diff options
author | Erik Dubbelboer <erik@dubbelboer.com> | 2021-02-06 10:51:25 +0100 |
---|---|---|
committer | Erik Dubbelboer <erik@dubbelboer.com> | 2021-02-06 11:47:11 +0100 |
commit | fbe6a2d470ee7e1215c5efbeb1f65a5723a6e234 (patch) | |
tree | 3b3ec518a2dd2f973da4f5116e7f8b5e7e9d3e6c /tls.go | |
parent | Allow concurrent ServeTLS (diff) | |
download | fasthttp-fbe6a2d470ee7e1215c5efbeb1f65a5723a6e234.tar.gz fasthttp-fbe6a2d470ee7e1215c5efbeb1f65a5723a6e234.tar.bz2 fasthttp-fbe6a2d470ee7e1215c5efbeb1f65a5723a6e234.zip |
Add fasthttp.GenerateTestCertificate and use in tests
Remove ssl-cert-snakeoil so our tests don't fail in 2025.
Diffstat (limited to 'tls.go')
-rw-r--r-- | tls.go | 60 |
1 files changed, 60 insertions, 0 deletions
@@ -0,0 +1,60 @@ +package fasthttp + +import ( + "crypto/rand" + "crypto/rsa" + "crypto/x509" + "crypto/x509/pkix" + "encoding/pem" + "math/big" + "time" +) + +// GenerateTestCertificate generates a test certificate and private key based on the given host. +func GenerateTestCertificate(host string) ([]byte, []byte, error) { + priv, err := rsa.GenerateKey(rand.Reader, 2048) + if err != nil { + return nil, nil, err + } + + serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128) + serialNumber, err := rand.Int(rand.Reader, serialNumberLimit) + if err != nil { + return nil, nil, err + } + + cert := &x509.Certificate{ + SerialNumber: serialNumber, + Subject: pkix.Name{ + Organization: []string{"fasthttp test"}, + }, + NotBefore: time.Now(), + NotAfter: time.Now().Add(365 * 24 * time.Hour), + KeyUsage: x509.KeyUsageCertSign | x509.KeyUsageDigitalSignature, + ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth, x509.ExtKeyUsageClientAuth}, + SignatureAlgorithm: x509.SHA256WithRSA, + DNSNames: []string{host}, + BasicConstraintsValid: true, + IsCA: true, + } + + certBytes, err := x509.CreateCertificate( + rand.Reader, cert, cert, &priv.PublicKey, priv, + ) + + p := pem.EncodeToMemory( + &pem.Block{ + Type: "PRIVATE KEY", + Bytes: x509.MarshalPKCS1PrivateKey(priv), + }, + ) + + b := pem.EncodeToMemory( + &pem.Block{ + Type: "CERTIFICATE", + Bytes: certBytes, + }, + ) + + return b, p, err +} |