本文整理汇总了Golang中crypto/tls.Config.Certificates方法的典型用法代码示例。如果您正苦于以下问题:Golang Config.Certificates方法的具体用法?Golang Config.Certificates怎么用?Golang Config.Certificates使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类crypto/tls.Config
的用法示例。
在下文中一共展示了Config.Certificates方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Golang代码示例。
示例1: TestTLSConnection
func TestTLSConnection(t *testing.T) {
reactor := NewReactor()
client := reactor.CreateServer("local")
initialiseServerConnection(client)
// generate a test certificate to use
priv, _ := ecdsa.GenerateKey(elliptic.P521(), rand.Reader)
duration30Days, _ := time.ParseDuration("-30h")
notBefore := time.Now().Add(duration30Days) // valid 30 hours ago
duration1Year, _ := time.ParseDuration("90h")
notAfter := notBefore.Add(duration1Year) // for 90 hours
serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
serialNumber, _ := rand.Int(rand.Reader, serialNumberLimit)
template := x509.Certificate{
SerialNumber: serialNumber,
Subject: pkix.Name{
Organization: []string{"gIRC-Go Co"},
},
NotBefore: notBefore,
NotAfter: notAfter,
KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
BasicConstraintsValid: true,
IsCA: true,
}
template.IPAddresses = append(template.IPAddresses, net.ParseIP("127.0.0.1"))
template.IPAddresses = append(template.IPAddresses, net.ParseIP("::"))
template.DNSNames = append(template.DNSNames, "localhost")
derBytes, _ := x509.CreateCertificate(rand.Reader, &template, &template, &priv.PublicKey, priv)
c := pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: derBytes})
b, _ := x509.MarshalECPrivateKey(priv)
k := pem.EncodeToMemory(&pem.Block{Type: "EC PRIVATE KEY", Bytes: b})
// we mock up a server connection to test the client
listenerKeyPair, _ := tls.X509KeyPair(c, k)
var listenerTLSConfig tls.Config
listenerTLSConfig.Certificates = make([]tls.Certificate, 0)
listenerTLSConfig.Certificates = append(listenerTLSConfig.Certificates, listenerKeyPair)
listener, _ := tls.Listen("tcp", ":0", &listenerTLSConfig)
// mock up the client side too
clientTLSCertPool := x509.NewCertPool()
clientTLSCertPool.AppendCertsFromPEM(c)
var clientTLSConfig tls.Config
clientTLSConfig.RootCAs = clientTLSCertPool
clientTLSConfig.ServerName = "localhost"
go client.Connect(listener.Addr().String(), true, &clientTLSConfig)
go client.ReceiveLoop()
testServerConnection(t, reactor, client, listener)
}
示例2: NewClient
// NewClient returns a new docker test client.
func NewClient() (
cli *client.DockerCli, stdout *io.PipeReader, stdoutPipe *io.PipeWriter) {
proto, addr, _ := DockerHost()
stdout, stdoutPipe = io.Pipe()
dockerCertPath := os.Getenv("DOCKER_CERT_PATH")
// Boot2docker use TLS per default, Jenkins not
if dockerCertPath != "" {
var (
tlsConfig tls.Config
)
tlsConfig.InsecureSkipVerify = true
flCert := filepath.Join(dockerCertPath, defaultCertFile)
flKey := filepath.Join(dockerCertPath, defaultKeyFile)
_, errCert := os.Stat(flCert)
_, errKey := os.Stat(flKey)
if errCert == nil && errKey == nil {
cert, err := tls.LoadX509KeyPair(flCert, flKey)
if err != nil {
log.Fatalf("Couldn't load X509 key pair: %s. Key encrypted?", err)
}
tlsConfig.Certificates = []tls.Certificate{cert}
}
// Avoid fallback to SSL protocols < TLS1.0
tlsConfig.MinVersion = tls.VersionTLS10
cli = client.NewDockerCli(nil, stdoutPipe, nil, nil, proto, addr, &tlsConfig)
} else {
cli = client.NewDockerCli(nil, stdoutPipe, nil, nil, proto, addr, nil)
}
return
}
示例3: getTLSConfig
func getTLSConfig(clientCertPEMData, clientKeyPEMData []byte) (*tls.Config, error) {
certPool := x509.NewCertPool()
certChainPath := os.Getenv("ORCHARD_HOST_CA")
if certChainPath != "" {
certChainData, err := ioutil.ReadFile(certChainPath)
if err != nil {
return nil, err
}
certPool.AppendCertsFromPEM(certChainData)
} else {
certPool.AppendCertsFromPEM([]byte(orchardCerts))
}
clientCert, err := tls.X509KeyPair(clientCertPEMData, clientKeyPEMData)
if err != nil {
return nil, err
}
config := new(tls.Config)
config.RootCAs = certPool
config.Certificates = []tls.Certificate{clientCert}
config.BuildNameToCertificate()
return config, nil
}
示例4: SecureServe
// SecureListen obtains a listener that accepts
// secure connections
func SecureServe(addr string, certFile, keyFile, caFile string) {
config := tls.Config{}
// load the server cert / key
cert, err := tls.LoadX509KeyPair(certFile, keyFile)
if err != nil {
log.Fatalf("%s", err)
}
config.Certificates = []tls.Certificate{cert}
// load the ca if necessary
// FIXME(alainjobart) this doesn't quite work yet, have
// to investigate
if caFile != "" {
config.ClientCAs = x509.NewCertPool()
pemCerts, err := ioutil.ReadFile(caFile)
if err != nil {
log.Fatalf("%s", err)
}
if !config.ClientCAs.AppendCertsFromPEM(pemCerts) {
log.Fatalf("%s", err)
}
config.ClientAuth = tls.RequireAndVerifyClientCert
}
l, err := tls.Listen("tcp", addr, &config)
if err != nil {
log.Fatalf("%s", err)
}
throttled := NewThrottledListener(l, *secureThrottle, *secureMaxBuffer)
cl := proc.Published(throttled, "SecureConnections", "SecureAccepts")
go http.Serve(cl, nil)
}
示例5: runServer
func runServer(transportFactory thrift.TTransportFactory, protocolFactory thrift.TProtocolFactory, addr string, secure bool) error {
var transport thrift.TServerTransport
var err error
if secure {
cfg := new(tls.Config)
if cert, err := tls.LoadX509KeyPair("server.crt", "server.key"); err == nil {
cfg.Certificates = append(cfg.Certificates, cert)
} else {
return err
}
transport, err = thrift.NewTSSLServerSocket(addr, cfg)
} else {
transport, err = thrift.NewTServerSocket(addr)
}
if err != nil {
return err
}
fmt.Printf("%T\n", transport)
handler := NewCalculatorHandler()
processor := tutorial.NewCalculatorProcessor(handler)
server := thrift.NewTSimpleServer4(processor, transport, transportFactory, protocolFactory)
fmt.Println("Starting the simple server... on ", addr)
return server.Serve()
}
示例6: ClientConfig
// Generates a tls.Config object for a client from the given files.
func (info TLSInfo) ClientConfig() (*tls.Config, error) {
var cfg tls.Config
if info.KeyFile == "" || info.CertFile == "" {
return &cfg, nil
}
tlsCert, err := tls.LoadX509KeyPair(info.CertFile, info.KeyFile)
if err != nil {
return nil, err
}
cfg.Certificates = []tls.Certificate{tlsCert}
if info.CAFile != "" {
cp, err := newCertPool(info.CAFile)
if err != nil {
return nil, err
}
cfg.RootCAs = cp
}
return &cfg, nil
}
示例7: Dial
// Makes an outgoing connection using that protocol type to the given node ID.
// Returns a non-nil error if it is unable to connect.
// Panics if it is called with protocol set to CLIENT_PROTOCOL.
func Dial(protocol int, id uint16) (*BaseConn, error) {
log.Print("dialing node ", id)
if protocol == CLIENT_PROTOCOL {
panic("tried to make outgoing client protocol connection")
}
ip := config.NodeIP(id)
ipStr := ip.String()
port := getProtocolPort(protocol)
portStr := strconv.FormatInt(int64(port), 10)
tlsConfig := new(tls.Config)
tlsConfig.Certificates = []tls.Certificate{*config.Certificate()}
tlsConfig.RootCAs = config.NodeCertPool(id)
// We rely on the receiving node to do TLS authentication for now.
// This is safe because it verifies our identity for us.
// Backwards to the usual arrangement but should be secure.
tlsConfig.InsecureSkipVerify = true
tlsConn, err := tls.Dial("tcp", ipStr+":"+portStr, tlsConfig)
if err != nil {
log.Print(err)
return nil, err
}
return newBaseConn(tlsConn), nil
}
示例8: getTLSConfig
func (host *Host) getTLSConfig() (*tls.Config, error) {
var tlsConfig tls.Config
if !host.TLS {
return nil, nil
}
tlsConfig.InsecureSkipVerify = !host.TLSVerify
if host.TLSVerify {
certPool := x509.NewCertPool()
file, err := ioutil.ReadFile(host.TLSCaCert)
if err != nil {
return nil, err
}
certPool.AppendCertsFromPEM(file)
tlsConfig.RootCAs = certPool
}
cert, err := tls.LoadX509KeyPair(host.TLSCert, host.TLSKey)
if err != nil {
return nil, err
}
tlsConfig.Certificates = []tls.Certificate{cert}
tlsConfig.MinVersion = tls.VersionTLS10
return &tlsConfig, nil
}
示例9: tlsListener
func (s *Server) tlsListener(listener net.Listener) net.Listener {
fkey, err := os.Open(s.TLSKey)
if err != nil {
log.Fatal(s, "can't open ssl.key: ", err)
}
defer fkey.Close()
fcrt, err := os.Open(s.TLSCert)
if err != nil {
log.Fatal(s, "can't open ssl.crt: ", err)
}
defer fcrt.Close()
key, err := ioutil.ReadAll(fkey)
if err != nil {
log.Fatal(s, "can't read ssl.key: ", err)
}
crt, err := ioutil.ReadAll(fcrt)
if err != nil {
log.Fatal(s, "can't read ssl.crt: ", err)
}
sslCert, err := tls.X509KeyPair(crt, key)
if err != nil {
log.Fatal(s, "X509KeyPair: ", err)
}
TLS := new(tls.Config)
TLS.Certificates = []tls.Certificate{sslCert}
return tls.NewListener(listener, TLS)
}
示例10: startServer
//run starts the webserver
func (v *Vault) startServer() error {
glog.Infof("Starting local server\n")
router := gin.New()
//TODO initialize configurations, correct middlewares, https/http
router.Use(ginglog.Logger(5)) //5 seconds
router.Use(gin.Recovery())
//setting up https by default
var tlsConfig = tls.Config{}
keypair, err := tls.LoadX509KeyPair(v.config["tlsCertfilePath"], v.config["tlsKeyfilePath"])
if err != nil {
fmt.Printf("ERR: Could not load X509 KeyPair, caused by: %s\n", err)
os.Exit(1) //exit explicitely as we choose a fail fast approach
}
tlsConfig.Certificates = []tls.Certificate{keypair}
tlsConfig.NextProtos = []string{"http/1.1"}
tlsConfig.Rand = rand.Reader
router.GET("/secret/:appID", v.getSecret)
serve := &http.Server{
Addr: fmt.Sprintf(":%s", v.config["serverPort"]),
Handler: router,
TLSConfig: &tlsConfig,
}
err = serve.ListenAndServe()
if err != nil {
glog.Errorf("Cannot start server for Cubbyhole tokens distribution\n")
}
return err
}
示例11: getTlsConfig
func getTlsConfig(endpointOpts EndpointOptions) (*tls.Config, error) {
var tlsConfig *tls.Config
if endpointOpts.TLS {
tlsConfig = &tls.Config{
InsecureSkipVerify: !endpointOpts.TLSVerify,
}
if endpointOpts.tlsCert() != "" && endpointOpts.tlsKey() != "" {
cert, err := tls.LoadX509KeyPair(endpointOpts.tlsCert(), endpointOpts.tlsKey())
if err != nil {
return nil, err
}
tlsConfig.Certificates = []tls.Certificate{cert}
}
// Load CA cert
if endpointOpts.tlsCaCert() != "" {
caCert, err := ioutil.ReadFile(endpointOpts.tlsCaCert())
if err != nil {
return nil, err
}
caCertPool := x509.NewCertPool()
caCertPool.AppendCertsFromPEM(caCert)
tlsConfig.RootCAs = caCertPool
}
}
return tlsConfig, nil
}
示例12: getTLSConfig
func getTLSConfig() (*tls.Config, error) {
// TLS config
var tlsConfig tls.Config
tlsConfig.InsecureSkipVerify = true
certPool := x509.NewCertPool()
file, err := ioutil.ReadFile(config.CACertificate)
if err != nil {
return nil, err
}
certPool.AppendCertsFromPEM(file)
tlsConfig.RootCAs = certPool
_, errCert := os.Stat(config.SSLCertificate)
_, errKey := os.Stat(config.SSLKey)
if errCert == nil && errKey == nil {
cert, err := tls.LoadX509KeyPair(config.SSLCertificate, config.SSLKey)
if err != nil {
return &tlsConfig, err
}
tlsConfig.Certificates = []tls.Certificate{cert}
}
return &tlsConfig, nil
}
示例13: Present
// Present makes the keyAuth available as a cert
func (s *TLSProviderServer) Present(domain, token, keyAuth string) error {
if s.port == "" {
s.port = "443"
}
cert, _, err := TLSSNI01ChallengeCert(keyAuth)
if err != nil {
return err
}
tlsConf := new(tls.Config)
tlsConf.Certificates = []tls.Certificate{cert}
s.listener, err = tls.Listen("tcp", net.JoinHostPort(s.iface, s.port), tlsConf)
if err != nil {
return fmt.Errorf("Could not start HTTPS server for challenge -> %v", err)
}
s.done = make(chan bool)
go func() {
http.Serve(s.listener, nil)
s.done <- true
}()
return nil
}
示例14: getTlsConfig
func getTlsConfig(verify bool, cert, key, ca string) (*tls.Config, error) {
var config tls.Config
config.InsecureSkipVerify = true
if verify {
certPool := x509.NewCertPool()
file, err := ioutil.ReadFile(ca)
if err != nil {
return nil, err
}
certPool.AppendCertsFromPEM(file)
config.RootCAs = certPool
config.InsecureSkipVerify = false
}
_, errCert := os.Stat(cert)
_, errKey := os.Stat(key)
if errCert == nil || errKey == nil {
tlsCert, err := tls.LoadX509KeyPair(cert, key)
if err != nil {
return nil, fmt.Errorf("Couldn't load X509 key pair: %v. Key encrpyted?\n", err)
}
config.Certificates = []tls.Certificate{tlsCert}
}
config.MinVersion = tls.VersionTLS10
return &config, nil
}
示例15: newH2Transport
func (client *Client) newH2Transport() http.RoundTripper {
tlsConfig := tls.Config{
InsecureSkipVerify: os.Getenv("TEST_MODE") == "1",
}
if client.ServerUrl.Scheme == "tcp" {
// 1. LoadClientCert
cert, err := tls.LoadX509KeyPair("client.crt", "client.key")
if err != nil {
log.WithError(err).Fatal("loading server certificate")
}
// 2. LoadCACert
caCert, err := ioutil.ReadFile("chain.pem")
if err != nil {
log.WithError(err).Fatal("loading CA certificate")
}
caPool := x509.NewCertPool()
caPool.AppendCertsFromPEM(caCert)
tlsConfig.RootCAs = caPool
tlsConfig.Certificates = []tls.Certificate{cert}
}
return &http2.Transport{
TLSClientConfig: &tlsConfig,
DialTLS: client.DialProxyTLS,
}
}