• golang生成根证书,服务端证书,用于 tls

    生成根证书

    创建一个 struct 来保存私钥等信息

    type CA struct {
	key       *rsa.PrivateKey
	publicKey rsa.PublicKey
	ca        []byte
	keyPerm   []byte
	certPem   []byte
}

    生成私钥

    func (ca *CA) genPrivateKey() error {
	privateKey, err := rsa.GenerateKey(rand.Reader, 2048)
	if err != nil {
		log.Println("generate private key err:", err)
		return err
	}
	ca.key = privateKey
	ca.publicKey = privateKey.PublicKey
	return nil
}

    生成根证书

    func (ca *CA) genCertificate(serviceName string) error {
	maxInt := new(big.Int).Lsh(big.NewInt(1), 128)
	serialNumber, err := rand.Int(rand.Reader, maxInt)
	if err != nil {
		log.Fatalf("failed to generate serial number: %s", err)
		return err
	}
	template := x509.Certificate{
		SerialNumber: serialNumber,
		Subject: pkix.Name{
			Organization: []string{"ZZH Co. Ltd"},
		},
		NotBefore:             time.Now(),
		NotAfter:              time.Now().AddDate(10, 0, 0),
		KeyUsage:              x509.KeyUsageDigitalSignature | x509.KeyUsageKeyEncipherment,
		ExtKeyUsage:           []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth},
		BasicConstraintsValid: true,
		IsCA:                  true,
		DNSNames:              []string{serviceName},
	}
	ca.ca, err = x509.CreateCertificate(rand.Reader, &template, &template, &ca.publicKey, ca.key)
	if err != nil {
		return err
	}

	ca.keyPerm = pem.EncodeToMemory(&pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(ca.key)})
	ca.certPem = pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: ca.ca})
	return nil
}

    NewCA

    func NewCA(serviceName string) (*CA, error) {
	ca := &CA{}
	err := ca.genPrivateKey()
	if err != nil {
		return nil, err
	}
	err = ca.genCertificate(serviceName)
	if err != nil {
		return nil, err
	}
	return ca, nil
}

    基于根证书生成 服务器 证书

    ca, err := private_key.NewCA("example.com")
if err != nil {
    panic(err)
}
// create tls cert
serviceCert, err := tls.X509KeyPair(ca.CertPem(), ca.KeyPerm())
if err != nil {
    panic(err)
}
tlsServiceConfig := &tls.Config{
    Certificates: []tls.Certificate{
        serviceCert,
    },
}

    服务端tls监听端口

    package main

import (
	"crypto/tls"
	"fmt"
	"github.com/wanmei002/tls/private_key"
	"io"
)

func main() {
	ca, err := private_key.NewCA("example.com")
	if err != nil {
		panic(err)
	}
	// create tls cert
	serviceCert, err := tls.X509KeyPair(ca.CertPem(), ca.KeyPerm())
	if err != nil {
		panic(err)
	}
	tlsServiceConfig := &tls.Config{
		Certificates: []tls.Certificate{
			serviceCert,
		},
	}

	ln, err := tls.Listen("tcp", ":21111", tlsServiceConfig)
	if err != nil {
		panic(err)
	}

	for {
		conn, err := ln.Accept()
		if err != nil {
			panic(err)
		}
		go func() {
			defer conn.Close()
			buf := make([]byte, 1024)
			for {
				_, err := conn.Read(buf)
				if err != nil && err != io.EOF {
					panic(err)
				}
				fmt.Println(string(buf))
				_, err = conn.Write([]byte("Hello"))
				if err != nil {
					panic(err)
				}
			}
		}()
	}
}

    客户端 tls 请求

    package main

import (
	"crypto/tls"
	"fmt"
	"sync"
)

func main() {
	conn, err := tls.Dial("tcp", "127.0.0.1:21111", &tls.Config{InsecureSkipVerify: true})
	if err != nil {
		panic(err)
	}

	defer conn.Close()
	_, err = conn.Write([]byte("hello world"))
	if err != nil {
		panic(err)
	}
	wg := sync.WaitGroup{}
	wg.Add(1)
	go func() {
		defer wg.Done()
		for {
			buf := make([]byte, 1024)
			_, err = conn.Read(buf)
			if err != nil {
				panic(err)
			}
			fmt.Println(string(buf))
		}
	}()

	wg.Wait()
}

    完整代码 https://github.com/wanmei002/tls

  • 相关阅读:
    HarmonyOS列表组件
    Java 中 Comparable 接口的作用
    如何打造一个属于自己的元宇宙电商-数字藏品NFG系统?
    JavaScript:实现ExponentialSearch指数搜索算法(附完整源码)
    【SQL】Spark SQL 比较上下两条数据,多个字段多个条件,赋值一个结果字段成一个array,
    OpenAI大模型项目计划表(InsCode AI 创作助手)
    【我的Android进阶之旅】如何传递android的log日志打印方法给到底层算法c代码去调用?
    Win11(便签)便笺打开,解决登录异常,快捷键
    研究c#异步操作async await状态机的总结
    架构描述语言(ADL)
  • 原文地址:https://blog.csdn.net/wanmei002/article/details/139602762