当前位置: 首页>>代码示例>>Golang>>正文


Golang Certificate.PrivateKey方法代码示例

本文整理汇总了Golang中crypto/tls.Certificate.PrivateKey方法的典型用法代码示例。如果您正苦于以下问题:Golang Certificate.PrivateKey方法的具体用法?Golang Certificate.PrivateKey怎么用?Golang Certificate.PrivateKey使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在crypto/tls.Certificate的用法示例。


在下文中一共展示了Certificate.PrivateKey方法的4个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Golang代码示例。

示例1: FromPemBytes

// FromPemBytes loads a PEM certificate from an in memory byte array and
// returns a tls.Certificate. This function is similar to the crypto/tls
// X509KeyPair function, however it supports PEM files with the cert and
// key combined, as well as password protected keys which are both common with
// APNs certificates.
//
// Use "" as the password argument if the PEM certificate is not password
// protected.
func FromPemBytes(bytes []byte, password string) (tls.Certificate, error) {
	var cert tls.Certificate
	var block *pem.Block
	for {
		block, bytes = pem.Decode(bytes)
		if block == nil {
			break
		}
		if block.Type == "CERTIFICATE" {
			cert.Certificate = append(cert.Certificate, block.Bytes)
		}
		if block.Type == "PRIVATE KEY" || strings.HasSuffix(block.Type, "PRIVATE KEY") {
			key, err := unencryptPrivateKey(block, password)
			if err != nil {
				return tls.Certificate{}, err
			}
			cert.PrivateKey = key
		}
	}
	if len(cert.Certificate) == 0 {
		return tls.Certificate{}, ErrNoCertificate
	}
	if cert.PrivateKey == nil {
		return tls.Certificate{}, ErrNoPrivateKey
	}
	if c, e := x509.ParseCertificate(cert.Certificate[0]); e == nil {
		cert.Leaf = c
	}
	return cert, nil
}
开发者ID:sideshow,项目名称:apns2,代码行数:38,代码来源:certificate.go

示例2: interceptRequest

// Intercepts an SSL connection to a remote server. The request will instead be
// redirected to the socket configured at p.SocketPath.
//
// SSL Added and removed here! :-)
func (p *InterceptingProxyHandler) interceptRequest(w http.ResponseWriter, r *http.Request) {
	log.Println("hijacking TLS connection")

	tlsConn, err := tls.Dial("tcp", r.URL.Host, nil)
	defer tlsConn.Close()

	if err != nil {
		log.Println("error dialing TLS, falling back:", err)
		p.doConnectRequest(w, r)
		return
	}

	cs := tlsConn.ConnectionState()
	peerCerts := cs.PeerCertificates

	fakedCert := tls.Certificate{}
	fakedCert.PrivateKey = p.privateKey

	for _, peerCert := range peerCerts {
		fakedCert.Certificate = append(fakedCert.Certificate, peerCert.Raw)
	}

	host, _, _ := net.SplitHostPort(r.URL.Host)

	config := &tls.Config{
		Certificates:             []tls.Certificate{fakedCert},
		ServerName:               host,
		PreferServerCipherSuites: true,
		CipherSuites:             VulnerableCipherSuites,
		MaxVersion:               tls.VersionTLS11,
	}

	w.WriteHeader(http.StatusOK)

	hijackedConnection, _, err := w.(http.Hijacker).Hijack()
	if err != nil {
		log.Println("error hijacking connection", err)
		return
	}

	serverConn := tls.Server(hijackedConnection, config)

	if err := serverConn.Handshake(); err != nil {
		log.Println("error during handshake:", err)
		return
	}

	interceptorConn, err := net.Dial("unix", p.SocketPath)

	if err != nil {
		log.Println("error dialing socket:", err)
		return
	}

	go io.Copy(serverConn, interceptorConn)
	go io.Copy(interceptorConn, serverConn)
}
开发者ID:0xBADCA7,项目名称:CVE-2014-1266-poc,代码行数:61,代码来源:main.go

示例3: GetTLSConfig

// GetTLSConfig returns a TLS config generally suitable for client
// authentiation. The returned TLS config can be modified slightly
// to be made suitable for a server requiring client authentication;
// specifically, you should set the value of ClientAuth in the returned
// config to match your needs.
func (p *ParsedCertBundle) GetTLSConfig(usage TLSUsage) (*tls.Config, error) {
	tlsCert := tls.Certificate{
		Certificate: [][]byte{},
	}

	tlsConfig := &tls.Config{
		MinVersion: tls.VersionTLS12,
	}

	if p.Certificate != nil {
		tlsCert.Leaf = p.Certificate
	}

	if p.PrivateKey != nil {
		tlsCert.PrivateKey = p.PrivateKey
	}

	if p.CertificateBytes != nil && len(p.CertificateBytes) > 0 {
		tlsCert.Certificate = append(tlsCert.Certificate, p.CertificateBytes)
	}

	if len(p.CAChain) > 0 {
		for _, cert := range p.CAChain {
			tlsCert.Certificate = append(tlsCert.Certificate, cert.Bytes)
		}

		// Technically we only need one cert, but this doesn't duplicate code
		certBundle, err := p.ToCertBundle()
		if err != nil {
			return nil, fmt.Errorf("Error converting parsed bundle to string bundle when getting TLS config: %s", err)
		}

		caPool := x509.NewCertPool()
		ok := caPool.AppendCertsFromPEM([]byte(certBundle.CAChain[0]))
		if !ok {
			return nil, fmt.Errorf("Could not append CA certificate")
		}

		if usage&TLSServer > 0 {
			tlsConfig.ClientCAs = caPool
			tlsConfig.ClientAuth = tls.VerifyClientCertIfGiven
		}
		if usage&TLSClient > 0 {
			tlsConfig.RootCAs = caPool
		}
	}

	if tlsCert.Certificate != nil && len(tlsCert.Certificate) > 0 {
		tlsConfig.Certificates = []tls.Certificate{tlsCert}
		tlsConfig.BuildNameToCertificate()
	}

	return tlsConfig, nil
}
开发者ID:quixoten,项目名称:vault,代码行数:59,代码来源:types.go

示例4: loadCertificate

func loadCertificate() (tls.Certificate, error) {
	if *p12File != "" {
		cert := tls.Certificate{}
		b, err := ioutil.ReadFile(*p12File)
		if err != nil {
			return cert, err
		}
		key, cer, err := pkcs12.Decode(b, *p12Password)
		if err != nil {
			return cert, err
		}
		cert.PrivateKey = key
		cert.Certificate = [][]byte{cer.Raw}
		return cert, nil
	} else {
		return tls.LoadX509KeyPair(*cerFile, *keyFile)
	}
}
开发者ID:zhuweijava,项目名称:apnsapi,代码行数:18,代码来源:main.go


注:本文中的crypto/tls.Certificate.PrivateKey方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。