英文:
How to use a certificate from a certificate store and run TLS in gin framework in go?
问题
我的当前应用程序使用TLS启动了一个Go Gin Web服务器,并从本地文件系统加载证书和密钥。我想要从证书存储中加载这些文件,或者我想要将证书和私钥作为字节数组传递,而不是文件路径。
package main
import (
"crypto/tls"
"crypto/x509"
"io/ioutil"
"log"
"github.com/gin-gonic/gin"
)
func main() {
g := gin.Default()
g.GET("/hello/:name", func(c *gin.Context) {
c.String(200, "Hello %s", c.Param("name"))
})
// 从证书文件加载证书和密钥
cert, err := tls.LoadX509KeyPair("./certs/server.crt", "./certs/server.key")
if err != nil {
log.Fatal(err)
}
// 创建一个空的证书池
caCertPool := x509.NewCertPool()
// 从证书文件加载根证书
caCert, err := ioutil.ReadFile("./certs/ca.crt")
if err != nil {
log.Fatal(err)
}
// 将根证书添加到证书池
caCertPool.AppendCertsFromPEM(caCert)
// 创建一个自定义的TLS配置
tlsConfig := &tls.Config{
Certificates: []tls.Certificate{cert},
RootCAs: caCertPool,
}
// 将自定义的TLS配置应用到服务器
server := &http.Server{
Addr: ":3000",
TLSConfig: tlsConfig,
}
// 启动服务器
err = server.ListenAndServeTLS("", "")
if err != nil {
log.Fatal(err)
}
}
请注意,上述代码假设您的证书和密钥文件位于"./certs"目录下,并且您还有一个名为"ca.crt"的根证书文件。您需要根据实际情况修改文件路径和文件名。
英文:
My current application starts a Go Gin web server using TLS and loads the cert and key from a local file system. I want to load these files from a cert store or I want to pass the certificate and private key as byte array instead of file path.
package main
import (
"github.com/gin-gonic/gin"
)
func main() {
g := gin.Default()
g.GET("/hello/:name", func(c *gin.Context) {
c.String(200, "Hello %s", c.Param("name"))
})
g.RunTLS(":3000", "./certs/server.crt", "./certs/server.key")
}
答案1
得分: 7
我可以在持续调试后解决这个问题。
以下是代码的翻译:
cert := &x509.Certificate{
SerialNumber: big.NewInt(1658),
Subject: pkix.Name{
Organization: []string{"ORGANIZATION_NAME"},
Country: []string{"COUNTRY_CODE"},
Province: []string{"PROVINCE"},
Locality: []string{"CITY"},
StreetAddress: []string{"ADDRESS"},
PostalCode: []string{"POSTAL_CODE"},
},
NotBefore: time.Now(),
NotAfter: time.Now().AddDate(10, 0, 0),
SubjectKeyId: []byte{1, 2, 3, 4, 6},
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth},
KeyUsage: x509.KeyUsageDigitalSignature,
}
priv, _ := rsa.GenerateKey(rand.Reader, 2048)
pub := &priv.PublicKey
// 签署证书
certificate, _ := x509.CreateCertificate(rand.Reader, cert, cert, pub, priv)
certBytes := pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: certificate})
keyBytes := pem.EncodeToMemory(&pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(priv)})
// 从 pem 编码的证书和密钥 ([]byte) 生成密钥对。
x509Cert, _ := tls.X509KeyPair(certBytes, keyBytes)
tlsConfig := &tls.Config{
Certificates: []tls.Certificate{x509Cert},
}
server := http.Server{Addr: ":3000", Handler: router, TLSConfig: tlsConfig}
glog.Fatal(server.ListenAndServeTLS("", ""))
希望对你有帮助!
英文:
I could solve the problem after continuous debug.
Here is the code for it
cert := &x509.Certificate{
SerialNumber: big.NewInt(1658),
Subject: pkix.Name{
Organization: []string{"ORGANIZATION_NAME"},
Country: []string{"COUNTRY_CODE"},
Province: []string{"PROVINCE"},
Locality: []string{"CITY"},
StreetAddress: []string{"ADDRESS"},
PostalCode: []string{"POSTAL_CODE"},
},
NotBefore: time.Now(),
NotAfter: time.Now().AddDate(10, 0, 0),
SubjectKeyId: []byte{1, 2, 3, 4, 6},
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth},
KeyUsage: x509.KeyUsageDigitalSignature,
}
priv, _ := rsa.GenerateKey(rand.Reader, 2048)
pub := &priv.PublicKey
// Sign the certificate
certificate, _ := x509.CreateCertificate(rand.Reader, cert, cert, pub, priv)
certBytes := pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: certificate})
keyBytes := pem.EncodeToMemory(&pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(priv)})
// Generate a key pair from your pem-encoded cert and key ([]byte).
x509Cert, _ := tls.X509KeyPair(certBytes, keyBytes)
tlsConfig := &tls.Config{
Certificates: []tls.Certificate{x509Cert}}
server := http.Server{Addr: ":3000", Handler: router, TLSConfig: tlsConfig}
glog.Fatal(server.ListenAndServeTLS("",""))
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论