golang.org/x/net@v0.25.1-0.20240516223405-c87a5b62e243/quic/tlsconfig_test.go (about)

     1  // Copyright 2023 The Go Authors. All rights reserved.
     2  // Use of this source code is governed by a BSD-style
     3  // license that can be found in the LICENSE file.
     4  
     5  //go:build go1.21
     6  
     7  package quic
     8  
     9  import (
    10  	"crypto/tls"
    11  	"strings"
    12  )
    13  
    14  func newTestTLSConfig(side connSide) *tls.Config {
    15  	config := &tls.Config{
    16  		InsecureSkipVerify: true,
    17  		CipherSuites: []uint16{
    18  			tls.TLS_AES_128_GCM_SHA256,
    19  			tls.TLS_AES_256_GCM_SHA384,
    20  			tls.TLS_CHACHA20_POLY1305_SHA256,
    21  		},
    22  		MinVersion: tls.VersionTLS13,
    23  	}
    24  	if side == serverSide {
    25  		config.Certificates = []tls.Certificate{testCert}
    26  	}
    27  	return config
    28  }
    29  
    30  var testCert = func() tls.Certificate {
    31  	cert, err := tls.X509KeyPair(localhostCert, localhostKey)
    32  	if err != nil {
    33  		panic(err)
    34  	}
    35  	return cert
    36  }()
    37  
    38  // localhostCert is a PEM-encoded TLS cert with SAN IPs
    39  // "127.0.0.1" and "[::1]", expiring at Jan 29 16:00:00 2084 GMT.
    40  // generated from src/crypto/tls:
    41  // go run generate_cert.go  --ecdsa-curve P256 --host 127.0.0.1,::1,example.com --ca --start-date "Jan 1 00:00:00 1970" --duration=1000000h
    42  var localhostCert = []byte(`-----BEGIN CERTIFICATE-----
    43  MIIBrDCCAVKgAwIBAgIPCvPhO+Hfv+NW76kWxULUMAoGCCqGSM49BAMCMBIxEDAO
    44  BgNVBAoTB0FjbWUgQ28wIBcNNzAwMTAxMDAwMDAwWhgPMjA4NDAxMjkxNjAwMDBa
    45  MBIxEDAOBgNVBAoTB0FjbWUgQ28wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARh
    46  WRF8p8X9scgW7JjqAwI9nYV8jtkdhqAXG9gyEgnaFNN5Ze9l3Tp1R9yCDBMNsGms
    47  PyfMPe5Jrha/LmjgR1G9o4GIMIGFMA4GA1UdDwEB/wQEAwIChDATBgNVHSUEDDAK
    48  BggrBgEFBQcDATAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSOJri/wLQxq6oC
    49  Y6ZImms/STbTljAuBgNVHREEJzAlggtleGFtcGxlLmNvbYcEfwAAAYcQAAAAAAAA
    50  AAAAAAAAAAAAATAKBggqhkjOPQQDAgNIADBFAiBUguxsW6TGhixBAdORmVNnkx40
    51  HjkKwncMSDbUaeL9jQIhAJwQ8zV9JpQvYpsiDuMmqCuW35XXil3cQ6Drz82c+fvE
    52  -----END CERTIFICATE-----`)
    53  
    54  // localhostKey is the private key for localhostCert.
    55  var localhostKey = []byte(testingKey(`-----BEGIN TESTING KEY-----
    56  MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgY1B1eL/Bbwf/MDcs
    57  rnvvWhFNr1aGmJJR59PdCN9lVVqhRANCAARhWRF8p8X9scgW7JjqAwI9nYV8jtkd
    58  hqAXG9gyEgnaFNN5Ze9l3Tp1R9yCDBMNsGmsPyfMPe5Jrha/LmjgR1G9
    59  -----END TESTING KEY-----`))
    60  
    61  // testingKey helps keep security scanners from getting excited about a private key in this file.
    62  func testingKey(s string) string { return strings.ReplaceAll(s, "TESTING KEY", "PRIVATE KEY") }