mustcert

package
v0.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 9, 2023 License: BSD-3-Clause Imports: 11 Imported by: 0

README

mustcert

mustcert is a package that creates certificates for testing TLS.

Documentation

Full documentation is available on godoc.

Documentation

Overview

Package mustcert generates certificates for TLS testing

Example

This example uses mustcert to create certificates, start a TLS server, and a client to talk to it.

ca := CA("root", nil)
serverCert := Leaf("localhost", ca)
clientCert := Leaf("client", ca)

// Create the TLS Test Server
server := httptest.NewUnstartedServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
	if _, err := w.Write([]byte("hello, world!")); err != nil {
		fmt.Println(err)
	}
}))

rootCAs := Pool(ca.TLS())
server.TLS = &tls.Config{
	ClientAuth:   tls.RequireAndVerifyClientCert,
	Certificates: []tls.Certificate{*serverCert.TLS()},
	RootCAs:      rootCAs,
	ClientCAs:    rootCAs,
}
server.StartTLS()
defer server.Close()

// Create the Client configuration
cert, err := tls.X509KeyPair([]byte(clientCert.CertPEM()), []byte(clientCert.KeyPEM()))
if err != nil {
	fmt.Println(err)
}
caCertPool := Pool(ca.TLS())
config := &tls.Config{
	Certificates:       []tls.Certificate{cert},
	RootCAs:            caCertPool,
	InsecureSkipVerify: true,
}

// Create the HTTP Client
client := &http.Client{
	Transport: &http.Transport{
		TLSClientConfig: config,
	},
}

// Make a client request to the HTTP Server
resp, err := client.Get(server.URL)
if err != nil {
	fmt.Println(err)
}
defer resp.Body.Close()

bodyBytes, err := io.ReadAll(resp.Body)
if err != nil {
	fmt.Println(err)
}
bodyString := string(bodyBytes)
fmt.Println(bodyString)
Output:

hello, world!

Index

Examples

Constants

This section is empty.

Variables

This section is empty.

Functions

func Pool

func Pool(certs ...*tls.Certificate) *x509.CertPool

Pool is a set of x509 certificates.

Types

type Cert

type Cert tls.Certificate

Cert is an alias for tls.Certificate with extra helper methods.

func CA

func CA(commonName string, parent *Cert) *Cert

CA generates a new certificate that can sign leaf & intermediary certificates. The certificate is self-signed if parent is nil.

func Leaf

func Leaf(commonName string, parent *Cert, opts ...func(*x509.Certificate)) *Cert

Leaf generates a new leaf certificate. The certificate is self-signed if parent is nil. If opts are provided, they are invoked on the certificate before it's signed

func (*Cert) CertMap

func (c *Cert) CertMap() map[string]string

CertMap is a map holding the PEM encoded cert & key.

func (*Cert) CertPEM

func (c *Cert) CertPEM() string

CertPEM is the PEM encoded x509 certificate data.

func (*Cert) KeyPEM

func (c *Cert) KeyPEM() string

KeyPEM is the PEM encoded private key data.

func (*Cert) Sign

func (c *Cert) Sign(child *Cert) *Cert

Sign returns a new Cert with an additional signature signed by c.

func (*Cert) TLS

func (c *Cert) TLS() *tls.Certificate

TLS returns c as a *tls.Certificate.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL