탐색 도움말
로그인
akillibulut
/
cost-model
의 미러 https://github.com/kubecost/cost-model
2
0
포크 0
파일 이슈 0 위키
트리: e21bf66dc1
브랜치 태그
cost-model
/
vendor
/
github.com
/
aws
/
aws-sdk-go
/
awstesting
/
custom_ca_bundle.go

custom_ca_bundle.go 5.7 KB
히스토리 Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199 
  1. package awstesting
    2. 

  2. 

  3. import (
    4. 

  4. 	"io/ioutil"
    5. 

  5. 	"net"
    6. 

  6. 	"net/http"
    7. 

  7. 	"os"
    8. 

  8. 	"strings"
    9. 

  9. 	"time"
    10. 

  10. )
    11. 

  11. 

  12. func availableLocalAddr(ip string) (string, error) {
    13. 

  13. 	l, err := net.Listen("tcp", ip+":0")
    14. 

  14. 	if err != nil {
    15. 

  15. 		return "", err
    16. 

  16. 	}
    17. 

  17. 	defer l.Close()
    18. 

  18. 

  19. 	return l.Addr().String(), nil
    20. 

  20. }
    21. 

  21. 

  22. // CreateTLSServer will create the TLS server on an open port using the
    23. 

  23. // certificate and key. The address will be returned that the server is running on.
    24. 

  24. func CreateTLSServer(cert, key string, mux *http.ServeMux) (string, error) {
    25. 

  25. 	addr, err := availableLocalAddr("127.0.0.1")
    26. 

  26. 	if err != nil {
    27. 

  27. 		return "", err
    28. 

  28. 	}
    29. 

  29. 

  30. 	if mux == nil {
    31. 

  31. 		mux = http.NewServeMux()
    32. 

  32. 		mux.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {})
    33. 

  33. 	}
    34. 

  34. 

  35. 	go func() {
    36. 

  36. 		if err := http.ListenAndServeTLS(addr, cert, key, mux); err != nil {
    37. 

  37. 			panic(err)
    38. 

  38. 		}
    39. 

  39. 	}()
    40. 

  40. 

  41. 	for i := 0; i < 60; i++ {
    42. 

  42. 		if _, err := http.Get("https://" + addr); err != nil && !strings.Contains(err.Error(), "connection refused") {
    43. 

  43. 			break
    44. 

  44. 		}
    45. 

  45. 

  46. 		time.Sleep(1 * time.Second)
    47. 

  47. 	}
    48. 

  48. 

  49. 	return "https://" + addr, nil
    50. 

  50. }
    51. 

  51. 

  52. // CreateTLSBundleFiles returns the temporary filenames for the certificate
    53. 

  53. // key, and CA PEM content. These files should be deleted when no longer
    54. 

  54. // needed. CleanupTLSBundleFiles can be used for this cleanup.
    55. 

  55. func CreateTLSBundleFiles() (cert, key, ca string, err error) {
    56. 

  56. 	cert, err = createTmpFile(TLSBundleCert)
    57. 

  57. 	if err != nil {
    58. 

  58. 		return "", "", "", err
    59. 

  59. 	}
    60. 

  60. 

  61. 	key, err = createTmpFile(TLSBundleKey)
    62. 

  62. 	if err != nil {
    63. 

  63. 		return "", "", "", err
    64. 

  64. 	}
    65. 

  65. 

  66. 	ca, err = createTmpFile(TLSBundleCA)
    67. 

  67. 	if err != nil {
    68. 

  68. 		return "", "", "", err
    69. 

  69. 	}
    70. 

  70. 

  71. 	return cert, key, ca, nil
    72. 

  72. }
    73. 

  73. 

  74. // CleanupTLSBundleFiles takes variadic list of files to be deleted.
    75. 

  75. func CleanupTLSBundleFiles(files ...string) error {
    76. 

  76. 	for _, file := range files {
    77. 

  77. 		if err := os.Remove(file); err != nil {
    78. 

  78. 			return err
    79. 

  79. 		}
    80. 

  80. 	}
    81. 

  81. 

  82. 	return nil
    83. 

  83. }
    84. 

  84. 

  85. func createTmpFile(b []byte) (string, error) {
    86. 

  86. 	bundleFile, err := ioutil.TempFile(os.TempDir(), "aws-sdk-go-session-test")
    87. 

  87. 	if err != nil {
    88. 

  88. 		return "", err
    89. 

  89. 	}
    90. 

  90. 

  91. 	_, err = bundleFile.Write(b)
    92. 

  92. 	if err != nil {
    93. 

  93. 		return "", err
    94. 

  94. 	}
    95. 

  95. 

  96. 	defer bundleFile.Close()
    97. 

  97. 	return bundleFile.Name(), nil
    98. 

  98. }
    99. 

  99. 

  100. /* Cert generation steps
    101. 

  101. # Create the CA key
    102. 

  102. openssl genrsa -des3 -out ca.key 1024
    103. 

  103. 

  104. # Create the CA Cert
    105. 

  105. openssl req -new -sha256 -x509 -days 3650 \
    106. 

  106.     -subj "/C=GO/ST=Gopher/O=Testing ROOT CA" \
    107. 

  107.     -key ca.key -out ca.crt
    108. 

  108. 

  109. # Create config
    110. 

  110. cat > csr_details.txt <<-EOF
    111. 

  111. 

  112. [req]
    113. 

  113. default_bits = 1024
    114. 

  114. prompt = no
    115. 

  115. default_md = sha256
    116. 

  116. req_extensions = SAN
    117. 

  117. distinguished_name = dn
    118. 

  118. 

  119. [ dn ]
    120. 

  120. C=GO
    121. 

  121. ST=Gopher
    122. 

  122. O=Testing Certificate
    123. 

  123. OU=Testing IP
    124. 

  124. 

  125. [SAN]
    126. 

  126. subjectAltName = IP:127.0.0.1
    127. 

  127. EOF
    128. 

  128. 

  129. # Create certificate signing request
    130. 

  130. openssl req -new -sha256 -nodes -newkey rsa:1024 \
    131. 

  131.     -config <( cat csr_details.txt ) \
    132. 

  132.     -keyout ia.key -out ia.csr
    133. 

  133. 

  134. # Create a signed certificate
    135. 

  135. openssl x509 -req -days 3650 \
    136. 

  136.     -CAcreateserial \
    137. 

  137.     -extfile <( cat csr_details.txt ) \
    138. 

  138.     -extensions SAN \
    139. 

  139.     -CA ca.crt -CAkey ca.key -in ia.csr -out ia.crt
    140. 

  140. 

  141. # Verify
    142. 

  142. openssl req -noout -text -in ia.csr
    143. 

  143. openssl x509 -noout -text -in ia.crt
    144. 

  144. */
    145. 

  145. var (
    146. 

  146. 	// TLSBundleCA ca.crt
    147. 

  147. 	TLSBundleCA = []byte(`-----BEGIN CERTIFICATE-----
    148. 

  148. MIICiTCCAfKgAwIBAgIJAJ5X1olt05XjMA0GCSqGSIb3DQEBCwUAMDgxCzAJBgNV
    149. 

  149. BAYTAkdPMQ8wDQYDVQQIEwZHb3BoZXIxGDAWBgNVBAoTD1Rlc3RpbmcgUk9PVCBD
    150. 

  150. QTAeFw0xNzAzMDkwMDAyMDZaFw0yNzAzMDcwMDAyMDZaMDgxCzAJBgNVBAYTAkdP
    151. 

  151. MQ8wDQYDVQQIEwZHb3BoZXIxGDAWBgNVBAoTD1Rlc3RpbmcgUk9PVCBDQTCBnzAN
    152. 

  152. BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAw/8DN+t9XQR60jx42rsQ2WE2Dx85rb3n
    153. 

  153. GQxnKZZLNddsT8rDyxJNP18aFalbRbFlyln5fxWxZIblu9Xkm/HRhOpbSimSqo1y
    154. 

  154. uDx21NVZ1YsOvXpHby71jx3gPrrhSc/t/zikhi++6D/C6m1CiIGuiJ0GBiJxtrub
    155. 

  155. UBMXT0QtI2ECAwEAAaOBmjCBlzAdBgNVHQ4EFgQU8XG3X/YHBA6T04kdEkq6+4GV
    156. 

  156. YykwaAYDVR0jBGEwX4AU8XG3X/YHBA6T04kdEkq6+4GVYymhPKQ6MDgxCzAJBgNV
    157. 

  157. BAYTAkdPMQ8wDQYDVQQIEwZHb3BoZXIxGDAWBgNVBAoTD1Rlc3RpbmcgUk9PVCBD
    158. 

  158. QYIJAJ5X1olt05XjMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADgYEAeILv
    159. 

  159. z49+uxmPcfOZzonuOloRcpdvyjiXblYxbzz6ch8GsE7Q886FTZbvwbgLhzdwSVgG
    160. 

  160. G8WHkodDUsymVepdqAamS3f8PdCUk8xIk9mop8LgaB9Ns0/TssxDvMr3sOD2Grb3
    161. 

  161. xyWymTWMcj6uCiEBKtnUp4rPiefcvCRYZ17/hLE=
    162. 

  162. -----END CERTIFICATE-----
    163. 

  163. `)
    164. 

  164. 

  165. 	// TLSBundleCert ai.crt
    166. 

  166. 	TLSBundleCert = []byte(`-----BEGIN CERTIFICATE-----
    167. 

  167. MIICGjCCAYOgAwIBAgIJAIIu+NOoxxM0MA0GCSqGSIb3DQEBBQUAMDgxCzAJBgNV
    168. 

  168. BAYTAkdPMQ8wDQYDVQQIEwZHb3BoZXIxGDAWBgNVBAoTD1Rlc3RpbmcgUk9PVCBD
    169. 

  169. QTAeFw0xNzAzMDkwMDAzMTRaFw0yNzAzMDcwMDAzMTRaMFExCzAJBgNVBAYTAkdP
    170. 

  170. MQ8wDQYDVQQIDAZHb3BoZXIxHDAaBgNVBAoME1Rlc3RpbmcgQ2VydGlmaWNhdGUx
    171. 

  171. EzARBgNVBAsMClRlc3RpbmcgSVAwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
    172. 

  172. AN1hWHeioo/nASvbrjwCQzXCiWiEzGkw353NxsAB54/NqDL3LXNATtiSJu8kJBrm
    173. 

  173. Ah12IFLtWLGXjGjjYlHbQWnOR6awveeXnQZukJyRWh7m/Qlt9Ho0CgZE1U+832ac
    174. 

  174. 5GWVldNxW1Lz4I+W9/ehzqe8I80RS6eLEKfUFXGiW+9RAgMBAAGjEzARMA8GA1Ud
    175. 

  175. EQQIMAaHBH8AAAEwDQYJKoZIhvcNAQEFBQADgYEAdF4WQHfVdPCbgv9sxgJjcR1H
    176. 

  176. Hgw9rZ47gO1IiIhzglnLXQ6QuemRiHeYFg4kjcYBk1DJguxzDTGnUwhUXOibAB+S
    177. 

  177. zssmrkdYYvn9aUhjc3XK3tjAoDpsPpeBeTBamuUKDHoH/dNRXxerZ8vu6uPR3Pgs
    178. 

  178. 5v/KCV6IAEcvNyOXMPo=
    179. 

  179. -----END CERTIFICATE-----
    180. 

  180. `)
    181. 

  181. 

  182. 	// TLSBundleKey ai.key
    183. 

  183. 	TLSBundleKey = []byte(`-----BEGIN RSA PRIVATE KEY-----
    184. 

  184. MIICXAIBAAKBgQDdYVh3oqKP5wEr2648AkM1wolohMxpMN+dzcbAAeePzagy9y1z
    185. 

  185. QE7YkibvJCQa5gIddiBS7Vixl4xo42JR20FpzkemsL3nl50GbpCckVoe5v0JbfR6
    186. 

  186. NAoGRNVPvN9mnORllZXTcVtS8+CPlvf3oc6nvCPNEUunixCn1BVxolvvUQIDAQAB
    187. 

  187. AoGBAMISrcirddGrlLZLLrKC1ULS2T0cdkqdQtwHYn4+7S5+/z42vMx1iumHLsSk
    188. 

  188. rVY7X41OWkX4trFxhvEIrc/O48bo2zw78P7flTxHy14uxXnllU8cLThE29SlUU7j
    189. 

  189. AVBNxJZMsXMlS/DowwD4CjFe+x4Pu9wZcReF2Z9ntzMpySABAkEA+iWoJCPE2JpS
    190. 

  190. y78q3HYYgpNY3gF3JqQ0SI/zTNkb3YyEIUffEYq0Y9pK13HjKtdsSuX4osTIhQkS
    191. 

  191. +UgRp6tCAQJBAOKPYTfQ2FX8ijgUpHZRuEAVaxASAS0UATiLgzXxLvOh/VC2at5x
    192. 

  192. wjOX6sD65pPz/0D8Qj52Cq6Q1TQ+377SDVECQAIy0od+yPweXxvrUjUd1JlRMjbB
    193. 

  193. TIrKZqs8mKbUQapw0bh5KTy+O1elU4MRPS3jNtBxtP25PQnuSnxmZcFTgAECQFzg
    194. 

  194. DiiFcsn9FuRagfkHExMiNJuH5feGxeFaP9WzI144v9GAllrOI6Bm3JNzx2ZLlg4b
    195. 

  195. 20Qju8lIEj6yr6JYFaECQHM1VSojGRKpOl9Ox/R4yYSA9RV5Gyn00/aJNxVYyPD5
    196. 

  196. i3acL2joQm2kLD/LO8paJ4+iQdRXCOMMIpjxSNjGQjQ=
    197. 

  197. -----END RSA PRIVATE KEY-----
    198. 

  198. `)
    199. 

  199. )
    200.