github.com/gofiber/fiber/v2@v2.47.0/internal/tlstest/tls.go (about) 1 package tlstest 2 3 import ( 4 "bytes" 5 "crypto/rand" 6 "crypto/rsa" 7 "crypto/tls" 8 "crypto/x509" 9 "crypto/x509/pkix" 10 "encoding/pem" 11 "math/big" 12 "net" 13 "time" 14 ) 15 16 func GetTLSConfigs() (serverTLSConf, clientTLSConf *tls.Config, err error) { 17 // set up our CA certificate 18 ca := &x509.Certificate{ 19 SerialNumber: big.NewInt(2021), 20 Subject: pkix.Name{ 21 Organization: []string{"Fiber"}, 22 Country: []string{"NL"}, 23 Province: []string{""}, 24 Locality: []string{"Amsterdam"}, 25 StreetAddress: []string{"Huidenstraat"}, 26 PostalCode: []string{"1011 AA"}, 27 }, 28 NotBefore: time.Now(), 29 NotAfter: time.Now().AddDate(10, 0, 0), 30 IsCA: true, 31 ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth}, 32 KeyUsage: x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign, 33 BasicConstraintsValid: true, 34 } 35 36 // create our private and public key 37 caPrivateKey, err := rsa.GenerateKey(rand.Reader, 4096) 38 if err != nil { 39 return nil, nil, err 40 } 41 42 // create the CA 43 caBytes, err := x509.CreateCertificate(rand.Reader, ca, ca, &caPrivateKey.PublicKey, caPrivateKey) 44 if err != nil { 45 return nil, nil, err 46 } 47 48 // pem encode 49 var caPEM bytes.Buffer 50 _ = pem.Encode(&caPEM, &pem.Block{ 51 Type: "CERTIFICATE", 52 Bytes: caBytes, 53 }) 54 55 var caPrivKeyPEM bytes.Buffer 56 _ = pem.Encode(&caPrivKeyPEM, &pem.Block{ 57 Type: "RSA PRIVATE KEY", 58 Bytes: x509.MarshalPKCS1PrivateKey(caPrivateKey), 59 }) 60 61 // set up our server certificate 62 cert := &x509.Certificate{ 63 SerialNumber: big.NewInt(2021), 64 Subject: pkix.Name{ 65 Organization: []string{"Fiber"}, 66 Country: []string{"NL"}, 67 Province: []string{""}, 68 Locality: []string{"Amsterdam"}, 69 StreetAddress: []string{"Huidenstraat"}, 70 PostalCode: []string{"1011 AA"}, 71 }, 72 IPAddresses: []net.IP{net.IPv4(127, 0, 0, 1), net.IPv6loopback}, 73 NotBefore: time.Now(), 74 NotAfter: time.Now().AddDate(10, 0, 0), 75 SubjectKeyId: []byte{1, 2, 3, 4, 6}, 76 ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth}, 77 KeyUsage: x509.KeyUsageDigitalSignature, 78 } 79 80 certPrivateKey, err := rsa.GenerateKey(rand.Reader, 4096) 81 if err != nil { 82 return nil, nil, err 83 } 84 85 certBytes, err := x509.CreateCertificate(rand.Reader, cert, ca, &certPrivateKey.PublicKey, caPrivateKey) 86 if err != nil { 87 return nil, nil, err 88 } 89 90 var certPEM bytes.Buffer 91 _ = pem.Encode(&certPEM, &pem.Block{ 92 Type: "CERTIFICATE", 93 Bytes: certBytes, 94 }) 95 96 var certPrivateKeyPEM bytes.Buffer 97 _ = pem.Encode(&certPrivateKeyPEM, &pem.Block{ 98 Type: "RSA PRIVATE KEY", 99 Bytes: x509.MarshalPKCS1PrivateKey(certPrivateKey), 100 }) 101 102 serverCert, err := tls.X509KeyPair(certPEM.Bytes(), certPrivateKeyPEM.Bytes()) 103 if err != nil { 104 return nil, nil, err 105 } 106 107 serverTLSConf = &tls.Config{ 108 Certificates: []tls.Certificate{serverCert}, 109 } 110 111 certPool := x509.NewCertPool() 112 certPool.AppendCertsFromPEM(caPEM.Bytes()) 113 clientTLSConf = &tls.Config{ 114 RootCAs: certPool, 115 } 116 117 return serverTLSConf, clientTLSConf, nil 118 }