Documentation ¶
Index ¶
Examples ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Certificate ¶
type Certificate struct { Cert *x509.Certificate Bytes []byte Key *rsa.PrivateKey KeyBytes []byte CertPath string KeyPath string // contains filtered or unexported fields }
Certificate represents a certificate and private key pair. It's a wrapper around the x509.Certificate and rsa.PrivateKey types, and includes the raw bytes of the certificate and private key.
func SelfSigned ¶
func SelfSigned(host string) *Certificate
SelfSigned Generate a self-signed X.509 certificate for a TLS server. Returns a struct containing the certificate and private key, as well as the raw bytes for both of them. The raw bytes will be PEM-encoded. Considerations for the generated certificate are as follows:
- will be valid for the duration set in the ValidFor option, starting from 1 minute ago. Else, it will be valid for 1 year.
- will be signed by the parent certificate if the WithParent option is set. Else, it will be self-signed.
- will be saved to the directory set in the WithSaveToFile option. Else, it will not be saved to disk.
- will be its own Certificate Authority if the AsCA option is set. Else, it will not be a CA.
Example ¶
package main import ( "fmt" "io" "log" "net/http" "os" "github.com/mdelapenya/tlscert" ) func main() { tmp := os.TempDir() certsDir := tmp + "/certs" defer os.RemoveAll(certsDir) if err := os.MkdirAll(certsDir, 0o755); err != nil { log.Fatal(err) // nolint: gocritic } // Generate a certificate for localhost and save it to disk. caCert := tlscert.SelfSignedFromRequest(tlscert.Request{ Host: "localhost", Name: "ca-cert", ParentDir: certsDir, }) if caCert == nil { log.Fatal("Failed to generate CA certificate") } cert := tlscert.SelfSignedFromRequest(tlscert.Request{ Host: "localhost", Name: "client-cert", Parent: caCert, ParentDir: certsDir, }) if cert == nil { log.Fatal("Failed to generate certificate") } // create an http server that uses the generated certificate // and private key to serve requests over HTTPS server := &http.Server{ Addr: ":8443", } server.Handler = http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) { w.Header().Set("Content-Type", "text/plain") _, err := w.Write([]byte("TLS works!\n")) if err != nil { log.Printf("Failed to write response: %v", err) } }) go func() { _ = server.ListenAndServeTLS(cert.CertPath, cert.KeyPath) }() defer server.Close() // perform an HTTP request to the server, using the generated certificate const url = "https://localhost:8443/hello" client := &http.Client{Transport: cert.Transport()} resp, err := client.Get(url) if err != nil { log.Fatalf("Failed to get response: %v", err) } defer resp.Body.Close() body, err := io.ReadAll(resp.Body) if err != nil { log.Fatalf("Failed to read response body: %v", err) } fmt.Println(string(body)) }
Output: TLS works!
func SelfSignedCA ¶
func SelfSignedCA(host string) *Certificate
SelfSignedCA Generate a self-signed X.509 certificate for a Certificate Authority. This function is a wrapper around SelfSigned, with the IsCA option set to true.
func SelfSignedFromRequest ¶
func SelfSignedFromRequest(req Request) *Certificate
SelfSignedFromRequest Generate a self-signed X.509 certificate for a TLS server, using the provided CertRequest.
func (*Certificate) TLSConfig ¶
func (c *Certificate) TLSConfig() *tls.Config
TLSConfig returns a tls.Config that uses the certificate as the root CA, and the certificate for the server's certificate. This method will cache the tls.Config for future calls.
func (*Certificate) Transport ¶
func (c *Certificate) Transport() *http.Transport
Transport returns an http.Transport that uses the certificate as the root CA.
type Request ¶
type Request struct { // Name of the certificate. Will be used to save the certificate and private key to disk (e.g. cert-<Name>.pem, key-<Name>.pem) Name string // CommonName is the subject name of the certificate SubjectCommonName string // Host sets the hostnames and IPs to generate a certificate for. // In the case the passed string contains comma-separated values, // it will be split into multiple hostnames and IPs. Each hostname and IP // will be trimmed of whitespace, and if the value is an IP, it will be // added to the IPAddresses field of the certificate, after the ones // passed with the WithIPAddresses option. Otherwise, it will be added // to the DNSNames field. Host string // Duration that certificate is valid for ValidFor time.Duration // IsCA sets the certificate as a Certificate Authority. // When passed, the KeyUsage field of the certificate // will append the x509.KeyUsageCertSign usage. IsCA bool // IPAddresses IP addresses to include in the Subject Alternative Name IPAddresses []net.IP // Parent the parent certificate and private key of the certificate. // It's used to sign the certificate with the parent certificate. // At the moment the parent is set, the issuer of the certificate will be // set to the common name of the parent certificate. Parent *Certificate // ParentDir sets the directory to save the certificate and private key. ParentDir string }
Request represents a request to generate a self-signed X.509 certificate.
func NewRequest ¶
NewRequest returns a new CertRequest with default values to avoid nil pointers. The name of the certificate will be set to the host, replacing all commas with underscores. The certificate will be valid for 1 year.