生成tls证书 Golang的tls例子

2016-09-23 10:54  2264人阅读  评论 (0)

生成根证书和服务器签名

hosts

将server.com和client.com加入到hosts

生成root密钥

openssl genrsa -out ca.key 2048

生成root签名

openssl req -new -x509 -sha256 -key ca.key -days 3650 -out ca.crt -subj "/CN=dotcoo.com"

生成server密钥

openssl genrsa -out server.key 2048

生成server签名请求

openssl req -new -sha256 -key server.key -subj "/CN=server.com" -out server.csr

给server签名

openssl x509 -req -sha256 -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 3650

查询状态

openssl x509 -in ./server.crt -noout -text

参考地址

http://www.cnblogs.com/Goden/p/4639672.html https://jamielinux.com/docs/openssl-certificate-authority/create-the-root-pair.html

https

将根证书添加到本地

https.go

package main

import (
    "io"
    "log"
    "net/http"
)

// hello dotcoo, the web server
func HelloServer(w http.ResponseWriter, req *http.Request) {
    io.WriteString(w, "hello, dotcoo!\n")
}

func main() {
    log.SetFlags(log.LstdFlags | log.Lshortfile)
    log.Println("https://server.com:12345/hello")
    http.HandleFunc("/hello", HelloServer)
    log.Fatal(http.ListenAndServeTLS(":12345", "server.crt", "server.key", nil))
}

socket

socket_server.go

package main

import (
    "bufio"
    "crypto/tls"
    "io"
    "log"
    "net"
)

func main() {
    log.SetFlags(log.LstdFlags | log.Lshortfile)

    certFile := "server.crt"
    keyFile := "server.key"

    cert, err := tls.LoadX509KeyPair(certFile, keyFile)
    if err != nil {
        panic(err)
    }

    config := new(tls.Config)
    config.Certificates = []tls.Certificate{cert}

    ln, err := tls.Listen("tcp", ":8100", config)
    if err != nil {
        panic(err)
    }

    log.Println("127.0.0.1:8100")

    for {
        conn, err := ln.Accept()
        if err != nil {
            log.Println(err)
            continue
        }
        go service(conn)
    }
}

func service(conn net.Conn) {
    defer conn.Close()
    r := bufio.NewReader(conn)
    for {
        line, _, err := r.ReadLine()
        if err == io.EOF {
            return
        }
        if err != nil {
            log.Println(err)
            return
        }
        n, err := conn.Write(line)
        if err != nil {
            log.Println(n, err)
            return
        }
    }
}

socket_client.go

package main

import (
    "crypto/tls"
    "crypto/x509"
    "io"
    "io/ioutil"
    "log"
    "time"
)

func main() {
    log.SetFlags(log.LstdFlags | log.Lshortfile)

    pemPath := "ca.crt"

    config := new(tls.Config)

    certs := x509.NewCertPool()
    pemData, err := ioutil.ReadFile(pemPath)
    if err != nil {
        panic(err)
    }
    certs.AppendCertsFromPEM(pemData)
    config.RootCAs = certs

    conn, err := tls.Dial("tcp", "server.com:8100", config)
    if err != nil {
        panic(err)
    }
    defer conn.Close()

    buf := make([]byte, 1024)
    for {
        n, err := io.WriteString(conn, time.Now().Format("2006-01-02 15:04:05\r\n"))
        if err != nil {
            log.Println(n, err)
            break
        }

        n, err = conn.Read(buf)
        if err != nil {
            log.Println(n, err)
            break
        }

        log.Println(string(buf[:n]))

        time.Sleep(1 * time.Second)
    }
}

starttls

starttls_server.go

package main

import (
    "bufio"
    "crypto/tls"
    "io"
    "log"
    "net"
)

func main() {
    log.SetFlags(log.LstdFlags | log.Lshortfile)

    ln, err := net.Listen("tcp", ":8100")
    if err != nil {
        panic(err)
    }

    log.Println("127.0.0.1:8100")

    for {
        conn, err := ln.Accept()
        if err != nil {
            log.Println(err)
            continue
        }
        go service(conn)
    }
}

func service(conn net.Conn) {
    certFile := "server.crt"
    keyFile := "server.key"

    cert, err := tls.LoadX509KeyPair(certFile, keyFile)
    if err != nil {
        panic(err)
    }

    config := new(tls.Config)
    config.Certificates = []tls.Certificate{cert}

    defer conn.Close()
    r := bufio.NewReader(conn)
    for {
        line, _, err := r.ReadLine()
        if err == io.EOF {
            return
        }
        if err != nil {
            log.Println(err)
            return
        }

        n, err := conn.Write(line)
        if err != nil {
            log.Println(n, err)
            return
        }

        if string(line) == "starttls" {
            conn = tls.Server(conn, config)
            r = bufio.NewReader(conn)
        }
    }
}

starttls_client.go

package main

import (
    "crypto/tls"
    "crypto/x509"
    "io"
    "io/ioutil"
    "log"
    "net"
    "time"
)

func main() {
    log.SetFlags(log.LstdFlags | log.Lshortfile)

    pemPath := "ca.crt"

    config := new(tls.Config)

    certs := x509.NewCertPool()
    pemData, err := ioutil.ReadFile(pemPath)
    if err != nil {
        panic(err)
    }
    certs.AppendCertsFromPEM(pemData)
    config.RootCAs = certs
    config.ServerName = "server.com"

    conn, err := net.Dial("tcp", "server.com:8100")
    if err != nil {
        panic(err)
    }
    defer conn.Close()

    buf := make([]byte, 1024)
    for i := 0; i < 100; i++ {
        data := time.Now().Format("2006-01-02 15:04:05\r\n")
        if i == 10 {
            data = "starttls\r\n"
        }

        n, err := io.WriteString(conn, data)
        if err != nil {
            log.Println(n, err)
            break
        }

        n, err = conn.Read(buf)
        if err != nil {
            log.Println(n, err)
            break
        }

        log.Println(string(buf[:n]))

        if data == "starttls\r\n" {
            conn = tls.Client(conn, config)
        }

        time.Sleep(1 * time.Second)
    }
}