Add fasthttp.GenerateTestCertificate and use in tests

Remove ssl-cert-snakeoil so our tests don't fail in 2025.
author: Erik Dubbelboer <erik@dubbelboer.com> 2021-02-06 10:51:25 +0100
committer: Erik Dubbelboer <erik@dubbelboer.com> 2021-02-06 11:47:11 +0100
commit: fbe6a2d470ee7e1215c5efbeb1f65a5723a6e234 (patch)
tree: 3b3ec518a2dd2f973da4f5116e7f8b5e7e9d3e6c /tls.go
parent: Allow concurrent ServeTLS (diff)
download: fasthttp-fbe6a2d470ee7e1215c5efbeb1f65a5723a6e234.tar.gz
fasthttp-fbe6a2d470ee7e1215c5efbeb1f65a5723a6e234.tar.bz2
fasthttp-fbe6a2d470ee7e1215c5efbeb1f65a5723a6e234.zip
1 files changed, 60 insertions, 0 deletions
diff --git a/tls.go b/tls.go
new file mode 100644
index 0000000..08b03ce
--- /dev/null
+++ b/tls.go
@@ -0,0 +1,60 @@
+package fasthttp
+
+import (
+	"crypto/rand"
+	"crypto/rsa"
+	"crypto/x509"
+	"crypto/x509/pkix"
+	"encoding/pem"
+	"math/big"
+	"time"
+)
+
+// GenerateTestCertificate generates a test certificate and private key based on the given host.
+func GenerateTestCertificate(host string) ([]byte, []byte, error) {
+	priv, err := rsa.GenerateKey(rand.Reader, 2048)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
+	serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	cert := &x509.Certificate{
+		SerialNumber: serialNumber,
+		Subject: pkix.Name{
+			Organization: []string{"fasthttp test"},
+		},
+		NotBefore:             time.Now(),
+		NotAfter:              time.Now().Add(365 * 24 * time.Hour),
+		KeyUsage:              x509.KeyUsageCertSign | x509.KeyUsageDigitalSignature,
+		ExtKeyUsage:           []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth, x509.ExtKeyUsageClientAuth},
+		SignatureAlgorithm:    x509.SHA256WithRSA,
+		DNSNames:              []string{host},
+		BasicConstraintsValid: true,
+		IsCA:                  true,
+	}
+
+	certBytes, err := x509.CreateCertificate(
+		rand.Reader, cert, cert, &priv.PublicKey, priv,
+	)
+
+	p := pem.EncodeToMemory(
+		&pem.Block{
+			Type:  "PRIVATE KEY",
+			Bytes: x509.MarshalPKCS1PrivateKey(priv),
+		},
+	)
+
+	b := pem.EncodeToMemory(
+		&pem.Block{
+			Type:  "CERTIFICATE",
+			Bytes: certBytes,
+		},
+	)
+
+	return b, p, err
+}
author	Erik Dubbelboer <erik@dubbelboer.com>	2021-02-06 10:51:25 +0100
committer	Erik Dubbelboer <erik@dubbelboer.com>	2021-02-06 11:47:11 +0100
commit	fbe6a2d470ee7e1215c5efbeb1f65a5723a6e234 (patch)
tree	3b3ec518a2dd2f973da4f5116e7f8b5e7e9d3e6c /tls.go
parent	Allow concurrent ServeTLS (diff)
download	fasthttp-fbe6a2d470ee7e1215c5efbeb1f65a5723a6e234.tar.gz fasthttp-fbe6a2d470ee7e1215c5efbeb1f65a5723a6e234.tar.bz2 fasthttp-fbe6a2d470ee7e1215c5efbeb1f65a5723a6e234.zip