unistack-org/micro
4
0
Fork 3
Code Issues 19 Pull Requests 1 Actions Packages Projects Releases 259 Wiki Activity

WIP: initial mtls package #133

Merged
vtolstov merged 4 commits from mtls into v3 2022-06-27 00:22:10 +03:00
Conversation 1 Commits 4 Files Changed 3 +41 -3
2 changed files with 41 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit eb8c1332f0 - Show all commits

4
mtls/mtls.go
View File

@ -94,7 +94,7 @@ func NewIntermediate(cacrt *x509.Certificate, cakey crypto.PrivateKey, opts ...C
github-code-scanning[bot] commented 2022-06-05 06:03:30 +03:00 (Migrated from github.com)
Review
Copy Link

Disabled TLS certificate check

InsecureSkipVerify should not be used in production code.

Show more details

## Disabled TLS certificate check InsecureSkipVerify should not be used in production code. [Show more details](https://github.com/unistack-org/micro/security/code-scanning/2)
github-code-scanning[bot] commented 2022-06-05 06:03:30 +03:00 (Migrated from github.com)
Review
Copy Link

Disabled TLS certificate check

InsecureSkipVerify should not be used in production code.

Show more details

## Disabled TLS certificate check InsecureSkipVerify should not be used in production code. [Show more details](https://github.com/unistack-org/micro/security/code-scanning/2)
// SignCSR sign certificate request and return signed pubkey
func SignCSR(rawcsr []byte, cacrt *x509.Certificate, cakey crypto.PrivateKey, opts ...CertificateOption) ([]byte, error) {
if cacrt == nil {
opts = append(opts, CertificateIsCA(false))
github-code-scanning[bot] commented 2022-06-05 06:03:30 +03:00 (Migrated from github.com)
Review
Copy Link

Disabled TLS certificate check

InsecureSkipVerify should not be used in production code.

Show more details

## Disabled TLS certificate check InsecureSkipVerify should not be used in production code. [Show more details](https://github.com/unistack-org/micro/security/code-scanning/2)
opts = append(opts, CertificateIsCA(true))
github-code-scanning[bot] commented 2022-06-05 06:03:30 +03:00 (Migrated from github.com)
Review
Copy Link

Disabled TLS certificate check

InsecureSkipVerify should not be used in production code.

Show more details

## Disabled TLS certificate check InsecureSkipVerify should not be used in production code. [Show more details](https://github.com/unistack-org/micro/security/code-scanning/2)
}
options := NewCertificateOptions(opts...)
@ -124,7 +124,7 @@ func SignCSR(rawcsr []byte, cacrt *x509.Certificate, cakey crypto.PrivateKey, op
github-code-scanning[bot] commented 2022-06-05 06:03:30 +03:00 (Migrated from github.com)
Review
Copy Link

Disabled TLS certificate check

InsecureSkipVerify should not be used in production code.

Show more details

## Disabled TLS certificate check InsecureSkipVerify should not be used in production code. [Show more details](https://github.com/unistack-org/micro/security/code-scanning/2)
github-code-scanning[bot] commented 2022-06-05 06:03:30 +03:00 (Migrated from github.com)
Review
Copy Link

Disabled TLS certificate check

InsecureSkipVerify should not be used in production code.

Show more details

## Disabled TLS certificate check InsecureSkipVerify should not be used in production code. [Show more details](https://github.com/unistack-org/micro/security/code-scanning/2)
IsCA: options.IsCA,
}
if !options.IsCA {
github-code-scanning[bot] commented 2022-06-05 06:03:30 +03:00 (Migrated from github.com)
Review
Copy Link

Disabled TLS certificate check

InsecureSkipVerify should not be used in production code.

Show more details

## Disabled TLS certificate check InsecureSkipVerify should not be used in production code. [Show more details](https://github.com/unistack-org/micro/security/code-scanning/2)
if options.IsCA {
github-code-scanning[bot] commented 2022-06-05 06:03:30 +03:00 (Migrated from github.com)
Review
Copy Link

Disabled TLS certificate check

InsecureSkipVerify should not be used in production code.

Show more details

## Disabled TLS certificate check InsecureSkipVerify should not be used in production code. [Show more details](https://github.com/unistack-org/micro/security/code-scanning/2)
cacrt = tpl
} else {
tpl.Issuer = cacrt.Subject

github-code-scanning[bot] commented 2022-06-05 06:03:30 +03:00 (Migrated from github.com)
Review
Copy Link

Disabled TLS certificate check

InsecureSkipVerify should not be used in production code.

Show more details

## Disabled TLS certificate check InsecureSkipVerify should not be used in production code. [Show more details](https://github.com/unistack-org/micro/security/code-scanning/2)
github-code-scanning[bot] commented 2022-06-05 06:03:30 +03:00 (Migrated from github.com)
Review
Copy Link

Disabled TLS certificate check

InsecureSkipVerify should not be used in production code.

Show more details

## Disabled TLS certificate check InsecureSkipVerify should not be used in production code. [Show more details](https://github.com/unistack-org/micro/security/code-scanning/2)

40
mtls/mtls_test.go
View File

@ -10,6 +10,7 @@ func TestNewCa(t *testing.T) {
bcrt, key, err := NewCA(
CertificateOrganization("test_org"),
CertificateOrganizationalUnit("test_unit"),
CertificateIsCA(true),
)
if err != nil {
t.Fatal(err)
@ -23,7 +24,7 @@ func TestNewCa(t *testing.T) {
if err != nil {
t.Fatal(err)
}
if crt.IsCA {
if !crt.IsCA {
t.Fatalf("crt IsCA invalid %v", crt)
}
if crt.Subject.Organization[0] != "test_org" {
@ -33,3 +34,40 @@ func TestNewCa(t *testing.T) {
t.Fatalf("crt subject invalid %v", crt.Subject)
}
}
func TestNewIntermediate(t *testing.T) {
bcrt, cakey, err := NewCA(
CertificateOrganization("test_org"),
CertificateOrganizationalUnit("test_unit"),
)
if err != nil {
t.Fatal(err)
}
cacrt, err := x509.ParseCertificate(bcrt)
if err != nil {
t.Fatal(err)
}
bcrt, ikey, err := NewIntermediate(cacrt, cakey,
CertificateOrganization("test_org"),
CertificateOrganizationalUnit("test_unit"),
)
if err != nil {
t.Fatal(err)
}
_ = ikey
icrt, err := x509.ParseCertificate(bcrt)
if err != nil {
t.Fatal(err)
}
if icrt.IsCA {
t.Fatalf("crt IsCA invalid %v", icrt)
}
if icrt.Subject.Organization[0] != "test_org" {
t.Fatalf("crt subject invalid %v", icrt.Subject)
}
if icrt.Subject.OrganizationalUnit[0] != "test_unit" {
t.Fatalf("crt subject invalid %v", icrt.Subject)
}
}