trustme

package module
v0.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 22, 2020 License: MIT Imports: 15 Imported by: 0

README

Trust me. Go!

Go codecov GoDoc Go Report Card

Inspired by trustme for Python.

trustme-go is a small Go package that offers you with fake certificate autority (CA) that issues TLS certificates for Go tests for the cases when httptest.NewTLSServer is not enough.

Example

func TestExample(t *testing.T) {
	ca := trustme.New(t)

	srvCfg := ca.MustIssue(trustme.WithIP(net.ParseIP("127.0.0.1"))).AsServerConfig()
	srvCfg.ClientAuth = tls.RequireAndVerifyClientCert
	listener, _ := tls.Listen("tcp", "127.0.0.1:0", srvCfg)
	defer listener.Close()

	srv := http.Server{
		Handler: http.HandlerFunc(ExampleHandler),
	}
	defer srv.Close()
	go srv.Serve(listener)

	client := &http.Client{
		Transport: &http.Transport{
			TLSClientConfig: ca.MustIssue().AsClientConfig(),
		},
		Timeout: time.Second * 5,
	}

	client.Get(fmt.Sprintf("https://%s/", listener.Addr().String()))
}

Documentation

Overview

Package trustme offers you fake certificate authority (CA) that issues TLS certificates for Go tests.

Example 
ca := trustme.New(&testing.T{})

srvCfg := ca.MustIssue(trustme.WithIP(net.ParseIP("127.0.0.1"))).AsServerConfig()
srvCfg.ClientAuth = tls.RequireAndVerifyClientCert
listener, _ := tls.Listen("tcp", "127.0.0.1:0", srvCfg)
defer listener.Close()

srv := http.Server{
	Handler: http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		if len(r.TLS.PeerCertificates) == 0 {
			http.Error(w, "Requires mTLS", http.StatusUnauthorized)
		}
	}),
}
defer srv.Close()
go srv.Serve(listener)

client := &http.Client{
	Transport: &http.Transport{
		TLSClientConfig: ca.MustIssue().AsClientConfig(),
	},
	Timeout: time.Second * 5,
}

client.Get(fmt.Sprintf("https://%s/", listener.Addr().String()))

// ...

Output:

Index

Examples

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Authority 

type Authority struct {
	// contains filtered or unexported fields
}

Authority is a fake certification authority for issuing TLS certificates for tests. It provides the "errorless" interface where the test fails when the operation would return error.

func New 

func New(t *testing.T, options ...AuthorityOption) *Authority

New returns new instance of th CA and fails the test when creation fails.

func (*Authority) CertPool 

func (a *Authority) CertPool() *x509.CertPool

CertPool x509.CertPool that contains fake CA's certificate.

func (*Authority) Certificate 

func (a *Authority) Certificate() *x509.Certificate

Certificate returns public certificate of underlying fake CA.

func (*Authority) Key 

func (a *Authority) Key() *rsa.PrivateKey

Key returns private key of underlying fake CA.

func (*Authority) MustIssue 

func (a *Authority) MustIssue(options ...IssueOption) *KeyPair

MustIssue issues new certificate signed by the CA. Fails the test

type AuthorityOption 

type AuthorityOption interface {
	// contains filtered or unexported methods
}

AuthorityOption configures the Authority.

func WithOrganization 

func WithOrganization(organization string) AuthorityOption

WithOrganization configures the CA's organization.

type IssueOption 

type IssueOption interface {
	// contains filtered or unexported methods
}

IssueOption configures the issued KeyPair.

func WithDNS 

func WithDNS(name string) IssueOption

WithDNS configures DNS names SANs of the issued certificate. Can be used multiple times.

func WithEmail 

func WithEmail(email string) IssueOption

WithEmail configures e-mail adresses SANs of the issued certificate. Can be used multiple times.

func WithIP 

func WithIP(ipAddress net.IP) IssueOption

WithIP configures DNS names SANs of the issued certificate. Can be used multiple times.

func WithURI 

func WithURI(uri *url.URL) IssueOption

WithURI configures URIs SANs of the issued certificate. Can be used multiple times.

type KeyPair 

type KeyPair struct {
	// contains filtered or unexported fields
}

KeyPair represents server or client certificate.

func (*KeyPair) AsClientConfig 

func (kp *KeyPair) AsClientConfig() *tls.Config

AsClientConfig returns tls.Config for the client KeyPair's public certificate and private prefilled.

func (*KeyPair) AsServerConfig 

func (kp *KeyPair) AsServerConfig() *tls.Config

AsServerConfig returns tls.Config for the server KeyPair's public certificate and private prefilled.

func (*KeyPair) AsX509KeyPair 

func (kp *KeyPair) AsX509KeyPair() tls.Certificate

AsX509KeyPair returns content KeyPair as tls.Certificate.

func (*KeyPair) Certificate 

func (kp *KeyPair) Certificate() *x509.Certificate

Certificate returns public certificate of the KeyPair.

func (*KeyPair) CertificatePEM 

func (kp *KeyPair) CertificatePEM() []byte

CertificatePEM returns PEM encoded KeyPair's certificate.

func (*KeyPair) Key 

func (kp *KeyPair) Key() *rsa.PrivateKey

Key returns private key of the KeyPair.

func (*KeyPair) KeyPEM 

func (kp *KeyPair) KeyPEM() []byte

KeyPEM returns PEM encoded KeyPair's private key.

type Option 

type Option interface {
	AuthorityOption
	IssueOption
}

Option configures the Authority and the issued KeyPair.

func WithCommonName 

func WithCommonName(commonName string) Option

WithCommonName configures common name of the issued certificate.

func WithRSABits 

func WithRSABits(rsaBits int) Option

WithRSABits configures the length of RSA private key of the CA's and issued certificate.

func WithTTL 

func WithTTL(ttl time.Duration) Option

WithTTL configures time to live of the CA's and issued certificates.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.