Skip to content

Commit

Permalink
Add fasthttp.GenerateTestCertificate and use in tests
Browse files Browse the repository at this point in the history
Remove ssl-cert-snakeoil so our tests don't fail in 2025.
  • Loading branch information
erikdubbelboer committed Feb 6, 2021
1 parent 838d3ab commit 057b6d7
Show file tree
Hide file tree
Showing 7 changed files with 96 additions and 132 deletions.
28 changes: 18 additions & 10 deletions client_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -449,12 +449,16 @@ func testClientRedirectListener(t *testing.T, isTLS bool) net.Listener {
var tlsConfig *tls.Config

if isTLS {
certFile := "./ssl-cert-snakeoil.pem"
keyFile := "./ssl-cert-snakeoil.key"
cert, err1 := tls.LoadX509KeyPair(certFile, keyFile)
if err1 != nil {
t.Fatalf("Cannot load TLS certificate: %s", err1)
certData, keyData, err := GenerateTestCertificate("localhost")
if err != nil {
t.Fatal(err)
}

cert, kerr := tls.X509KeyPair(certData, keyData)
if kerr != nil {
t.Fatal(kerr)
}

tlsConfig = &tls.Config{
Certificates: []tls.Certificate{cert},
}
Expand Down Expand Up @@ -2251,12 +2255,16 @@ func startEchoServerExt(t *testing.T, network, addr string, isTLS bool) *testEch
var ln net.Listener
var err error
if isTLS {
certFile := "./ssl-cert-snakeoil.pem"
keyFile := "./ssl-cert-snakeoil.key"
cert, err1 := tls.LoadX509KeyPair(certFile, keyFile)
if err1 != nil {
t.Fatalf("Cannot load TLS certificate: %s", err1)
certData, keyData, err := GenerateTestCertificate("localhost")
if err != nil {
t.Fatal(err)
}

cert, kerr := tls.X509KeyPair(certData, keyData)
if kerr != nil {
t.Fatal(kerr)
}

tlsConfig := &tls.Config{
Certificates: []tls.Certificate{cert},
}
Expand Down
4 changes: 2 additions & 2 deletions examples/fileserver/fileserver.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,11 +17,11 @@ var (
addr = flag.String("addr", "localhost:8080", "TCP address to listen to")
addrTLS = flag.String("addrTLS", "", "TCP address to listen to TLS (aka SSL or HTTPS) requests. Leave empty for disabling TLS")
byteRange = flag.Bool("byteRange", false, "Enables byte range requests if set to true")
certFile = flag.String("certFile", "./ssl-cert-snakeoil.pem", "Path to TLS certificate file")
certFile = flag.String("certFile", "./ssl-cert.pem", "Path to TLS certificate file")
compress = flag.Bool("compress", false, "Enables transparent response compression if set to true")
dir = flag.String("dir", "/usr/share/nginx/html", "Directory to serve static files from")
generateIndexPages = flag.Bool("generateIndexPages", true, "Whether to generate directory index pages")
keyFile = flag.String("keyFile", "./ssl-cert-snakeoil.key", "Path to TLS key file")
keyFile = flag.String("keyFile", "./ssl-cert.key", "Path to TLS key file")
vhost = flag.Bool("vhost", false, "Enables virtual hosting by prepending the requested path with the requested hostname")
)

Expand Down
60 changes: 2 additions & 58 deletions examples/multidomain/multidomain.go
Original file line number Diff line number Diff line change
@@ -1,14 +1,7 @@
package main

import (
"crypto/rand"
"crypto/rsa"
"crypto/x509"
"crypto/x509/pkix"
"encoding/pem"
"fmt"
"math/big"
"time"

"github.com/valyala/fasthttp"
)
Expand Down Expand Up @@ -39,7 +32,7 @@ func main() {
}

// preparing first host
cert, priv, err := GenerateCert("localhost:8080")
cert, priv, err := fasthttp.GenerateTestCertificate("localhost:8080")
if err != nil {
panic(err)
}
Expand All @@ -53,7 +46,7 @@ func main() {
}

// preparing second host
cert, priv, err = GenerateCert("127.0.0.1")
cert, priv, err = fasthttp.GenerateTestCertificate("127.0.0.1")
if err != nil {
panic(err)
}
Expand All @@ -68,52 +61,3 @@ func main() {

fmt.Println(server.ListenAndServeTLS(":8080", "", ""))
}

// GenerateCert generates certificate and private key based on the given host.
func GenerateCert(host string) ([]byte, []byte, error) {
priv, err := rsa.GenerateKey(rand.Reader, 2048)
if err != nil {
return nil, nil, err
}

serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)
if err != nil {
return nil, nil, err
}

cert := &x509.Certificate{
SerialNumber: serialNumber,
Subject: pkix.Name{
Organization: []string{"I have your data"},
},
NotBefore: time.Now(),
NotAfter: time.Now().Add(365 * 24 * time.Hour),
KeyUsage: x509.KeyUsageCertSign | x509.KeyUsageDigitalSignature,
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth, x509.ExtKeyUsageClientAuth},
SignatureAlgorithm: x509.SHA256WithRSA,
DNSNames: []string{host},
BasicConstraintsValid: true,
IsCA: true,
}

certBytes, err := x509.CreateCertificate(
rand.Reader, cert, cert, &priv.PublicKey, priv,
)

p := pem.EncodeToMemory(
&pem.Block{
Type: "PRIVATE KEY",
Bytes: x509.MarshalPKCS1PrivateKey(priv),
},
)

b := pem.EncodeToMemory(
&pem.Block{
Type: "CERTIFICATE",
Bytes: certBytes,
},
)

return b, p, err
}
31 changes: 14 additions & 17 deletions server_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -898,16 +898,18 @@ func TestServerTLS(t *testing.T) {
text := []byte("Make fasthttp great again")
ln := fasthttputil.NewInmemoryListener()

certFile := "./ssl-cert-snakeoil.pem"
keyFile := "./ssl-cert-snakeoil.key"

s := &Server{
Handler: func(ctx *RequestCtx) {
ctx.Write(text) //nolint:errcheck
},
}

err := s.AppendCert(certFile, keyFile)
certData, keyData, err := GenerateTestCertificate("localhost")
if err != nil {
t.Fatal(err)
}

err = s.AppendCertEmbed(certData, keyData)
if err != nil {
t.Fatal(err)
}
Expand Down Expand Up @@ -945,17 +947,19 @@ func TestServerTLSReadTimeout(t *testing.T) {

ln := fasthttputil.NewInmemoryListener()

certFile := "./ssl-cert-snakeoil.pem"
keyFile := "./ssl-cert-snakeoil.key"

s := &Server{
ReadTimeout: time.Millisecond * 100,
Logger: &testLogger{}, // Ignore log output.
Handler: func(ctx *RequestCtx) {
},
}

err := s.AppendCert(certFile, keyFile)
certData, keyData, err := GenerateTestCertificate("localhost")
if err != nil {
t.Fatal(err)
}

err = s.AppendCertEmbed(certData, keyData)
if err != nil {
t.Fatal(err)
}
Expand Down Expand Up @@ -995,16 +999,9 @@ func TestServerServeTLSEmbed(t *testing.T) {

ln := fasthttputil.NewInmemoryListener()

certFile := "./ssl-cert-snakeoil.pem"
keyFile := "./ssl-cert-snakeoil.key"

certData, err := ioutil.ReadFile(certFile)
certData, keyData, err := GenerateTestCertificate("localhost")
if err != nil {
t.Fatalf("unexpected error when reading %q: %s", certFile, err)
}
keyData, err := ioutil.ReadFile(keyFile)
if err != nil {
t.Fatalf("unexpected error when reading %q: %s", keyFile, err)
t.Fatal(err)
}

// start the server
Expand Down
28 changes: 0 additions & 28 deletions ssl-cert-snakeoil.key

This file was deleted.

17 changes: 0 additions & 17 deletions ssl-cert-snakeoil.pem

This file was deleted.

60 changes: 60 additions & 0 deletions tls.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,60 @@
package fasthttp

import (
"crypto/rand"
"crypto/rsa"
"crypto/x509"
"crypto/x509/pkix"
"encoding/pem"
"math/big"
"time"
)

// GenerateTestCertificate generates a test certificate and private key based on the given host.
func GenerateTestCertificate(host string) ([]byte, []byte, error) {
priv, err := rsa.GenerateKey(rand.Reader, 2048)
if err != nil {
return nil, nil, err
}

serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)
if err != nil {
return nil, nil, err
}

cert := &x509.Certificate{
SerialNumber: serialNumber,
Subject: pkix.Name{
Organization: []string{"fasthttp test"},
},
NotBefore: time.Now(),
NotAfter: time.Now().Add(365 * 24 * time.Hour),
KeyUsage: x509.KeyUsageCertSign | x509.KeyUsageDigitalSignature,
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth, x509.ExtKeyUsageClientAuth},
SignatureAlgorithm: x509.SHA256WithRSA,
DNSNames: []string{host},
BasicConstraintsValid: true,
IsCA: true,
}

certBytes, err := x509.CreateCertificate(
rand.Reader, cert, cert, &priv.PublicKey, priv,
)

p := pem.EncodeToMemory(
&pem.Block{
Type: "PRIVATE KEY",
Bytes: x509.MarshalPKCS1PrivateKey(priv),
},
)

b := pem.EncodeToMemory(
&pem.Block{
Type: "CERTIFICATE",
Bytes: certBytes,
},
)

return b, p, err
}

0 comments on commit 057b6d7

Please sign in to comment.