x509proxy

package module
v1.0.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 19, 2025 License: MIT Imports: 9 Imported by: 13

README

x509proxy

Go CI build GoDoc Go Report Card DOI

Package to handle X509 proxy certificates.

Example
import (
	"crypto/tls"
	"io/ioutil"
	"log"
	"net/http"
    "github.com/vkuznet/x509proxy"
    "os"
)

// load X509 certificates
func Certs() (tls_certs []tls.Certificate) {
	uproxy := os.Getenv("X509_USER_PROXY")
	uckey := os.Getenv("X509_USER_KEY")
	ucert := os.Getenv("X509_USER_CERT")
	log.Println("X509_USER_PROXY", uproxy)
	log.Println("X509_USER_KEY", uckey)
	log.Println("X509_USER_CERT", ucert)
	if len(uproxy) > 0 {
		// use local implementation of LoadX409KeyPair instead of tls one
		x509cert, err := x509proxy.LoadX509Proxy(uproxy)
		if err != nil {
			log.Println("Fail to parser proxy X509 certificate", err)
			return
		}
		tls_certs = []tls.Certificate{x509cert}
	} else if len(uckey) > 0 {
		x509cert, err := tls.LoadX509KeyPair(ucert, uckey)
		if err != nil {
			log.Println("Fail to parser user X509 certificate", err)
			return
		}
		tls_certs = []tls.Certificate{x509cert}
	} else {
		return
	}
	return
}

// HTTP client
func HttpClient() (client *http.Client) {
	// create HTTP client
	certs := Certs()
	log.Println("Number of certificates", len(certs))
	if len(certs) == 0 {
		client = &http.Client{}
		return
	}
	tr := &http.Transport{
		TLSClientConfig: &tls.Config{Certificates: certs,
			InsecureSkipVerify: true},
	}
	log.Println("Create TLSClientConfig")
	client = &http.Client{Transport: tr}
	return
}

// create global HTTP client and re-use it through the code
var client = HttpClient()

// now you http client is ready to use X509 proxy

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func GetTlsCert 

func GetTlsCert(der []byte) (*tls.Certificate, error)

GetTlsCert parses a single certificate from the given ASN.1 DER data and X509 proxy

func LoadX509KeyPair 

func LoadX509KeyPair(serverCrt, serverKey string) (cert tls.Certificate, err error)

LoadX509KeyPair parses a public/private key pair from a pair of PEM encoded data. It is slightly modified version of tls.X509Proxy where Leaf assignment is made to make proxy certificate works.

func LoadX509Proxy 

func LoadX509Proxy(proxyFile string) (cert tls.Certificate, err error)

LoadX509Proxy reads and parses a chained proxy file which contains PEM encoded data. It returns X509KeyPair. It is slightly modified version of tls.LoadX509Proxy function with addition of custom parse function (getData) for provided proxy file

func ParseCertificate 

func ParseCertificate(der []byte) (*x509.Certificate, error)

ParseCertificate parses a single certificate from the given ASN.1 DER data and X509 proxy

Types

This section is empty.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.