github.com/aavshr/aws-sdk-go@v1.41.3/awstesting/custom_ca_bundle.go (about)

     1  package awstesting
     2  
     3  import (
     4  	"io/ioutil"
     5  	"net"
     6  	"net/http"
     7  	"os"
     8  	"strings"
     9  	"time"
    10  )
    11  
    12  func availableLocalAddr(ip string) (string, error) {
    13  	l, err := net.Listen("tcp", ip+":0")
    14  	if err != nil {
    15  		return "", err
    16  	}
    17  	defer l.Close()
    18  
    19  	return l.Addr().String(), nil
    20  }
    21  
    22  // CreateTLSServer will create the TLS server on an open port using the
    23  // certificate and key. The address will be returned that the server is running on.
    24  func CreateTLSServer(cert, key string, mux *http.ServeMux) (string, error) {
    25  	addr, err := availableLocalAddr("127.0.0.1")
    26  	if err != nil {
    27  		return "", err
    28  	}
    29  
    30  	if mux == nil {
    31  		mux = http.NewServeMux()
    32  		mux.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {})
    33  	}
    34  
    35  	go func() {
    36  		if err := http.ListenAndServeTLS(addr, cert, key, mux); err != nil {
    37  			panic(err)
    38  		}
    39  	}()
    40  
    41  	for i := 0; i < 60; i++ {
    42  		if _, err := http.Get("https://" + addr); err != nil && !strings.Contains(err.Error(), "connection refused") {
    43  			break
    44  		}
    45  
    46  		time.Sleep(1 * time.Second)
    47  	}
    48  
    49  	return "https://" + addr, nil
    50  }
    51  
    52  // CreateTLSBundleFiles returns the temporary filenames for the certificate
    53  // key, and CA PEM content. These files should be deleted when no longer
    54  // needed. CleanupTLSBundleFiles can be used for this cleanup.
    55  func CreateTLSBundleFiles() (cert, key, ca string, err error) {
    56  	cert, err = createTmpFile(TLSBundleCert)
    57  	if err != nil {
    58  		return "", "", "", err
    59  	}
    60  
    61  	key, err = createTmpFile(TLSBundleKey)
    62  	if err != nil {
    63  		return "", "", "", err
    64  	}
    65  
    66  	ca, err = createTmpFile(TLSBundleCA)
    67  	if err != nil {
    68  		return "", "", "", err
    69  	}
    70  
    71  	return cert, key, ca, nil
    72  }
    73  
    74  // CleanupTLSBundleFiles takes variadic list of files to be deleted.
    75  func CleanupTLSBundleFiles(files ...string) error {
    76  	for _, file := range files {
    77  		if err := os.Remove(file); err != nil {
    78  			return err
    79  		}
    80  	}
    81  
    82  	return nil
    83  }
    84  
    85  func createTmpFile(b []byte) (string, error) {
    86  	bundleFile, err := ioutil.TempFile(os.TempDir(), "aws-sdk-go-session-test")
    87  	if err != nil {
    88  		return "", err
    89  	}
    90  
    91  	_, err = bundleFile.Write(b)
    92  	if err != nil {
    93  		return "", err
    94  	}
    95  
    96  	defer bundleFile.Close()
    97  	return bundleFile.Name(), nil
    98  }
    99  
   100  /* Cert generation steps
   101  # Create the CA key
   102  openssl genrsa -des3 -out ca.key 1024
   103  
   104  # Create the CA Cert
   105  openssl req -new -sha256 -x509 -days 3650 \
   106      -subj "/C=GO/ST=Gopher/O=Testing ROOT CA" \
   107      -key ca.key -out ca.crt
   108  
   109  # Create config
   110  cat > csr_details.txt <<-EOF
   111  
   112  [req]
   113  default_bits = 1024
   114  prompt = no
   115  default_md = sha256
   116  req_extensions = SAN
   117  distinguished_name = dn
   118  
   119  [ dn ]
   120  C=GO
   121  ST=Gopher
   122  O=Testing Certificate
   123  OU=Testing IP
   124  
   125  [SAN]
   126  subjectAltName = IP:127.0.0.1
   127  EOF
   128  
   129  # Create certificate signing request
   130  openssl req -new -sha256 -nodes -newkey rsa:1024 \
   131      -config <( cat csr_details.txt ) \
   132      -keyout ia.key -out ia.csr
   133  
   134  # Create a signed certificate
   135  openssl x509 -req -days 3650 \
   136      -CAcreateserial \
   137      -extfile <( cat csr_details.txt ) \
   138      -extensions SAN \
   139      -CA ca.crt -CAkey ca.key -in ia.csr -out ia.crt
   140  
   141  # Verify
   142  openssl req -noout -text -in ia.csr
   143  openssl x509 -noout -text -in ia.crt
   144  */
   145  var (
   146  	// TLSBundleCA ca.crt
   147  	TLSBundleCA = []byte(`-----BEGIN CERTIFICATE-----
   148  MIICiTCCAfKgAwIBAgIJAJ5X1olt05XjMA0GCSqGSIb3DQEBCwUAMDgxCzAJBgNV
   149  BAYTAkdPMQ8wDQYDVQQIEwZHb3BoZXIxGDAWBgNVBAoTD1Rlc3RpbmcgUk9PVCBD
   150  QTAeFw0xNzAzMDkwMDAyMDZaFw0yNzAzMDcwMDAyMDZaMDgxCzAJBgNVBAYTAkdP
   151  MQ8wDQYDVQQIEwZHb3BoZXIxGDAWBgNVBAoTD1Rlc3RpbmcgUk9PVCBDQTCBnzAN
   152  BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAw/8DN+t9XQR60jx42rsQ2WE2Dx85rb3n
   153  GQxnKZZLNddsT8rDyxJNP18aFalbRbFlyln5fxWxZIblu9Xkm/HRhOpbSimSqo1y
   154  uDx21NVZ1YsOvXpHby71jx3gPrrhSc/t/zikhi++6D/C6m1CiIGuiJ0GBiJxtrub
   155  UBMXT0QtI2ECAwEAAaOBmjCBlzAdBgNVHQ4EFgQU8XG3X/YHBA6T04kdEkq6+4GV
   156  YykwaAYDVR0jBGEwX4AU8XG3X/YHBA6T04kdEkq6+4GVYymhPKQ6MDgxCzAJBgNV
   157  BAYTAkdPMQ8wDQYDVQQIEwZHb3BoZXIxGDAWBgNVBAoTD1Rlc3RpbmcgUk9PVCBD
   158  QYIJAJ5X1olt05XjMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADgYEAeILv
   159  z49+uxmPcfOZzonuOloRcpdvyjiXblYxbzz6ch8GsE7Q886FTZbvwbgLhzdwSVgG
   160  G8WHkodDUsymVepdqAamS3f8PdCUk8xIk9mop8LgaB9Ns0/TssxDvMr3sOD2Grb3
   161  xyWymTWMcj6uCiEBKtnUp4rPiefcvCRYZ17/hLE=
   162  -----END CERTIFICATE-----
   163  `)
   164  
   165  	// TLSBundleCert ai.crt
   166  	TLSBundleCert = []byte(`-----BEGIN CERTIFICATE-----
   167  MIICGjCCAYOgAwIBAgIJAIIu+NOoxxM0MA0GCSqGSIb3DQEBBQUAMDgxCzAJBgNV
   168  BAYTAkdPMQ8wDQYDVQQIEwZHb3BoZXIxGDAWBgNVBAoTD1Rlc3RpbmcgUk9PVCBD
   169  QTAeFw0xNzAzMDkwMDAzMTRaFw0yNzAzMDcwMDAzMTRaMFExCzAJBgNVBAYTAkdP
   170  MQ8wDQYDVQQIDAZHb3BoZXIxHDAaBgNVBAoME1Rlc3RpbmcgQ2VydGlmaWNhdGUx
   171  EzARBgNVBAsMClRlc3RpbmcgSVAwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
   172  AN1hWHeioo/nASvbrjwCQzXCiWiEzGkw353NxsAB54/NqDL3LXNATtiSJu8kJBrm
   173  Ah12IFLtWLGXjGjjYlHbQWnOR6awveeXnQZukJyRWh7m/Qlt9Ho0CgZE1U+832ac
   174  5GWVldNxW1Lz4I+W9/ehzqe8I80RS6eLEKfUFXGiW+9RAgMBAAGjEzARMA8GA1Ud
   175  EQQIMAaHBH8AAAEwDQYJKoZIhvcNAQEFBQADgYEAdF4WQHfVdPCbgv9sxgJjcR1H
   176  Hgw9rZ47gO1IiIhzglnLXQ6QuemRiHeYFg4kjcYBk1DJguxzDTGnUwhUXOibAB+S
   177  zssmrkdYYvn9aUhjc3XK3tjAoDpsPpeBeTBamuUKDHoH/dNRXxerZ8vu6uPR3Pgs
   178  5v/KCV6IAEcvNyOXMPo=
   179  -----END CERTIFICATE-----
   180  `)
   181  
   182  	// TLSBundleKey ai.key
   183  	TLSBundleKey = []byte(`-----BEGIN RSA PRIVATE KEY-----
   184  MIICXAIBAAKBgQDdYVh3oqKP5wEr2648AkM1wolohMxpMN+dzcbAAeePzagy9y1z
   185  QE7YkibvJCQa5gIddiBS7Vixl4xo42JR20FpzkemsL3nl50GbpCckVoe5v0JbfR6
   186  NAoGRNVPvN9mnORllZXTcVtS8+CPlvf3oc6nvCPNEUunixCn1BVxolvvUQIDAQAB
   187  AoGBAMISrcirddGrlLZLLrKC1ULS2T0cdkqdQtwHYn4+7S5+/z42vMx1iumHLsSk
   188  rVY7X41OWkX4trFxhvEIrc/O48bo2zw78P7flTxHy14uxXnllU8cLThE29SlUU7j
   189  AVBNxJZMsXMlS/DowwD4CjFe+x4Pu9wZcReF2Z9ntzMpySABAkEA+iWoJCPE2JpS
   190  y78q3HYYgpNY3gF3JqQ0SI/zTNkb3YyEIUffEYq0Y9pK13HjKtdsSuX4osTIhQkS
   191  +UgRp6tCAQJBAOKPYTfQ2FX8ijgUpHZRuEAVaxASAS0UATiLgzXxLvOh/VC2at5x
   192  wjOX6sD65pPz/0D8Qj52Cq6Q1TQ+377SDVECQAIy0od+yPweXxvrUjUd1JlRMjbB
   193  TIrKZqs8mKbUQapw0bh5KTy+O1elU4MRPS3jNtBxtP25PQnuSnxmZcFTgAECQFzg
   194  DiiFcsn9FuRagfkHExMiNJuH5feGxeFaP9WzI144v9GAllrOI6Bm3JNzx2ZLlg4b
   195  20Qju8lIEj6yr6JYFaECQHM1VSojGRKpOl9Ox/R4yYSA9RV5Gyn00/aJNxVYyPD5
   196  i3acL2joQm2kLD/LO8paJ4+iQdRXCOMMIpjxSNjGQjQ=
   197  -----END RSA PRIVATE KEY-----
   198  `)
   199  )