cert

package
v0.3.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 13, 2018 License: MIT, BSD-3-Clause Imports: 17 Imported by: 0

README

package cert

This package contains functions for creating a local development root certificate that can then be used with net/http tlsConfig servers to dynamically generate SSL certificates in development.

The generated certificates are kept in-memory in a cache and are re-generated on next execution.

On macOS the certificate is installed into the system keychain (a password prompt is shown) so all generated certificates are trusted automatically.

Usage example

You need to run the root certificate creation step once:

  keyPath, certPath, err := cert.CreateCert("/path/to/cert/dir", "My CA")

Then install the certificate for your platform:

  err := cert.InstallCert(certPath)

Now you can create an HTTPS server that uses the root certificate to generate valid certificates dynamically:

  cache, err := cert.NewCache()

  tlsConfig := &tls.Config{
    GetCertificate: cache.GetCertificate,
  }

See https://github.com/moomerman/zap/tree/master/cert/example_test.go for a full example.

Credits

The majority of the code for this package was extracted from https://github.com/puma/puma-dev.

Documentation

Overview

Example 
package main

import (
	"crypto/tls"
	"fmt"
	"log"
	"net/http"

	"github.com/moomerman/zap/cert"
)

func main() {
	cache, err := cert.NewCache()
	if err != nil {
		log.Fatal("Unable to create new cert cache", err)
	}

	tlsConfig := &tls.Config{
		GetCertificate: cache.GetCertificate,
	}

	server := &http.Server{
		TLSConfig: tlsConfig,
	}

	listener, err := tls.Listen("tcp", ":4443", tlsConfig)
	if err != nil {
		log.Fatal("Unable to create listener", err)
	}

	fmt.Println(server.Serve(listener))
}

Output:

Index

Examples

Constants

This section is empty.

Variables

View Source 
var CACert *tls.Certificate

CACert is the self-signed root certificate

Functions

func CreateCACert added in v0.3.1 

func CreateCACert(caName string) ([]byte, []byte, error)

CreateCACert creates and returns a new CA certificate key pair

func CreateCertLegacy added in v0.3.1 

func CreateCertLegacy() error

CreateCertLegacy creates a new self-signed root certificate

func EncodeCert added in v0.3.1 

func EncodeCert(cert *tls.Certificate) ([]byte, []byte, error)

EncodeCert is a helper to encode the given certificate

func InstallCert added in v0.3.1 

func InstallCert(cert string) error

InstallCert installs a CA certificate root in the system cacerts on linux

func IssueCert added in v0.3.1 

func IssueCert(parent *tls.Certificate, commonName string, ipAddress net.IP) (*tls.Certificate, error)

IssueCert generates a signed Key/Cert pair for the given CACert with the given name

func LoadCACert added in v0.3.1 

func LoadCACert(rootDir string) (*tls.Certificate, error)

LoadCACert loads a certificate key pair into memory

Types

type Cache 

type Cache struct {
	// contains filtered or unexported fields
}

Cache is a struct to hold the dynamic certificates and a lock

func NewCache 

func NewCache() (*Cache, error)

NewCache holds the dynamically generated host certificates

func (*Cache) GetCertificate 

func (c *Cache) GetCertificate(clientHello *tls.ClientHelloInfo) (*tls.Certificate, error)

GetCertificate implements the required function for tls config

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.