github.com/icodeface/tls@v0.0.0-20230910023335-34df9250cd12/example_test.go (about)

     1  // Copyright 2014 The Go Authors. All rights reserved.
     2  // Use of this source code is governed by a BSD-style
     3  // license that can be found in the LICENSE file.
     4  
     5  package tls_test
     6  
     7  import (
     8  	"crypto/tls"
     9  	"crypto/x509"
    10  	"log"
    11  	"net/http"
    12  	"net/http/httptest"
    13  	"os"
    14  	"time"
    15  )
    16  
    17  // zeroSource is an io.Reader that returns an unlimited number of zero bytes.
    18  type zeroSource struct{}
    19  
    20  func (zeroSource) Read(b []byte) (n int, err error) {
    21  	for i := range b {
    22  		b[i] = 0
    23  	}
    24  
    25  	return len(b), nil
    26  }
    27  
    28  func ExampleDial() {
    29  	// Connecting with a custom root-certificate set.
    30  
    31  	const rootPEM = `
    32  -----BEGIN CERTIFICATE-----
    33  MIIEBDCCAuygAwIBAgIDAjppMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT
    34  MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i
    35  YWwgQ0EwHhcNMTMwNDA1MTUxNTU1WhcNMTUwNDA0MTUxNTU1WjBJMQswCQYDVQQG
    36  EwJVUzETMBEGA1UEChMKR29vZ2xlIEluYzElMCMGA1UEAxMcR29vZ2xlIEludGVy
    37  bmV0IEF1dGhvcml0eSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
    38  AJwqBHdc2FCROgajguDYUEi8iT/xGXAaiEZ+4I/F8YnOIe5a/mENtzJEiaB0C1NP
    39  VaTOgmKV7utZX8bhBYASxF6UP7xbSDj0U/ck5vuR6RXEz/RTDfRK/J9U3n2+oGtv
    40  h8DQUB8oMANA2ghzUWx//zo8pzcGjr1LEQTrfSTe5vn8MXH7lNVg8y5Kr0LSy+rE
    41  ahqyzFPdFUuLH8gZYR/Nnag+YyuENWllhMgZxUYi+FOVvuOAShDGKuy6lyARxzmZ
    42  EASg8GF6lSWMTlJ14rbtCMoU/M4iarNOz0YDl5cDfsCx3nuvRTPPuj5xt970JSXC
    43  DTWJnZ37DhF5iR43xa+OcmkCAwEAAaOB+zCB+DAfBgNVHSMEGDAWgBTAephojYn7
    44  qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQUSt0GFhu89mi1dvWBtrtiGrpagS8wEgYD
    45  VR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAQYwOgYDVR0fBDMwMTAvoC2g
    46  K4YpaHR0cDovL2NybC5nZW90cnVzdC5jb20vY3Jscy9ndGdsb2JhbC5jcmwwPQYI
    47  KwYBBQUHAQEEMTAvMC0GCCsGAQUFBzABhiFodHRwOi8vZ3RnbG9iYWwtb2NzcC5n
    48  ZW90cnVzdC5jb20wFwYDVR0gBBAwDjAMBgorBgEEAdZ5AgUBMA0GCSqGSIb3DQEB
    49  BQUAA4IBAQA21waAESetKhSbOHezI6B1WLuxfoNCunLaHtiONgaX4PCVOzf9G0JY
    50  /iLIa704XtE7JW4S615ndkZAkNoUyHgN7ZVm2o6Gb4ChulYylYbc3GrKBIxbf/a/
    51  zG+FA1jDaFETzf3I93k9mTXwVqO94FntT0QJo544evZG0R0SnU++0ED8Vf4GXjza
    52  HFa9llF7b1cq26KqltyMdMKVvvBulRP/F/A8rLIQjcxz++iPAsbw+zOzlTvjwsto
    53  WHPbqCRiOwY1nQ2pM714A5AuTHhdUDqB1O6gyHA43LL5Z/qHQF1hwFGPa4NrzQU6
    54  yuGnBXj8ytqU0CwIPX4WecigUCAkVDNx
    55  -----END CERTIFICATE-----`
    56  
    57  	// First, create the set of root certificates. For this example we only
    58  	// have one. It's also possible to omit this in order to use the
    59  	// default root set of the current operating system.
    60  	roots := x509.NewCertPool()
    61  	ok := roots.AppendCertsFromPEM([]byte(rootPEM))
    62  	if !ok {
    63  		panic("failed to parse root certificate")
    64  	}
    65  
    66  	conn, err := tls.Dial("tcp", "mail.google.com:443", &tls.Config{
    67  		RootCAs: roots,
    68  	})
    69  	if err != nil {
    70  		panic("failed to connect: " + err.Error())
    71  	}
    72  	conn.Close()
    73  }
    74  
    75  func ExampleConfig_keyLogWriter() {
    76  	// Debugging TLS applications by decrypting a network traffic capture.
    77  
    78  	// WARNING: Use of KeyLogWriter compromises security and should only be
    79  	// used for debugging.
    80  
    81  	// Dummy test HTTP server for the example with insecure random so output is
    82  	// reproducible.
    83  	server := httptest.NewUnstartedServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {}))
    84  	server.TLS = &tls.Config{
    85  		Rand: zeroSource{}, // for example only; don't do this.
    86  	}
    87  	server.StartTLS()
    88  	defer server.Close()
    89  
    90  	// Typically the log would go to an open file:
    91  	// w, err := os.OpenFile("tls-secrets.txt", os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
    92  	w := os.Stdout
    93  
    94  	client := &http.Client{
    95  		Transport: &http.Transport{
    96  			TLSClientConfig: &tls.Config{
    97  				KeyLogWriter: w,
    98  
    99  				Rand:               zeroSource{}, // for reproducible output; don't do this.
   100  				InsecureSkipVerify: true,         // test server certificate is not trusted.
   101  			},
   102  		},
   103  	}
   104  	resp, err := client.Get(server.URL)
   105  	if err != nil {
   106  		log.Fatalf("Failed to get URL: %v", err)
   107  	}
   108  	resp.Body.Close()
   109  
   110  	// The resulting file can be used with Wireshark to decrypt the TLS
   111  	// connection by setting (Pre)-Master-Secret log filename in SSL Protocol
   112  	// preferences.
   113  }
   114  
   115  func ExampleLoadX509KeyPair() {
   116  	cert, err := tls.LoadX509KeyPair("testdata/example-cert.pem", "testdata/example-key.pem")
   117  	if err != nil {
   118  		log.Fatal(err)
   119  	}
   120  	cfg := &tls.Config{Certificates: []tls.Certificate{cert}}
   121  	listener, err := tls.Listen("tcp", ":2000", cfg)
   122  	if err != nil {
   123  		log.Fatal(err)
   124  	}
   125  	_ = listener
   126  }
   127  
   128  func ExampleX509KeyPair() {
   129  	certPem := []byte(`-----BEGIN CERTIFICATE-----
   130  MIIBhTCCASugAwIBAgIQIRi6zePL6mKjOipn+dNuaTAKBggqhkjOPQQDAjASMRAw
   131  DgYDVQQKEwdBY21lIENvMB4XDTE3MTAyMDE5NDMwNloXDTE4MTAyMDE5NDMwNlow
   132  EjEQMA4GA1UEChMHQWNtZSBDbzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABD0d
   133  7VNhbWvZLWPuj/RtHFjvtJBEwOkhbN/BnnE8rnZR8+sbwnc/KhCk3FhnpHZnQz7B
   134  5aETbbIgmuvewdjvSBSjYzBhMA4GA1UdDwEB/wQEAwICpDATBgNVHSUEDDAKBggr
   135  BgEFBQcDATAPBgNVHRMBAf8EBTADAQH/MCkGA1UdEQQiMCCCDmxvY2FsaG9zdDo1
   136  NDUzgg4xMjcuMC4wLjE6NTQ1MzAKBggqhkjOPQQDAgNIADBFAiEA2zpJEPQyz6/l
   137  Wf86aX6PepsntZv2GYlA5UpabfT2EZICICpJ5h/iI+i341gBmLiAFQOyTDT+/wQc
   138  6MF9+Yw1Yy0t
   139  -----END CERTIFICATE-----`)
   140  	keyPem := []byte(`-----BEGIN EC PRIVATE KEY-----
   141  MHcCAQEEIIrYSSNQFaA2Hwf1duRSxKtLYX5CB04fSeQ6tF1aY/PuoAoGCCqGSM49
   142  AwEHoUQDQgAEPR3tU2Fta9ktY+6P9G0cWO+0kETA6SFs38GecTyudlHz6xvCdz8q
   143  EKTcWGekdmdDPsHloRNtsiCa697B2O9IFA==
   144  -----END EC PRIVATE KEY-----`)
   145  	cert, err := tls.X509KeyPair(certPem, keyPem)
   146  	if err != nil {
   147  		log.Fatal(err)
   148  	}
   149  	cfg := &tls.Config{Certificates: []tls.Certificate{cert}}
   150  	listener, err := tls.Listen("tcp", ":2000", cfg)
   151  	if err != nil {
   152  		log.Fatal(err)
   153  	}
   154  	_ = listener
   155  }
   156  
   157  func ExampleX509KeyPair_httpServer() {
   158  	certPem := []byte(`-----BEGIN CERTIFICATE-----
   159  MIIBhTCCASugAwIBAgIQIRi6zePL6mKjOipn+dNuaTAKBggqhkjOPQQDAjASMRAw
   160  DgYDVQQKEwdBY21lIENvMB4XDTE3MTAyMDE5NDMwNloXDTE4MTAyMDE5NDMwNlow
   161  EjEQMA4GA1UEChMHQWNtZSBDbzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABD0d
   162  7VNhbWvZLWPuj/RtHFjvtJBEwOkhbN/BnnE8rnZR8+sbwnc/KhCk3FhnpHZnQz7B
   163  5aETbbIgmuvewdjvSBSjYzBhMA4GA1UdDwEB/wQEAwICpDATBgNVHSUEDDAKBggr
   164  BgEFBQcDATAPBgNVHRMBAf8EBTADAQH/MCkGA1UdEQQiMCCCDmxvY2FsaG9zdDo1
   165  NDUzgg4xMjcuMC4wLjE6NTQ1MzAKBggqhkjOPQQDAgNIADBFAiEA2zpJEPQyz6/l
   166  Wf86aX6PepsntZv2GYlA5UpabfT2EZICICpJ5h/iI+i341gBmLiAFQOyTDT+/wQc
   167  6MF9+Yw1Yy0t
   168  -----END CERTIFICATE-----`)
   169  	keyPem := []byte(`-----BEGIN EC PRIVATE KEY-----
   170  MHcCAQEEIIrYSSNQFaA2Hwf1duRSxKtLYX5CB04fSeQ6tF1aY/PuoAoGCCqGSM49
   171  AwEHoUQDQgAEPR3tU2Fta9ktY+6P9G0cWO+0kETA6SFs38GecTyudlHz6xvCdz8q
   172  EKTcWGekdmdDPsHloRNtsiCa697B2O9IFA==
   173  -----END EC PRIVATE KEY-----`)
   174  	cert, err := tls.X509KeyPair(certPem, keyPem)
   175  	if err != nil {
   176  		log.Fatal(err)
   177  	}
   178  	cfg := &tls.Config{Certificates: []tls.Certificate{cert}}
   179  	srv := &http.Server{
   180  		TLSConfig:    cfg,
   181  		ReadTimeout:  time.Minute,
   182  		WriteTimeout: time.Minute,
   183  	}
   184  	log.Fatal(srv.ListenAndServeTLS("", ""))
   185  }