Create tls.go

linimbus · web-flow · commit 2c7ed9e896be · 2024-10-16T15:27:57.000+08:00
diff --git a/tls.go b/tls.go
@@ -0,0 +1,83 @@
+package main
+
+import (
+	"bytes"
+	"crypto/rand"
+	"crypto/rsa"
+	"crypto/tls"
+	"crypto/x509"
+	"crypto/x509/pkix"
+	"encoding/pem"
+	"math/big"
+	"net"
+	"time"
+)
+
+func GenerateCertificate() (tls.Certificate, error) {
+	max := new(big.Int).Lsh(big.NewInt(1), 128)
+	serialNumber, _ := rand.Int(rand.Reader, max)
+	subject := pkix.Name{
+		Organization:       []string{"TcpProxy App co."},
+		OrganizationalUnit: []string{"TcpProxy App"},
+		CommonName:         "TcpProxy App",
+	}
+
+	ipAddress := make([]net.IP, 0)
+	ipAddress = append(ipAddress, net.ParseIP("127.0.0.1"))
+
+	template := x509.Certificate{
+		SerialNumber: serialNumber,
+		Subject:      subject,
+		NotBefore:    time.Now(),
+		NotAfter:     time.Now().Add(365 * 24 * time.Hour),
+		KeyUsage:     x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
+		ExtKeyUsage:  []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
+		IPAddresses:  ipAddress,
+	}
+	pk, _ := rsa.GenerateKey(rand.Reader, 4096)
+
+	derBytes, _ := x509.CreateCertificate(rand.Reader, &template, &template, &pk.PublicKey, pk)
+
+	certOut := bytes.NewBuffer(make([]byte, 0))
+	pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes})
+
+	keyOut := bytes.NewBuffer(make([]byte, 0))
+	pem.Encode(keyOut, &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(pk)})
+
+	return tls.X509KeyPair(certOut.Bytes(), keyOut.Bytes())
+}
+
+func TlsConfigClient(servername string) (*tls.Config, error) {
+	var certs tls.Certificate
+	var err error
+
+	certs, err = GenerateCertificate()
+	if err != nil {
+		return nil, err
+	}
+
+	return &tls.Config{
+		MinVersion:         tls.VersionTLS12,
+		MaxVersion:         tls.VersionTLS13,
+		ServerName:         servername,
+		InsecureSkipVerify: true,
+		Certificates:       []tls.Certificate{certs},
+	}, nil
+}
+
+func TlsConfigServer() (*tls.Config, error) {
+	var certs tls.Certificate
+	var err error
+
+	certs, err = GenerateCertificate()
+	if err != nil {
+		return nil, err
+	}
+
+	return &tls.Config{
+		MinVersion:   tls.VersionTLS12,
+		MaxVersion:   tls.VersionTLS13,
+		Certificates: []tls.Certificate{certs},
+		ClientAuth:   tls.RequestClientCert,
+	}, nil
+}
