = hex.DecodeString(s.PinnedCertchainSha256)
+				if err != nil {
+					return nil, nil, fmt.Errorf("failed to decode PinnedCertchainSha256")
+				}
+			}
 		}
 		tlsConfig.InsecureSkipVerify = true
 		tlsConfig.VerifyPeerCertificate = func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error {