package mainimport ( "crypto/dsa" "crypto/ecdsa" "crypto/rsa" "crypto/tls"

1. package main
2.  
3. import (
4. "crypto/dsa"
5. "crypto/ecdsa"
6. "crypto/rsa"
7. "crypto/tls"
8. "crypto/x509"
9. "encoding/pem"
10. "flag"
11. "fmt"
12. "io/ioutil"
13. "net"
14. "os"
15. "time"
16. )
17.  
18. var (
19. cert = flag.String("cert", "", "")
20. key = flag.String("key", "", "")
21. ca = flag.String("ca", "", "")
22. insecure = flag.Bool("insecure", false, "")
23. host = flag.String("host", "localhost", "")
24. port = flag.String("port", "26257", "")
25. )
26.  
27. func main() {
28. flag.Parse()
29.  
30. cert, err := tls.LoadX509KeyPair(*cert, *key)
31. if err != nil {
32. panic(err)
33. }
34.  
35. caCert, err := ioutil.ReadFile(*ca)
36. if err != nil {
37. panic(err)
38. }
39. caCertPool := x509.NewCertPool()
40. caCertPool.AppendCertsFromPEM(caCert)
41.  
42. tlsConfig := &tls.Config{
43. Certificates: []tls.Certificate{cert},
44. RootCAs: caCertPool,
45. ServerName: *host,
46. InsecureSkipVerify: *insecure,
47. PreferServerCipherSuites: true,
48. // CurvePreferences: []tls.CurveID{tls.CurveP521, tls.CurveP384, tls.CurveP256},
49. // CipherSuites: []uint16{
50. // tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
51. // tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
52. // tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
53. // tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
54. // tls.TLS_RSA_WITH_AES_256_CBC_SHA,
55. // },
56. CipherSuites: []uint16{
57. tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
58. tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
59. tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
60. tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
61. tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
62. tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
63. tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
64. tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
65. tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
66. tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
67. tls.TLS_RSA_WITH_AES_128_GCM_SHA256,
68. tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
69. tls.TLS_RSA_WITH_AES_128_CBC_SHA,
70. tls.TLS_RSA_WITH_AES_256_CBC_SHA,
71. },
72. MinVersion: tls.VersionTLS12,
73. }
74. tlsConfig.BuildNameToCertificate()
75.  
76. conn, err := net.DialTimeout("tcp", fmt.Sprintf("%s:%s", *host, *port), 10*time.Second)
77. if err != nil {
78. panic(err)
79. }
80. conn.SetDeadline(time.Now().Add(3 * time.Second))
81.  
82. tlsConn := tls.Client(conn, tlsConfig)
83. err = tlsConn.Handshake()
84. if err != nil {
85. panic(err)
86. }
87.  
88. fmt.Println("OK")
89.  
90. state := tlsConn.ConnectionState()
91. for _, v := range state.PeerCertificates {
92. asn1Bytes, err := x509.MarshalPKIXPublicKey(v.PublicKey)
93. if err != nil {
94. panic(err)
95. }
96.  
97. pub, err := x509.ParsePKIXPublicKey(asn1Bytes)
98. if err != nil {
99. panic(err)
100. }
101.  
102. switch pub := pub.(type) {
103. case *rsa.PublicKey:
104. fmt.Println("RSA:", pub)
105. case *dsa.PublicKey:
106. fmt.Println("DSA:", pub)
107. case *ecdsa.PublicKey:
108. fmt.Println("ECDSA:", pub)
109. default:
110. panic("unknown type of public key")
111. }
112.  
113. block := &pem.Block{
114. Type: "PUBLIC KEY",
115. Bytes: asn1Bytes,
116. }
117.  
118. err = pem.Encode(os.Stdout, block)
119. if err != nil {
120. panic(err)
121. }
122.  
123. fmt.Println(v.Subject)
124. }
125. fmt.Println("Handshake complete:", state.HandshakeComplete)
126. fmt.Println("Negotiated protocol is mutual:", state.NegotiatedProtocolIsMutual)
127.  
128. tlsConn.Close()
129. }