Golang配置证书

Author: Night Scholar Date: September 25, 2021 17:41:52 Category: Go语言核心

Golang配置证书

单向认证

客户端

package main

import (
	"crypto/tls"
	"crypto/x509"
	"fmt"
	"io/ioutil"
	"log"
	"net/http"
)

func main() {
	//读取CA证书
	caCertInfo,err:=ioutil.ReadFile("server.crt")
	if err!=nil{
		log.Fatal(err)
	}
	//创建CA池
	certPool:=x509.NewCertPool()
	//把CA证书添加到CA池中
	certPool.AppendCertsFromPEM(caCertInfo)
	//将CA池配置给tls
	cfg:=tls.Config{
		RootCAs: certPool,
		InsecureSkipVerify: true,
	}
	//创建http client
	client:=http.Client{Transport: &http.Transport{TLSClientConfig: &cfg}}
	//5. client发起请求
	response,err:=client.Get("https://localhost:433")
	if err!=nil {
		log.Fatal(err)
	}
	//6. 打印返回值
	bodyInfo,err:=ioutil.ReadAll(response.Body)
	if err!=nil {
		log.Fatal(err)
	}

	defer response.Body.Close()
	fmt.Printf("body : %s\n",bodyInfo)
	fmt.Printf("response : %s\n",response.Status)
}

服务器

package main

import (
	"fmt"
	"log"
	"net/http"
)


func main() {
	//1. 创建http server
	server:=http.Server{
		Addr:              ":433",//监听端口
		Handler:           nil,//处理函数，nil时会使用默认处理函数
		TLSConfig:         nil,//单向认证填nil
	}

	//编写处理逻辑
	http.HandleFunc("/", func(writer http.ResponseWriter, request *http.Request) {
		fmt.Printf("HandleFunc called\n")
		writer.Write([]byte("hello world"))
	})

	//2. 启动http server，启动时加载自己的证书，使用TLS
	err:=server.ListenAndServeTLS("server.crt","server.key")
	if err!=nil{
		log.Fatal(err)
	}
}

双向认证

客户端

package main

import (
	"crypto/tls"
	"crypto/x509"
	"fmt"
	"io/ioutil"
	"log"
	"net/http"
)

func main() {
	//读取server证书
	caInfo,err:=ioutil.ReadFile("server.crt")
	if err!=nil{
		log.Fatal(err)
	}
	//创建CA池
	certPool:=x509.NewCertPool()
	//把CA证书添加到CA池中
	certPool.AppendCertsFromPEM(caInfo)

	//加载客户端的证书和密钥
	clientCert,err:=tls.LoadX509KeyPair("client.crt","client.key")
	if err!=nil{
		log.Fatal(err)
	}
	//配置tls
	cfg:=tls.Config{
		//CA池
		RootCAs: certPool,
		//客户端证书
		Certificates: []tls.Certificate{clientCert},
		InsecureSkipVerify: true,
	}
	//创建http client
	client:=http.Client{Transport: &http.Transport{TLSClientConfig: &cfg}}
	//client发起请求
	response,err:=client.Get("https://localhost:433")
	if err!=nil{
		log.Fatal(err)
	}
	//打印返回值
	bodyInfo,err:=ioutil.ReadAll(response.Body)
	if err!=nil {
		log.Fatal(err)
	}
	defer response.Body.Close()
	fmt.Printf("body : %s\n",bodyInfo)
	fmt.Printf("response : %s\n",response.Status)
}

服务器

package main

import (
	"crypto/tls"
	"crypto/x509"
	"fmt"
	"io/ioutil"
	"log"
	"net/http"
)

func main() {
	//读取client证书
	caInfo,err:=ioutil.ReadFile("client.crt")
	if err!=nil{
		log.Fatal(err)
	}
	//创建CA池
	certPool:=x509.NewCertPool()
	//把CA证书添加到CA池中
	certPool.AppendCertsFromPEM(caInfo)
	//将CA池配置给tls
	cfg:=tls.Config{
		ClientCAs: certPool,//客户端的CA池填充
		ClientAuth: tls.RequireAndVerifyClientCert,//设置服务器认证客户端
		InsecureSkipVerify: true,
	}
	//创建http server
	server:=http.Server{
		Addr:":433",
		Handler: nil,
		TLSConfig: &cfg,
	}

	//编写处理逻辑
	http.HandleFunc("/", func(writer http.ResponseWriter, request *http.Request) {
		fmt.Printf("ServerHttp called\n")
		writer.Write([]byte("夜行书生"))
	})

	//启动http server
	err = server.ListenAndServeTLS("server.crt","server.key")
	if err!=nil{
		log.Fatal(err)
	}
}

标签: # Go语言

back · home