本文整理汇总了Golang中crypto/tls.Config.BuildNameToCertificate方法的典型用法代码示例。如果您正苦于以下问题:Golang Config.BuildNameToCertificate方法的具体用法?Golang Config.BuildNameToCertificate怎么用?Golang Config.BuildNameToCertificate使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类crypto/tls.Config
的用法示例。
在下文中一共展示了Config.BuildNameToCertificate方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Golang代码示例。
示例1: ExampleConvertToPEM
func ExampleConvertToPEM() {
var p12, _ = base64.StdEncoding.DecodeString(`MIIJzgIBAzCCCZQGCS ... CA+gwggPk==`)
blocks, err := ConvertToPEM(p12, []byte("password"))
if err != nil {
panic(err)
}
pemData := []byte{}
for _, b := range blocks {
pemData = append(pemData, pem.EncodeToMemory(b)...)
}
// then use PEM data for tls to construct tls certificate:
cert, err := tls.X509KeyPair(pemData, pemData)
if err != nil {
panic(err)
}
config := tls.Config{
Certificates: []tls.Certificate{cert},
}
config.BuildNameToCertificate()
for name := range config.NameToCertificate {
fmt.Println(name)
}
}
示例2: NewTLSConfig
// NewTLSConfig returns an initialized TLS configuration suitable for client
// authentication. If caFile is non-empty, it will be loaded.
func NewTLSConfig(caFile string, mutualTLS bool) (*tls.Config, error) {
var c tls.Config
// TLS 1.0 at a minimum (for mysql)
c.MinVersion = tls.VersionTLS10
c.PreferServerCipherSuites = true
if mutualTLS {
log.Info("MutualTLS requested, client certificates will be verified")
c.ClientAuth = tls.VerifyClientCertIfGiven
}
if caFile != "" {
data, err := ioutil.ReadFile(caFile)
if err != nil {
return &c, err
}
c.ClientCAs = x509.NewCertPool()
if !c.ClientCAs.AppendCertsFromPEM(data) {
return &c, errors.New("No certificates parsed")
}
log.Info("Read in CA file:", caFile)
}
c.BuildNameToCertificate()
return &c, nil
}
示例3: TestPEM
func TestPEM(t *testing.T) {
for commonName, base64P12 := range testdata {
p12, _ := base64.StdEncoding.DecodeString(base64P12)
blocks, err := ToPEM(p12, "")
if err != nil {
t.Fatalf("error while converting to PEM: %s", err)
}
var pemData []byte
for _, b := range blocks {
pemData = append(pemData, pem.EncodeToMemory(b)...)
}
cert, err := tls.X509KeyPair(pemData, pemData)
if err != nil {
t.Errorf("err while converting to key pair: %v", err)
}
config := tls.Config{
Certificates: []tls.Certificate{cert},
}
config.BuildNameToCertificate()
if _, exists := config.NameToCertificate[commonName]; !exists {
t.Errorf("did not find our cert in PEM?: %v", config.NameToCertificate)
}
}
}
示例4: HttpsClient
func (cfg ConfigT) HttpsClient(tmout time.Duration) *http.Client {
var httpclient http.Client
var tlsConfig *tls.Config
tlsConfig = &tls.Config{
Certificates: []tls.Certificate{cfg.ClientCert},
RootCAs: cfg.ClientCA,
InsecureSkipVerify: true,
}
tlsConfig.BuildNameToCertificate()
httpclient = http.Client{
Transport: &http.Transport{
TLSClientConfig: tlsConfig,
DisableCompression: true,
},
}
if tmout > time.Duration(0) {
httpclient.Transport.(*http.Transport).Dial = func(network, addr string) (net.Conn, error) {
return net.DialTimeout(network, addr, tmout)
}
}
return &httpclient
}
示例5: getTLSConfig
func getTLSConfig(clientCertPEMData, clientKeyPEMData []byte) (*tls.Config, error) {
certPool := x509.NewCertPool()
certChainPath := os.Getenv("ORCHARD_HOST_CA")
if certChainPath != "" {
certChainData, err := ioutil.ReadFile(certChainPath)
if err != nil {
return nil, err
}
certPool.AppendCertsFromPEM(certChainData)
} else {
certPool.AppendCertsFromPEM([]byte(orchardCerts))
}
clientCert, err := tls.X509KeyPair(clientCertPEMData, clientKeyPEMData)
if err != nil {
return nil, err
}
config := new(tls.Config)
config.RootCAs = certPool
config.Certificates = []tls.Certificate{clientCert}
config.BuildNameToCertificate()
return config, nil
}
示例6: GetTLSConfig
//func (ck *CertKit) GetTLSConfig(AuthRequired bool) (*tls.Config, error) {
func (ck *CertKit) GetTLSConfig(Access uint8) (*tls.Config, error) {
var atype tls.ClientAuthType
var tlsConfig *tls.Config
var roots *x509.CertPool
switch Access {
case stonelizard.AccessNone:
atype = tls.NoClientCert
case stonelizard.AccessAuth, stonelizard.AccessAuthInfo:
atype = tls.RequestClientCert
case stonelizard.AccessVerifyAuth, stonelizard.AccessVerifyAuthInfo:
atype = tls.RequireAndVerifyClientCert
// Code adapted from crypto/x509/root_unix.go
roots = x509.NewCertPool()
for _, directory := range CertDirectories {
fis, err := ioutil.ReadDir(directory)
if err != nil {
Goose.Auth.Logf(5, "Error scanning certificate directory %s: %s", directory, err)
continue
}
for _, fi := range fis {
data, err := ioutil.ReadFile(fmt.Sprintf("%s%c%s", directory, os.PathSeparator, fi.Name()))
if err != nil {
Goose.Auth.Logf(5, "Error load CA certificate from %s%c%s: %s", directory, os.PathSeparator, fi.Name(), err)
continue
}
Goose.Auth.Logf(5, "Loaded CA certificate from %s%c%s: %s", directory, os.PathSeparator, fi.Name(), err)
roots.AppendCertsFromPEM(data)
}
}
}
Goose.Auth.Logf(6, "authtype: %#v", atype)
Goose.Auth.Logf(6, "CAs: %#v", roots)
tlsConfig = &tls.Config{
ClientAuth: atype,
ClientCAs: roots,
// InsecureSkipVerify: true,
Certificates: make([]tls.Certificate, 1),
}
/*
srv.TLSConfig.Certificates[0], err = tls.LoadX509KeyPair(svc.PemPath + "/server.crt", svc.PemPath + "/server.key")
if err != nil {
Goose.InitServe.Logf(1,"Failed reading server certificates: %s",err)
return err
}
*/
tlsConfig.Certificates[0] = ck.ServerX509KeyPair
Goose.Auth.Logf(5, "X509KeyPair used: %#v", tlsConfig.Certificates[0])
tlsConfig.BuildNameToCertificate()
return tlsConfig, nil
}
示例7: NewNSQD
func NewNSQD(options *nsqdOptions) *NSQD {
var tlsConfig *tls.Config
if options.MaxDeflateLevel < 1 || options.MaxDeflateLevel > 9 {
log.Fatalf("--max-deflate-level must be [1,9]")
}
tcpAddr, err := net.ResolveTCPAddr("tcp", options.TCPAddress)
if err != nil {
log.Fatal(err)
}
httpAddr, err := net.ResolveTCPAddr("tcp", options.HTTPAddress)
if err != nil {
log.Fatal(err)
}
if options.StatsdPrefix != "" {
statsdHostKey := util.StatsdHostKey(net.JoinHostPort(options.BroadcastAddress,
strconv.Itoa(httpAddr.Port)))
prefixWithHost := strings.Replace(options.StatsdPrefix, "%s", statsdHostKey, -1)
if prefixWithHost[len(prefixWithHost)-1] != '.' {
prefixWithHost += "."
}
options.StatsdPrefix = prefixWithHost
}
if options.TLSCert != "" || options.TLSKey != "" {
cert, err := tls.LoadX509KeyPair(options.TLSCert, options.TLSKey)
if err != nil {
log.Fatalf("ERROR: failed to LoadX509KeyPair %s", err.Error())
}
tlsConfig = &tls.Config{
Certificates: []tls.Certificate{cert},
ClientAuth: tls.VerifyClientCertIfGiven,
}
tlsConfig.BuildNameToCertificate()
}
n := &NSQD{
options: options,
tcpAddr: tcpAddr,
httpAddr: httpAddr,
topicMap: make(map[string]*Topic),
idChan: make(chan nsq.MessageID, 4096),
exitChan: make(chan int),
notifyChan: make(chan interface{}),
tlsConfig: tlsConfig,
}
n.waitGroup.Wrap(func() { n.idPump() })
return n
}
示例8: httpClient
func httpClient() (client *http.Client) {
chain := rootCertificate()
config := tls.Config{}
config.RootCAs = x509.NewCertPool()
for _, cert := range chain.Certificate {
x509Cert, err := x509.ParseCertificate(cert)
if err != nil {
panic(err)
}
config.RootCAs.AddCert(x509Cert)
}
config.BuildNameToCertificate()
tr := http.Transport{TLSClientConfig: &config}
client = &http.Client{Transport: &tr}
return
}
示例9: getHttpClient
// Include our root certificate in TLS.
//
// THIS IS A MODIFICATION TO THE ORIGINAL
// VERSION OF THE SOURCE CODE.
// CHANGED ON SEPTEMBER 05, 2013
//
// This builds on the gist available at:
// https://gist.github.com/laher/5795578
// and is meant to resolve the error:
// "x509: failed to load system roots and no roots provided"
// This happens since cross-compiling disables cgo -
// however cgo is required to find system root
// certificates on darwin machines. Note that the client
// returned can only connect successfully to the
// supplied s3's region.
func getHttpClient(s3 *S3) (*http.Client, error) {
// get the pem string by running openssl. Note that the
// endpoint will only work for the regional s3 endpoint
// supplied
out, err := exec.Command("openssl", "s_client", "-showcerts", "-connect", strings.Replace(s3.Region.S3Endpoint, "https://", "", -1)+":443").Output()
if err != nil {
return nil, err
}
certInput := string(out)
// decode the pem string returned by openssl
var certChain tls.Certificate
certPEMBlock := []byte(certInput)
var certDERBlock *pem.Block
for {
certDERBlock, certPEMBlock = pem.Decode(certPEMBlock)
if certDERBlock == nil {
break
}
if certDERBlock.Type == "CERTIFICATE" {
certChain.Certificate = append(certChain.Certificate, certDERBlock.Bytes)
}
}
// inititalize our tls certificate config
conf := tls.Config{}
// we're creating a new cert pool here
// to use for TLS
conf.RootCAs = x509.NewCertPool()
for _, cert := range certChain.Certificate {
x509Cert, err := x509.ParseCertificate(cert)
if err != nil {
return nil, err
}
conf.RootCAs.AddCert(x509Cert)
}
// map certificate names to actual certificates
conf.BuildNameToCertificate()
// create a Transport which inlcudes our TLS config
tr := http.Transport{TLSClientConfig: &conf}
// add the Transport to our http client
return &http.Client{Transport: &tr}, nil
}
示例10: ListenAndServeTLSWithSNI
// ListenAndServeTLSWithSNI serves TLS with Server Name Indication (SNI) support, which allows
// multiple sites (different hostnames) to be served from the same address. This method is
// adapted directly from the std lib's net/http ListenAndServeTLS function, which was
// written by the Go Authors. It has been modified to support multiple certificate/key pairs.
func ListenAndServeTLSWithSNI(srv *http.Server, tlsConfigs []TLSConfig) error {
addr := srv.Addr
if addr == "" {
addr = ":https"
}
config := new(tls.Config)
if srv.TLSConfig != nil {
*config = *srv.TLSConfig
}
if config.NextProtos == nil {
config.NextProtos = []string{"http/1.1"}
}
// Here we diverge from the stdlib a bit by loading multiple certs/key pairs
// then we map the server names to their certs
var err error
config.Certificates = make([]tls.Certificate, len(tlsConfigs))
for i, tlsConfig := range tlsConfigs {
config.Certificates[i], err = tls.LoadX509KeyPair(tlsConfig.Certificate, tlsConfig.Key)
if err != nil {
return err
}
}
config.BuildNameToCertificate()
// Customize our TLS configuration
config.MinVersion = tlsConfigs[0].ProtocolMinVersion
config.MaxVersion = tlsConfigs[0].ProtocolMaxVersion
config.CipherSuites = tlsConfigs[0].Ciphers
config.PreferServerCipherSuites = tlsConfigs[0].PreferServerCipherSuites
// TLS client authentication, if user enabled it
err = setupClientAuth(tlsConfigs, config)
if err != nil {
return err
}
// Create listener and we're on our way
conn, err := net.Listen("tcp", addr)
if err != nil {
return err
}
tlsListener := tls.NewListener(conn, config)
return srv.Serve(tlsListener)
}
示例11: buildTLSConfig
func buildTLSConfig(opts *nsqd.Options) (*tls.Config, error) {
var tlsConfig *tls.Config
if opts.TLSCert == "" && opts.TLSKey == "" {
return nil, nil
}
tlsClientAuthPolicy := tls.VerifyClientCertIfGiven
cert, err := tls.LoadX509KeyPair(opts.TLSCert, opts.TLSKey)
if err != nil {
return nil, err
}
switch opts.TLSClientAuthPolicy {
case "require":
tlsClientAuthPolicy = tls.RequireAnyClientCert
case "require-verify":
tlsClientAuthPolicy = tls.RequireAndVerifyClientCert
default:
tlsClientAuthPolicy = tls.NoClientCert
}
tlsConfig = &tls.Config{
Certificates: []tls.Certificate{cert},
ClientAuth: tlsClientAuthPolicy,
MinVersion: opts.TLSMinVersion,
MaxVersion: tls.VersionTLS12, // enable TLS_FALLBACK_SCSV prior to Go 1.5: https://go-review.googlesource.com/#/c/1776/
}
if opts.TLSRootCAFile != "" {
tlsCertPool := x509.NewCertPool()
caCertFile, err := ioutil.ReadFile(opts.TLSRootCAFile)
if err != nil {
return nil, err
}
if !tlsCertPool.AppendCertsFromPEM(caCertFile) {
return nil, errors.New("failed to append certificate to pool")
}
tlsConfig.ClientCAs = tlsCertPool
}
tlsConfig.BuildNameToCertificate()
return tlsConfig, nil
}
示例12: buildTLSConfig
func buildTLSConfig(opts *nsqdOptions) (*tls.Config, error) {
var tlsConfig *tls.Config
if opts.TLSCert == "" && opts.TLSKey == "" {
return nil, nil
}
tlsClientAuthPolicy := tls.VerifyClientCertIfGiven
cert, err := tls.LoadX509KeyPair(opts.TLSCert, opts.TLSKey)
if err != nil {
return nil, err
}
switch opts.TLSClientAuthPolicy {
case "require":
tlsClientAuthPolicy = tls.RequireAnyClientCert
case "require-verify":
tlsClientAuthPolicy = tls.RequireAndVerifyClientCert
default:
tlsClientAuthPolicy = tls.NoClientCert
}
tlsConfig = &tls.Config{
Certificates: []tls.Certificate{cert},
ClientAuth: tlsClientAuthPolicy,
}
if opts.TLSRootCAFile != "" {
tlsCertPool := x509.NewCertPool()
ca_cert_file, err := ioutil.ReadFile(opts.TLSRootCAFile)
if err != nil {
return nil, err
}
if !tlsCertPool.AppendCertsFromPEM(ca_cert_file) {
return nil, errors.New("failed to append certificate to pool")
}
tlsConfig.ClientCAs = tlsCertPool
}
tlsConfig.BuildNameToCertificate()
return tlsConfig, nil
}
示例13: buildTLSConfig
func buildTLSConfig(options *nsqdOptions) *tls.Config {
var tlsConfig *tls.Config
if options.TLSCert == "" && options.TLSKey == "" {
return nil
}
tlsClientAuthPolicy := tls.VerifyClientCertIfGiven
cert, err := tls.LoadX509KeyPair(options.TLSCert, options.TLSKey)
if err != nil {
log.Fatalf("ERROR: failed to LoadX509KeyPair %s", err.Error())
}
switch options.TLSClientAuthPolicy {
case "require":
tlsClientAuthPolicy = tls.RequireAnyClientCert
case "require-verify":
tlsClientAuthPolicy = tls.RequireAndVerifyClientCert
default:
tlsClientAuthPolicy = tls.NoClientCert
}
tlsConfig = &tls.Config{
Certificates: []tls.Certificate{cert},
ClientAuth: tlsClientAuthPolicy,
}
if options.TLSRootCAFile != "" {
tlsCertPool := x509.NewCertPool()
ca_cert_file, err := ioutil.ReadFile(options.TLSRootCAFile)
if err != nil {
log.Fatalf("ERROR: failed to read custom Certificate Authority file %s", err.Error())
}
if !tlsCertPool.AppendCertsFromPEM(ca_cert_file) {
log.Fatalf("ERROR: failed to append certificates from Certificate Authority file")
}
tlsConfig.ClientCAs = tlsCertPool
}
tlsConfig.BuildNameToCertificate()
return tlsConfig
}
示例14: ListenAndServeTLSWithSNI
func ListenAndServeTLSWithSNI(srv *http.Server, tlsConfigs []TLSConfig) error {
addr := srv.Addr
if addr == "" {
addr = ":https"
}
config := new(tls.Config)
if srv.TLSConfig != nil {
*config = *srv.TLSConfig
}
if config.NextProtos == nil {
config.NextProtos = []string{"http/1.1"}
}
var err error
config.Certificates = make([]tls.Certificate, len(tlsConfigs))
for i, tlsConfig := range tlsConfigs {
config.Certificates[i], err = tls.LoadX509KeyPair(tlsConfig.Certificate, tlsConfig.Key)
if err != nil {
return err
}
}
config.BuildNameToCertificate()
config.MinVersion = tlsConfigs[0].ProtocolMinVersion
config.MaxVersion = tlsConfigs[0].ProtocolMaxVersion
config.CipherSuites = tlsConfigs[0].Ciphers
config.PreferServerCipherSuites = tlsConfigs[0].PreferServerCipherSuites
err = setupClientAuth(tlsConfigs, config)
if err != nil {
return err
}
conn, err := net.Listen("tcp", addr)
if err != nil {
return err
}
tlsListener := tls.NewListener(conn, config)
return srv.Serve(tlsListener)
}
示例15: httpClient
func httpClient() (client *http.Client) {
if CustomEndpoint == "" {
chain := rootCertificate()
config := tls.Config{InsecureSkipVerify: true}
config.RootCAs = x509.NewCertPool()
for _, cert := range chain.Certificate {
x509Cert, err := x509.ParseCertificate(cert)
if err != nil {
panic(err)
}
config.RootCAs.AddCert(x509Cert)
}
config.BuildNameToCertificate()
tr := http.Transport{TLSClientConfig: &config}
client = &http.Client{Transport: &tr}
} else {
client = &http.Client{}
}
return
}