欢迎来到尧图网

客户服务 关于我们

您的位置:首页 > 科技 > IT业 > golang生成根证书,服务端证书,用于 tls

golang生成根证书,服务端证书,用于 tls

2024/10/25 1:21:17 来源:https://blog.csdn.net/wanmei002/article/details/139602762  浏览:    关键词:golang生成根证书,服务端证书,用于 tls

生成根证书

创建一个 struct 来保存私钥等信息

type CA struct {key       *rsa.PrivateKeypublicKey rsa.PublicKeyca        []bytekeyPerm   []bytecertPem   []byte
}

生成私钥

func (ca *CA) genPrivateKey() error {privateKey, err := rsa.GenerateKey(rand.Reader, 2048)if err != nil {log.Println("generate private key err:", err)return err}ca.key = privateKeyca.publicKey = privateKey.PublicKeyreturn nil
}

生成根证书

func (ca *CA) genCertificate(serviceName string) error {maxInt := new(big.Int).Lsh(big.NewInt(1), 128)serialNumber, err := rand.Int(rand.Reader, maxInt)if err != nil {log.Fatalf("failed to generate serial number: %s", err)return err}template := x509.Certificate{SerialNumber: serialNumber,Subject: pkix.Name{Organization: []string{"ZZH Co. Ltd"},},NotBefore:             time.Now(),NotAfter:              time.Now().AddDate(10, 0, 0),KeyUsage:              x509.KeyUsageDigitalSignature | x509.KeyUsageKeyEncipherment,ExtKeyUsage:           []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth},BasicConstraintsValid: true,IsCA:                  true,DNSNames:              []string{serviceName},}ca.ca, err = x509.CreateCertificate(rand.Reader, &template, &template, &ca.publicKey, ca.key)if err != nil {return err}ca.keyPerm = pem.EncodeToMemory(&pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(ca.key)})ca.certPem = pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: ca.ca})return nil
}

NewCA

func NewCA(serviceName string) (*CA, error) {ca := &CA{}err := ca.genPrivateKey()if err != nil {return nil, err}err = ca.genCertificate(serviceName)if err != nil {return nil, err}return ca, nil
}

基于根证书生成 服务器 证书

ca, err := private_key.NewCA("example.com")
if err != nil {panic(err)
}
// create tls cert
serviceCert, err := tls.X509KeyPair(ca.CertPem(), ca.KeyPerm())
if err != nil {panic(err)
}
tlsServiceConfig := &tls.Config{Certificates: []tls.Certificate{serviceCert,},
}

服务端tls监听端口

package mainimport ("crypto/tls""fmt""github.com/wanmei002/tls/private_key""io"
)func main() {ca, err := private_key.NewCA("example.com")if err != nil {panic(err)}// create tls certserviceCert, err := tls.X509KeyPair(ca.CertPem(), ca.KeyPerm())if err != nil {panic(err)}tlsServiceConfig := &tls.Config{Certificates: []tls.Certificate{serviceCert,},}ln, err := tls.Listen("tcp", ":21111", tlsServiceConfig)if err != nil {panic(err)}for {conn, err := ln.Accept()if err != nil {panic(err)}go func() {defer conn.Close()buf := make([]byte, 1024)for {_, err := conn.Read(buf)if err != nil && err != io.EOF {panic(err)}fmt.Println(string(buf))_, err = conn.Write([]byte("Hello"))if err != nil {panic(err)}}}()}
}

客户端 tls 请求

package mainimport ("crypto/tls""fmt""sync"
)func main() {conn, err := tls.Dial("tcp", "127.0.0.1:21111", &tls.Config{InsecureSkipVerify: true})if err != nil {panic(err)}defer conn.Close()_, err = conn.Write([]byte("hello world"))if err != nil {panic(err)}wg := sync.WaitGroup{}wg.Add(1)go func() {defer wg.Done()for {buf := make([]byte, 1024)_, err = conn.Read(buf)if err != nil {panic(err)}fmt.Println(string(buf))}}()wg.Wait()
}

完整代码 https://github.com/wanmei002/tls

版权声明:

本网仅为发布的内容提供存储空间,不对发表、转载的内容提供任何形式的保证。凡本网注明“来源:XXX网络”的作品,均转载自其它媒体,著作权归作者所有,商业转载请联系作者获得授权,非商业转载请注明出处。

我们尊重并感谢每一位作者,均已注明文章来源和作者。如因作品内容、版权或其它问题,请及时与我们联系,联系邮箱:809451989@qq.com,投稿邮箱:809451989@qq.com

相关资讯

热文排行

最新新闻

推荐新闻

热搜词

WPF+MVVM案例实战-设备状态LED灯变化实现 数组的【合并区间】问题具体思路(附完整代码) 热销王西圣H1头戴式耳机—全平台售罄断货:揭秘抢购潮究其原因? Java笔试07 java小游戏实战-星空大战(接口、继承、多态等多种方法) 「C/C++」C++ STL容器库 之 std::map 键值对的集合容器