Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- package main
- import (
- "crypto/dsa"
- "crypto/ecdsa"
- "crypto/rsa"
- "crypto/tls"
- "crypto/x509"
- "encoding/pem"
- "flag"
- "fmt"
- "io/ioutil"
- "net"
- "os"
- "time"
- )
- var (
- cert = flag.String("cert", "", "")
- key = flag.String("key", "", "")
- ca = flag.String("ca", "", "")
- insecure = flag.Bool("insecure", false, "")
- host = flag.String("host", "localhost", "")
- port = flag.String("port", "26257", "")
- )
- func main() {
- flag.Parse()
- cert, err := tls.LoadX509KeyPair(*cert, *key)
- if err != nil {
- panic(err)
- }
- caCert, err := ioutil.ReadFile(*ca)
- if err != nil {
- panic(err)
- }
- caCertPool := x509.NewCertPool()
- caCertPool.AppendCertsFromPEM(caCert)
- tlsConfig := &tls.Config{
- Certificates: []tls.Certificate{cert},
- RootCAs: caCertPool,
- ServerName: *host,
- InsecureSkipVerify: *insecure,
- PreferServerCipherSuites: true,
- // CurvePreferences: []tls.CurveID{tls.CurveP521, tls.CurveP384, tls.CurveP256},
- // CipherSuites: []uint16{
- // tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
- // tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
- // tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
- // tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
- // tls.TLS_RSA_WITH_AES_256_CBC_SHA,
- // },
- CipherSuites: []uint16{
- tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
- tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
- tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
- tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
- tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
- tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
- tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
- tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
- tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
- tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
- tls.TLS_RSA_WITH_AES_128_GCM_SHA256,
- tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
- tls.TLS_RSA_WITH_AES_128_CBC_SHA,
- tls.TLS_RSA_WITH_AES_256_CBC_SHA,
- },
- MinVersion: tls.VersionTLS12,
- }
- tlsConfig.BuildNameToCertificate()
- conn, err := net.DialTimeout("tcp", fmt.Sprintf("%s:%s", *host, *port), 10*time.Second)
- if err != nil {
- panic(err)
- }
- conn.SetDeadline(time.Now().Add(3 * time.Second))
- tlsConn := tls.Client(conn, tlsConfig)
- err = tlsConn.Handshake()
- if err != nil {
- panic(err)
- }
- fmt.Println("OK")
- state := tlsConn.ConnectionState()
- for _, v := range state.PeerCertificates {
- asn1Bytes, err := x509.MarshalPKIXPublicKey(v.PublicKey)
- if err != nil {
- panic(err)
- }
- pub, err := x509.ParsePKIXPublicKey(asn1Bytes)
- if err != nil {
- panic(err)
- }
- switch pub := pub.(type) {
- case *rsa.PublicKey:
- fmt.Println("RSA:", pub)
- case *dsa.PublicKey:
- fmt.Println("DSA:", pub)
- case *ecdsa.PublicKey:
- fmt.Println("ECDSA:", pub)
- default:
- panic("unknown type of public key")
- }
- block := &pem.Block{
- Type: "PUBLIC KEY",
- Bytes: asn1Bytes,
- }
- err = pem.Encode(os.Stdout, block)
- if err != nil {
- panic(err)
- }
- fmt.Println(v.Subject)
- }
- fmt.Println("Handshake complete:", state.HandshakeComplete)
- fmt.Println("Negotiated protocol is mutual:", state.NegotiatedProtocolIsMutual)
- tlsConn.Close()
- }
Add Comment
Please, Sign In to add comment