httpscerts

package module
v0.0.0-...-a2990e2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 7, 2018 License: BSD-3-Clause Imports: 15 Imported by: 8

README

https/certificates

A simple library to generate server certs and keys for HTTPS support directly within your Go program.

The code is modified from http://golang.org/src/crypto/tls/generate_cert.go.

Use this library for testing purposes only, e.g. to experiment with the built-in Go HTTPS server. Do NOT use in production!

PR for this library is https://github.com/kabukky/httpscerts and https://github.com/gerald1248/httpscerts.

Usage

package main
    
import (
    "fmt"
    "github.com/admpub/httpscerts"
    "log"
    "net/http"
)
    
func handler(w http.ResponseWriter, r *http.Request) {
    fmt.Fprintf(w, "Hi there!")
}
    
func main() {
    // Check if the cert files are available.
    err := httpscerts.Check("cert.pem", "key.pem")
    // If they are not available, generate new ones.
    if err != nil {
        err = httpscerts.Generate("cert.pem", "key.pem", "127.0.0.1:8081")
        if err != nil {
            log.Fatal("Error: Couldn't create https certs.")
        }
    }
    http.HandleFunc("/", handler)
    http.ListenAndServeTLS(":8081", "cert.pem", "key.pem", nil)
}

Alternative usage without disk access

The method httpscerts.GenerateArrays() has been added to enable use cases where writing to disk is not desirable. If the initial check fails, a tls.Certificate is populated and passed to a http.Server instance.

package main

import (
	"crypto/tls"
	"fmt"
	"github.com/admpub/httpscerts"
	"log"
	"net/http"
	"time"
)

type testHandler struct {
}

func (t *testHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
	fmt.Fprintf(w, "Hi there!")
}

func main() {
	// Check if the cert files are available.
	certFile := "cert.pem"
	keyFile := "key.pem"
	err := httpscerts.Check(certFile, keyFile)

	var handler = &testHandler{}

	// If they are not available, generate new ones.
	if err != nil {
		cert, key, err := httpscerts.GenerateArrays("127.0.0.1:8081")
		if err != nil {
			log.Fatal("Error: Couldn't create https certs.")
		}

		keyPair, err := tls.X509KeyPair(cert, key)
		if err != nil {
			log.Fatal("Error: Couldn't create key pair")
		}

		var certificates []tls.Certificate
		certificates = append(certificates, keyPair)

		cfg := &tls.Config{
			MinVersion:               tls.VersionTLS12,
			PreferServerCipherSuites: true,
			Certificates:             certificates,
		}

		s := &http.Server{
			Addr: ":8081",
			Handler:        handler,
			ReadTimeout:    10 * time.Second,
			WriteTimeout:   10 * time.Second,
			MaxHeaderBytes: 1 << 20,
			TLSConfig:      cfg,
		}
		log.Fatal(s.ListenAndServeTLS("", ""))
	}

	log.Fatal(http.ListenAndServeTLS(":8081", certFile, keyFile, handler))
}

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var DefaultConfig = Config{
	ValidFrom:  "",
	ValidFor:   365 * 24 * time.Hour,
	IsCA:       true,
	RsaBits:    2048,
	EcdsaCurve: "",
}

Functions

func Check 

func Check(certPath string, keyPath string) error

func Generate 

func Generate(c Config, certPath, keyPath string) error

func GenerateArrays 

func GenerateArrays(c Config) ([]byte, []byte, error)

generate cert and key byte arrays these can then be used to populate the server configuration in place of files on disk

func Save 

func Save(certPath, keyPath string, certArray, keyArray []byte) error

Types

type Config 

type Config struct {
	Hosts      []string
	ValidFrom  string
	ValidFor   time.Duration
	IsCA       bool
	RsaBits    int
	EcdsaCurve string
	Subject    *pkix.Name
}

func NewClassicConfig 

func NewClassicConfig(hosts ...string) Config

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.