github.com/cloud-foundations/dominator@v0.0.0-20221004181915-6e4fee580046/lib/net/tls/impl.go (about) 1 package tls 2 3 import ( 4 "crypto/ecdsa" 5 "crypto/elliptic" 6 "crypto/rand" 7 "crypto/tls" 8 "crypto/x509" 9 "crypto/x509/pkix" 10 "math/big" 11 "net" 12 "time" 13 ) 14 15 func newDialer(dialer Dialer, config *tls.Config) *TlsDialer { 16 if dialer == nil { 17 dialer = &net.Dialer{} 18 } 19 if config == nil { 20 config = &tls.Config{} 21 } else { 22 config = config.Clone() 23 } 24 return &TlsDialer{config, dialer} 25 } 26 27 func (d *TlsDialer) dial(network, address string) (*tls.Conn, error) { 28 if dialer, ok := d.dialer.(*net.Dialer); ok { 29 return tls.DialWithDialer(dialer, network, address, d.config) 30 } 31 rawConn, err := d.dialer.Dial(network, address) 32 if err != nil { 33 return nil, err 34 } 35 tlsConn := tls.Client(rawConn, d.config) 36 if err := tlsConn.Handshake(); err != nil { 37 rawConn.Close() 38 return nil, err 39 } 40 return tlsConn, nil 41 } 42 43 func newTestCertificate() (tls.Certificate, *x509.Certificate, error) { 44 key, err := ecdsa.GenerateKey(elliptic.P224(), rand.Reader) 45 if err != nil { 46 return tls.Certificate{}, nil, err 47 } 48 template := x509.Certificate{ 49 SerialNumber: big.NewInt(1), 50 Subject: pkix.Name{ 51 Organization: []string{"Acme Co"}, 52 }, 53 NotBefore: time.Now(), 54 NotAfter: time.Now().Add(time.Minute), 55 IPAddresses: []net.IP{net.IPv4(127, 0, 0, 1)}, 56 } 57 derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, 58 &key.PublicKey, key) 59 if err != nil { 60 return tls.Certificate{}, nil, err 61 } 62 x509Certificate, err := x509.ParseCertificate(derBytes) 63 if err != nil { 64 return tls.Certificate{}, nil, err 65 } 66 tlsCertificate := tls.Certificate{ 67 Certificate: [][]byte{x509Certificate.Raw}, 68 PrivateKey: key, 69 } 70 return tlsCertificate, x509Certificate, nil 71 }