initial

.gitignore

@@ -0,0 +1,2 @@
+/.idea
+.DS_Store

README.md

@@ -0,0 +1,42 @@
+# Gentls: self-signed TLS
+
+[![Workflow](https://github.com/AlexanderMatveev/gentls/actions/workflows/go.yml/badge.svg)](https://github.com/AlexanderMatveev/gentls/actions)
+[![Go Report Card](https://goreportcard.com/badge/github.com/AlexanderMatveev/gentls)](https://goreportcard.com/report/github.com/AlexanderMatveev/gentls)
+
+
+## Overview
+
+`gentls` is a small package to generate self-signed TLS for development purposes.
+
+## Example
+
+```go
+package main
+
+import (
+	"crypto/x509/pkix"
+	"fmt"
+	"github.com/AlexanderMatveev/gentls"
+	"log"
+	"net/http"
+	"time"
+)
+
+func main() {
+	server := http.Server{
+		Addr:    fmt.Sprintf(":%d", 3443),
+	}
+	start := time.Now()
+	log.Print("Generating TLS certs")
+	if server.TLSConfig, err = owntls.Generate(1024, pkix.Name{
+		Organization: []string{"SelfSigned"},
+		Country:      []string{"RU"},
+		Locality:     []string{"Moscow"},
+	}, time.Now().AddDate(10, 0, 0)); err != nil {
+		log.Fatal(err)
+	}
+	log.Printf("TLS certs generated in %s", time.Since(start))
+	log.Fatal(server.ListenAndServeTLS("", ""))
+}
+
+```

generate.go

@@ -0,0 +1,92 @@
+package gentls
+
+import (
+	"bytes"
+	"crypto/rand"
+	"crypto/rsa"
+	"crypto/tls"
+	"crypto/x509"
+	"crypto/x509/pkix"
+	"encoding/pem"
+	"math/big"
+	"net"
+	"time"
+)
+
+func New(bits int, dn pkix.Name, expires time.Time) (*tls.Config, error) {
+	sn, err := rand.Int(rand.Reader, big.NewInt(time.Now().UnixNano()))
+	if err != nil {
+		return nil, err
+	}
+	ca := &x509.Certificate{
+		SerialNumber:          sn,
+		Subject:               dn,
+		NotBefore:             time.Now(),
+		NotAfter:              expires,
+		IsCA:                  true,
+		ExtKeyUsage:           []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth},
+		KeyUsage:              x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
+		BasicConstraintsValid: true,
+	}
+	caPrivKey, err := rsa.GenerateKey(rand.Reader, bits)
+	if err != nil {
+		return nil, err
+	}
+	caBytes, err := x509.CreateCertificate(rand.Reader, ca, ca, &caPrivKey.PublicKey, caPrivKey)
+	if err != nil {
+		return nil, err
+	}
+	caPEM := new(bytes.Buffer)
+	if err := pem.Encode(caPEM, &pem.Block{
+		Type:  "CERTIFICATE",
+		Bytes: caBytes,
+	}); err != nil {
+		return nil, err
+	}
+	caPrivKeyPEM := new(bytes.Buffer)
+	if err := pem.Encode(caPrivKeyPEM, &pem.Block{
+		Type:  "RSA PRIVATE KEY",
+		Bytes: x509.MarshalPKCS1PrivateKey(caPrivKey),
+	}); err != nil {
+		return nil, err
+	}
+	cert := &x509.Certificate{
+		SerialNumber: sn,
+		Subject:      dn,
+		IPAddresses:  []net.IP{net.IPv4(127, 0, 0, 1), net.IPv6loopback},
+		NotBefore:    time.Now(),
+		NotAfter:     expires,
+		SubjectKeyId: []byte{1, 2, 3, 4, 6},
+		ExtKeyUsage:  []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth},
+		KeyUsage:     x509.KeyUsageDigitalSignature,
+	}
+	certPrivKey, err := rsa.GenerateKey(rand.Reader, bits)
+	if err != nil {
+		return nil, err
+	}
+	certBytes, err := x509.CreateCertificate(rand.Reader, cert, ca, &certPrivKey.PublicKey, caPrivKey)
+	if err != nil {
+		return nil, err
+	}
+	certPEM := new(bytes.Buffer)
+	if err := pem.Encode(certPEM, &pem.Block{
+		Type:  "CERTIFICATE",
+		Bytes: certBytes,
+	}); err != nil {
+		return nil, err
+	}
+	certPrivKeyPEM := new(bytes.Buffer)
+	if err := pem.Encode(certPrivKeyPEM, &pem.Block{
+		Type:  "RSA PRIVATE KEY",
+		Bytes: x509.MarshalPKCS1PrivateKey(certPrivKey),
+	}); err != nil {
+		return nil, err
+	}
+	serverCert, err := tls.X509KeyPair(certPEM.Bytes(), certPrivKeyPEM.Bytes())
+	if err != nil {
+		return nil, err
+	}
+	return &tls.Config{
+		Certificates: []tls.Certificate{serverCert},
+	}, nil
+}

go.mod

@@ -0,0 +1,3 @@
+module gentls
+
+go 1.18