mustcert

package
v0.5.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 8, 2025 License: BSD-3-Clause Imports: 11 Imported by: 0

README

mustcert

mustcert is a package that creates certificates for testing TLS.

Documentation

Full documentation is available on godoc.

Documentation

Overview

Package mustcert generates certificates for TLS testing

Example

This example uses mustcert to create certificates, start a TLS server, and a client to talk to it. 

ca := CA("root", nil)
serverCert := Leaf("localhost", ca)
clientCert := Leaf("client", ca)

// Create the TLS Test Server
server := httptest.NewUnstartedServer(http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
	if _, err := w.Write([]byte("hello, world!")); err != nil {
		fmt.Println(err)
	}
}))

rootCAs := Pool(ca.TLS())
server.TLS = &tls.Config{
	ClientAuth:   tls.RequireAndVerifyClientCert,
	Certificates: []tls.Certificate{*serverCert.TLS()},
	RootCAs:      rootCAs,
	ClientCAs:    rootCAs,
}
server.StartTLS()
defer server.Close()

// Create the Client configuration
cert, err := tls.X509KeyPair([]byte(clientCert.CertPEM()), []byte(clientCert.KeyPEM()))
if err != nil {
	fmt.Println(err)
}
caCertPool := Pool(ca.TLS())
config := &tls.Config{
	Certificates:       []tls.Certificate{cert},
	RootCAs:            caCertPool,
	InsecureSkipVerify: true,
}

// Create the HTTP Client
client := &http.Client{
	Transport: &http.Transport{
		TLSClientConfig: config,
	},
}

// Make a client request to the HTTP Server
resp, err := client.Get(server.URL)
if err != nil {
	fmt.Println(err)
}
defer resp.Body.Close()

bodyBytes, err := io.ReadAll(resp.Body)
if err != nil {
	fmt.Println(err)
}
bodyString := string(bodyBytes)
fmt.Println(bodyString)

Output:

hello, world!

Index

Examples

Constants

This section is empty.

Variables

This section is empty.

Functions

func Pool 

func Pool(certs ...*tls.Certificate) *x509.CertPool

Pool is a set of x509 certificates.

Types

type Cert 

type Cert tls.Certificate

Cert is an alias for tls.Certificate with extra helper methods.

func CA 

func CA(commonName string, parent *Cert) *Cert

CA generates a new certificate that can sign leaf & intermediary certificates. The certificate is self-signed if parent is nil.

func Leaf 

func Leaf(commonName string, parent *Cert, opts ...func(*x509.Certificate)) *Cert

Leaf generates a new leaf certificate. The certificate is self-signed if parent is nil. If opts are provided, they are invoked on the certificate before it's signed

func (*Cert) CertMap 

func (c *Cert) CertMap() map[string]string

CertMap is a map holding the PEM encoded cert & key.

func (*Cert) CertPEM 

func (c *Cert) CertPEM() string

CertPEM is the PEM encoded x509 certificate data.

func (*Cert) KeyPEM 

func (c *Cert) KeyPEM() string

KeyPEM is the PEM encoded private key data.

func (*Cert) Sign 

func (c *Cert) Sign(child *Cert) *Cert

Sign returns a new Cert with an additional signature signed by c.

func (*Cert) TLS 

func (c *Cert) TLS() *tls.Certificate

TLS returns c as a *tls.Certificate.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.