tls.go 1.4 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758
  1. package net
  2. import (
  3. "crypto/rand"
  4. "crypto/rsa"
  5. "crypto/tls"
  6. "crypto/x509"
  7. "encoding/pem"
  8. "fmt"
  9. "math/big"
  10. )
  11. type Path interface {
  12. Resolve(path string) string
  13. }
  14. func ParseCert(certificate, privateKey string, path Path) (tls.Certificate, error) {
  15. if certificate == "" && privateKey == "" {
  16. return newRandomTLSKeyPair()
  17. }
  18. cert, painTextErr := tls.X509KeyPair([]byte(certificate), []byte(privateKey))
  19. if painTextErr == nil {
  20. return cert, nil
  21. }
  22. certificate = path.Resolve(certificate)
  23. privateKey = path.Resolve(privateKey)
  24. cert, loadErr := tls.LoadX509KeyPair(certificate, privateKey)
  25. if loadErr != nil {
  26. return tls.Certificate{}, fmt.Errorf("parse certificate failed, maybe format error:%s, or path error: %s", painTextErr.Error(), loadErr.Error())
  27. }
  28. return cert, nil
  29. }
  30. func newRandomTLSKeyPair() (tls.Certificate, error) {
  31. key, err := rsa.GenerateKey(rand.Reader, 2048)
  32. if err != nil {
  33. return tls.Certificate{}, err
  34. }
  35. template := x509.Certificate{SerialNumber: big.NewInt(1)}
  36. certDER, err := x509.CreateCertificate(
  37. rand.Reader,
  38. &template,
  39. &template,
  40. &key.PublicKey,
  41. key)
  42. if err != nil {
  43. return tls.Certificate{}, err
  44. }
  45. keyPEM := pem.EncodeToMemory(&pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(key)})
  46. certPEM := pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: certDER})
  47. tlsCert, err := tls.X509KeyPair(certPEM, keyPEM)
  48. if err != nil {
  49. return tls.Certificate{}, err
  50. }
  51. return tlsCert, nil
  52. }