nps/lib/crypt/tls.go

package crypt

import (
	"crypto/rand"
	"crypto/rsa"
	"crypto/tls"
	"crypto/x509"
	"crypto/x509/pkix"
	"encoding/pem"
	"log"
	"math/big"
	"net"
	"os"
	"time"

	"github.com/astaxie/beego/logs"
)

var (
	cert tls.Certificate
)

func InitTls() {
	c, k, err := generateKeyPair("NPS Corp,.Inc")
	if err == nil {
		cert, err = tls.X509KeyPair(c, k)
	}
	if err != nil {
		log.Fatalln("Error initializing crypto certs", err)
	}
}

func NewTlsServerConn(conn net.Conn) net.Conn {
	var err error
	if err != nil {
		logs.Error(err)
		os.Exit(0)
		return nil
	}
	config := &tls.Config{Certificates: []tls.Certificate{cert}}
	return tls.Server(conn, config)
}

func NewTlsClientConn(conn net.Conn) net.Conn {
	conf := &tls.Config{
		InsecureSkipVerify: true,
	}
	return tls.Client(conn, conf)
}

func generateKeyPair(CommonName string) (rawCert, rawKey []byte, err error) {
	// Create private key and self-signed certificate
	// Adapted from https://golang.org/src/crypto/tls/generate_cert.go

	priv, err := rsa.GenerateKey(rand.Reader, 2048)
	if err != nil {
		return
	}
	validFor := time.Hour * 24 * 365 * 10 // ten years
	notBefore := time.Now()
	notAfter := notBefore.Add(validFor)
	serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
	serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)
	template := x509.Certificate{
		SerialNumber: serialNumber,
		Subject: pkix.Name{
			Organization: []string{"My Company Name LTD."},
			CommonName:   CommonName,
			Country:      []string{"US"},
		},
		NotBefore: notBefore,
		NotAfter:  notAfter,

		KeyUsage:              x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
		ExtKeyUsage:           []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
		BasicConstraintsValid: true,
	}
	derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, &priv.PublicKey, priv)
	if err != nil {
		return
	}

	rawCert = pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: derBytes})
	rawKey = pem.EncodeToMemory(&pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(priv)})

	return
}
Port mux\| https\|tls crypt 2019-03-05 01:23:18 +00:00			`package crypt`

			`import (`
fixed typo in test.go replaced self-made http reverseproxy with a more robust and versatile one. dynamically generate cert for client-server tls encryption 2020-04-15 02:59:48 +00:00			`"crypto/rand"`
			`"crypto/rsa"`
Port mux\| https\|tls crypt 2019-03-05 01:23:18 +00:00			`"crypto/tls"`
fixed typo in test.go replaced self-made http reverseproxy with a more robust and versatile one. dynamically generate cert for client-server tls encryption 2020-04-15 02:59:48 +00:00			`"crypto/x509"`
			`"crypto/x509/pkix"`
			`"encoding/pem"`
			`"log"`
			`"math/big"`
Port mux\| https\|tls crypt 2019-03-05 01:23:18 +00:00			`"net"`
			`"os"`
fixed typo in test.go replaced self-made http reverseproxy with a more robust and versatile one. dynamically generate cert for client-server tls encryption 2020-04-15 02:59:48 +00:00			`"time"`
style: fmt 2019-08-10 03:15:25 +00:00
			`"github.com/astaxie/beego/logs"`
Port mux\| https\|tls crypt 2019-03-05 01:23:18 +00:00			`)`

fixed typo in test.go replaced self-made http reverseproxy with a more robust and versatile one. dynamically generate cert for client-server tls encryption 2020-04-15 02:59:48 +00:00			`var (`
			`cert tls.Certificate`
			`)`
Code optimization 2019-03-23 14:19:59 +00:00
fixed typo in test.go replaced self-made http reverseproxy with a more robust and versatile one. dynamically generate cert for client-server tls encryption 2020-04-15 02:59:48 +00:00			`func InitTls() {`
			`c, k, err := generateKeyPair("NPS Corp,.Inc")`
			`if err == nil {`
			`cert, err = tls.X509KeyPair(c, k)`
			`}`
			`if err != nil {`
			`log.Fatalln("Error initializing crypto certs", err)`
			`}`
Code optimization 2019-03-23 14:19:59 +00:00			`}`

Port mux\| https\|tls crypt 2019-03-05 01:23:18 +00:00			`func NewTlsServerConn(conn net.Conn) net.Conn {`
fixed typo in test.go replaced self-made http reverseproxy with a more robust and versatile one. dynamically generate cert for client-server tls encryption 2020-04-15 02:59:48 +00:00			`var err error`
Port mux\| https\|tls crypt 2019-03-05 01:23:18 +00:00			`if err != nil {`
			`logs.Error(err)`
			`os.Exit(0)`
			`return nil`
			`}`
			`config := &tls.Config{Certificates: []tls.Certificate{cert}}`
			`return tls.Server(conn, config)`
			`}`

			`func NewTlsClientConn(conn net.Conn) net.Conn {`
			`conf := &tls.Config{`
			`InsecureSkipVerify: true,`
			`}`
			`return tls.Client(conn, conf)`
			`}`
fixed typo in test.go replaced self-made http reverseproxy with a more robust and versatile one. dynamically generate cert for client-server tls encryption 2020-04-15 02:59:48 +00:00
			`func generateKeyPair(CommonName string) (rawCert, rawKey []byte, err error) {`
			`// Create private key and self-signed certificate`
			`// Adapted from https://golang.org/src/crypto/tls/generate_cert.go`

			`priv, err := rsa.GenerateKey(rand.Reader, 2048)`
			`if err != nil {`
			`return`
			`}`
			`validFor := time.Hour * 24 * 365 * 10 // ten years`
			`notBefore := time.Now()`
			`notAfter := notBefore.Add(validFor)`
			`serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)`
			`serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)`
			`template := x509.Certificate{`
			`SerialNumber: serialNumber,`
			`Subject: pkix.Name{`
			`Organization: []string{"My Company Name LTD."},`
			`CommonName: CommonName,`
			`Country: []string{"US"},`
			`},`
			`NotBefore: notBefore,`
			`NotAfter: notAfter,`

			`KeyUsage: x509.KeyUsageKeyEncipherment \| x509.KeyUsageDigitalSignature,`
			`ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},`
			`BasicConstraintsValid: true,`
			`}`
			`derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, &priv.PublicKey, priv)`
			`if err != nil {`
			`return`
			`}`

			`rawCert = pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: derBytes})`
			`rawKey = pem.EncodeToMemory(&pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(priv)})`

			`return`
			`}`