kris
/
th5
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Alternative TLS implementation in Go
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
564 Commits
3 Branches
2.6 MiB
 
 
Tree: 9fe6933c1f
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '9fe6933c1f'
${ noResults }
th5/example_test.go.TEMPORARILY...

236 lines
8.4 KiB
Raw Blame History 

  1. // Copyright 2014 The Go Authors. All rights reserved.

  2. // Use of this source code is governed by a BSD-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. package trs_test

  6. 

  7. import (

  8. 	"crypto/tls"

  9. 	"crypto/x509"

  10. 	"log"

  11. 	"net/http"

  12. 	"net/http/httptest"

  13. 	"os"

  14. 	"time"

  15. )

  16. 

  17. // zeroSource is an io.Reader that returns an unlimited number of zero bytes.

  18. type zeroSource struct{}

  19. 

  20. func (zeroSource) Read(b []byte) (n int, err error) {

  21. 	for i := range b {

  22. 		b[i] = 0

  23. 	}

  24. 

  25. 	return len(b), nil

  26. }

  27. 

  28. func ExampleDial() {

  29. 	// Connecting with a custom root-certificate set.

  30. 

  31. 	const rootPEM = `

  32. -----BEGIN CERTIFICATE-----

  33. MIIEBDCCAuygAwIBAgIDAjppMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT

  34. MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i

  35. YWwgQ0EwHhcNMTMwNDA1MTUxNTU1WhcNMTUwNDA0MTUxNTU1WjBJMQswCQYDVQQG

  36. EwJVUzETMBEGA1UEChMKR29vZ2xlIEluYzElMCMGA1UEAxMcR29vZ2xlIEludGVy

  37. bmV0IEF1dGhvcml0eSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB

  38. AJwqBHdc2FCROgajguDYUEi8iT/xGXAaiEZ+4I/F8YnOIe5a/mENtzJEiaB0C1NP

  39. VaTOgmKV7utZX8bhBYASxF6UP7xbSDj0U/ck5vuR6RXEz/RTDfRK/J9U3n2+oGtv

  40. h8DQUB8oMANA2ghzUWx//zo8pzcGjr1LEQTrfSTe5vn8MXH7lNVg8y5Kr0LSy+rE

  41. ahqyzFPdFUuLH8gZYR/Nnag+YyuENWllhMgZxUYi+FOVvuOAShDGKuy6lyARxzmZ

  42. EASg8GF6lSWMTlJ14rbtCMoU/M4iarNOz0YDl5cDfsCx3nuvRTPPuj5xt970JSXC

  43. DTWJnZ37DhF5iR43xa+OcmkCAwEAAaOB+zCB+DAfBgNVHSMEGDAWgBTAephojYn7

  44. qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQUSt0GFhu89mi1dvWBtrtiGrpagS8wEgYD

  45. VR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAQYwOgYDVR0fBDMwMTAvoC2g

  46. K4YpaHR0cDovL2NybC5nZW90cnVzdC5jb20vY3Jscy9ndGdsb2JhbC5jcmwwPQYI

  47. KwYBBQUHAQEEMTAvMC0GCCsGAQUFBzABhiFodHRwOi8vZ3RnbG9iYWwtb2NzcC5n

  48. ZW90cnVzdC5jb20wFwYDVR0gBBAwDjAMBgorBgEEAdZ5AgUBMA0GCSqGSIb3DQEB

  49. BQUAA4IBAQA21waAESetKhSbOHezI6B1WLuxfoNCunLaHtiONgaX4PCVOzf9G0JY

  50. /iLIa704XtE7JW4S615ndkZAkNoUyHgN7ZVm2o6Gb4ChulYylYbc3GrKBIxbf/a/

  51. zG+FA1jDaFETzf3I93k9mTXwVqO94FntT0QJo544evZG0R0SnU++0ED8Vf4GXjza

  52. HFa9llF7b1cq26KqltyMdMKVvvBulRP/F/A8rLIQjcxz++iPAsbw+zOzlTvjwsto

  53. WHPbqCRiOwY1nQ2pM714A5AuTHhdUDqB1O6gyHA43LL5Z/qHQF1hwFGPa4NrzQU6

  54. yuGnBXj8ytqU0CwIPX4WecigUCAkVDNx

  55. -----END CERTIFICATE-----`

  56. 

  57. 	// First, create the set of root certificates. For this example we only

  58. 	// have one. It's also possible to omit this in order to use the

  59. 	// default root set of the current operating system.

  60. 	roots := x509.NewCertPool()

  61. 	ok := roots.AppendCertsFromPEM([]byte(rootPEM))

  62. 	if !ok {

  63. 		panic("failed to parse root certificate")

  64. 	}

  65. 

  66. 	conn, err := tls.Dial("tcp", "mail.google.com:443", &tls.Config{

  67. 		RootCAs: roots,

  68. 	})

  69. 	if err != nil {

  70. 		panic("failed to connect: " + err.Error())

  71. 	}

  72. 	conn.Close()

  73. }

  74. 

  75. func ExampleConfig_keyLogWriter_TLS12() {

  76. 	// Debugging TLS applications by decrypting a network traffic capture.

  77. 

  78. 	// WARNING: Use of KeyLogWriter compromises security and should only be

  79. 	// used for debugging.

  80. 

  81. 	// Dummy test HTTP server for the example with insecure random so output is

  82. 	// reproducible.

  83. 	server := httptest.NewUnstartedServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {}))

  84. 	server.TLS = &tls.Config{

  85. 		Rand:       zeroSource{}, // for example only; don't do this.

  86. 		MaxVersion: tls.VersionTLS12,

  87. 	}

  88. 	server.StartTLS()

  89. 	defer server.Close()

  90. 

  91. 	// Typically the log would go to an open file:

  92. 	// w, err := os.OpenFile("tls-secrets.txt", os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)

  93. 	w := os.Stdout

  94. 

  95. 	client := &http.Client{

  96. 		Transport: &http.Transport{

  97. 			TLSClientConfig: &tls.Config{

  98. 				KeyLogWriter: w,

  99. 

  100. 				Rand:               zeroSource{}, // for reproducible output; don't do this.

  101. 				InsecureSkipVerify: true,         // test server certificate is not trusted.

  102. 			},

  103. 		},

  104. 	}

  105. 	resp, err := client.Get(server.URL)

  106. 	if err != nil {

  107. 		log.Fatalf("Failed to get URL: %v", err)

  108. 	}

  109. 	resp.Body.Close()

  110. 

  111. 	// The resulting file can be used with Wireshark to decrypt the TLS

  112. 	// connection by setting (Pre)-Master-Secret log filename in SSL Protocol

  113. 	// preferences.

  114. 

  115. 	// Output:

  116. 	// CLIENT_RANDOM 0000000000000000000000000000000000000000000000000000000000000000 baca0df460a688e44ce018b025183cc2353ae01f89755ef766eedd3ecc302888ee3b3a22962e45f48c20df15a98c0e80

  117. }

  118. 

  119. func ExampleConfig_keyLogWriter_TLS13() {

  120. 	// Debugging TLS applications by decrypting a network traffic capture.

  121. 

  122. 	// WARNING: Use of KeyLogWriter compromises security and should only be

  123. 	// used for debugging.

  124. 

  125. 	// Dummy test HTTP server for the example with insecure random so output is

  126. 	// reproducible.

  127. 	server := httptest.NewUnstartedServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {}))

  128. 	server.TLS = &tls.Config{

  129. 		Rand: zeroSource{}, // for example only; don't do this.

  130. 	}

  131. 	server.StartTLS()

  132. 	defer server.Close()

  133. 

  134. 	// Typically the log would go to an open file:

  135. 	// w, err := os.OpenFile("tls-secrets.txt", os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)

  136. 	w := os.Stdout

  137. 

  138. 	client := &http.Client{

  139. 		Transport: &http.Transport{

  140. 			TLSClientConfig: &tls.Config{

  141. 				KeyLogWriter: w,

  142. 

  143. 				Rand:               zeroSource{}, // for reproducible output; don't do this.

  144. 				InsecureSkipVerify: true,         // test server certificate is not trusted.

  145. 			},

  146. 		},

  147. 	}

  148. 	resp, err := client.Get(server.URL)

  149. 	if err != nil {

  150. 		log.Fatalf("Failed to get URL: %v", err)

  151. 	}

  152. 	resp.Body.Close()

  153. 

  154. 	// The resulting file can be used with Wireshark to decrypt the TLS

  155. 	// connection by setting (Pre)-Master-Secret log filename in SSL Protocol

  156. 	// preferences.

  157. 

  158. 	// Output:

  159. 	// CLIENT_HANDSHAKE_TRAFFIC_SECRET 0000000000000000000000000000000000000000000000000000000000000000 b946c84f46f53bd410368a1fd7d53873e74bedd53b4b1a4b125be40c8b0510a1

  160. 	// SERVER_HANDSHAKE_TRAFFIC_SECRET 0000000000000000000000000000000000000000000000000000000000000000 b6c44e95e34cb2616ff2e9a1163577aa1aa5cb3af8df16d0fdbbbaf15f415c8e

  161. 	// SERVER_TRAFFIC_SECRET_0 0000000000000000000000000000000000000000000000000000000000000000 cbecc42509a124ae517f6c9aaae1961d755ab4268548b40b0c7840a9643240e8

  162. 	// CLIENT_TRAFFIC_SECRET_0 0000000000000000000000000000000000000000000000000000000000000000 8f6dd1476706ea8147d829347937694496a7d62d6d01de0a1b4820140d01cad0

  163. }

  164. 

  165. func ExampleLoadX509KeyPair() {

  166. 	cert, err := tls.LoadX509KeyPair("testdata/example-cert.pem", "testdata/example-key.pem")

  167. 	if err != nil {

  168. 		log.Fatal(err)

  169. 	}

  170. 	cfg := &tls.Config{Certificates: []tls.Certificate{cert}}

  171. 	listener, err := tls.Listen("tcp", ":2000", cfg)

  172. 	if err != nil {

  173. 		log.Fatal(err)

  174. 	}

  175. 	_ = listener

  176. }

  177. 

  178. func ExampleX509KeyPair() {

  179. 	certPem := []byte(`-----BEGIN CERTIFICATE-----

  180. MIIBhTCCASugAwIBAgIQIRi6zePL6mKjOipn+dNuaTAKBggqhkjOPQQDAjASMRAw

  181. DgYDVQQKEwdBY21lIENvMB4XDTE3MTAyMDE5NDMwNloXDTE4MTAyMDE5NDMwNlow

  182. EjEQMA4GA1UEChMHQWNtZSBDbzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABD0d

  183. 7VNhbWvZLWPuj/RtHFjvtJBEwOkhbN/BnnE8rnZR8+sbwnc/KhCk3FhnpHZnQz7B

  184. 5aETbbIgmuvewdjvSBSjYzBhMA4GA1UdDwEB/wQEAwICpDATBgNVHSUEDDAKBggr

  185. BgEFBQcDATAPBgNVHRMBAf8EBTADAQH/MCkGA1UdEQQiMCCCDmxvY2FsaG9zdDo1

  186. NDUzgg4xMjcuMC4wLjE6NTQ1MzAKBggqhkjOPQQDAgNIADBFAiEA2zpJEPQyz6/l

  187. Wf86aX6PepsntZv2GYlA5UpabfT2EZICICpJ5h/iI+i341gBmLiAFQOyTDT+/wQc

  188. 6MF9+Yw1Yy0t

  189. -----END CERTIFICATE-----`)

  190. 	keyPem := []byte(`-----BEGIN EC PRIVATE KEY-----

  191. MHcCAQEEIIrYSSNQFaA2Hwf1duRSxKtLYX5CB04fSeQ6tF1aY/PuoAoGCCqGSM49

  192. AwEHoUQDQgAEPR3tU2Fta9ktY+6P9G0cWO+0kETA6SFs38GecTyudlHz6xvCdz8q

  193. EKTcWGekdmdDPsHloRNtsiCa697B2O9IFA==

  194. -----END EC PRIVATE KEY-----`)

  195. 	cert, err := tls.X509KeyPair(certPem, keyPem)

  196. 	if err != nil {

  197. 		log.Fatal(err)

  198. 	}

  199. 	cfg := &tls.Config{Certificates: []tls.Certificate{cert}}

  200. 	listener, err := tls.Listen("tcp", ":2000", cfg)

  201. 	if err != nil {

  202. 		log.Fatal(err)

  203. 	}

  204. 	_ = listener

  205. }

  206. 

  207. func ExampleX509KeyPair_httpServer() {

  208. 	certPem := []byte(`-----BEGIN CERTIFICATE-----

  209. MIIBhTCCASugAwIBAgIQIRi6zePL6mKjOipn+dNuaTAKBggqhkjOPQQDAjASMRAw

  210. DgYDVQQKEwdBY21lIENvMB4XDTE3MTAyMDE5NDMwNloXDTE4MTAyMDE5NDMwNlow

  211. EjEQMA4GA1UEChMHQWNtZSBDbzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABD0d

  212. 7VNhbWvZLWPuj/RtHFjvtJBEwOkhbN/BnnE8rnZR8+sbwnc/KhCk3FhnpHZnQz7B

  213. 5aETbbIgmuvewdjvSBSjYzBhMA4GA1UdDwEB/wQEAwICpDATBgNVHSUEDDAKBggr

  214. BgEFBQcDATAPBgNVHRMBAf8EBTADAQH/MCkGA1UdEQQiMCCCDmxvY2FsaG9zdDo1

  215. NDUzgg4xMjcuMC4wLjE6NTQ1MzAKBggqhkjOPQQDAgNIADBFAiEA2zpJEPQyz6/l

  216. Wf86aX6PepsntZv2GYlA5UpabfT2EZICICpJ5h/iI+i341gBmLiAFQOyTDT+/wQc

  217. 6MF9+Yw1Yy0t

  218. -----END CERTIFICATE-----`)

  219. 	keyPem := []byte(`-----BEGIN EC PRIVATE KEY-----

  220. MHcCAQEEIIrYSSNQFaA2Hwf1duRSxKtLYX5CB04fSeQ6tF1aY/PuoAoGCCqGSM49

  221. AwEHoUQDQgAEPR3tU2Fta9ktY+6P9G0cWO+0kETA6SFs38GecTyudlHz6xvCdz8q

  222. EKTcWGekdmdDPsHloRNtsiCa697B2O9IFA==

  223. -----END EC PRIVATE KEY-----`)

  224. 	cert, err := tls.X509KeyPair(certPem, keyPem)

  225. 	if err != nil {

  226. 		log.Fatal(err)

  227. 	}

  228. 	cfg := &tls.Config{Certificates: []tls.Certificate{cert}}

  229. 	srv := &http.Server{

  230. 		TLSConfig:    cfg,

  231. 		ReadTimeout:  time.Minute,

  232. 		WriteTimeout: time.Minute,

  233. 	}

  234. 	log.Fatal(srv.ListenAndServeTLS("", ""))

  235. }