Add methods to generate and configure TLS

Makefile

@@ -0,0 +1,5 @@
+tests: 
+	go test --race -v -covermode=atomic -coverprofile=coverage.out ./...
+
+benchmarks:
+	go test -bench=. -benchmem ./...

README.md

@@ -56,9 +56,7 @@ func TestFunc(t *testing.T) {
 	// Create a client with the self-signed CA
 	client := &http.Client{
 		Transport: &http.Transport{
-			TLSClientConfig: &tls.Config{
-				RootCAs: ca.CertPool(),
-			},
+			TLSClientConfig: certs.ConfigureTLSConfig(ca.GenerateTLSConfig()),
 		},
 	}
 

testcerts.go

@@ -48,9 +48,7 @@ For more complex tests, you can also use this package to create a Certificate Au
 		// Create a client with the self-signed CA
 		client := &http.Client{
 			Transport: &http.Transport{
-				TLSClientConfig: &tls.Config{
-					RootCAs: ca.CertPool(),
-				},
+				TLSClientConfig: certs.ConfigureTLSConfig(ca.GenerateTLSConfig()),
 			},
 		}
 
@@ -66,6 +64,7 @@ import (
 	"crypto/ecdsa"
 	"crypto/elliptic"
 	"crypto/rand"
+	"crypto/tls"
 	"crypto/x509"
 	"crypto/x509/pkix"
 	"encoding/pem"
@@ -232,6 +231,13 @@ func (ca *CertificateAuthority) ToTempFile(dir string) (cfh *os.File, kfh *os.Fi
 	return cfh, kfh, nil
 }
 
+// GenerateTLSConfig returns a tls.Config with the CertificateAuthority as the RootCA.
+func (ca *CertificateAuthority) GenerateTLSConfig() *tls.Config {
+	return &tls.Config{
+		RootCAs: ca.CertPool(),
+	}
+}
+
 // PrivateKey returns the private key of the KeyPair.
 func (kp *KeyPair) PrivateKey() []byte {
 	return pem.EncodeToMemory(kp.privateKey)
@@ -296,6 +302,18 @@ func (kp *KeyPair) ToTempFile(dir string) (cfh *os.File, kfh *os.File, err error
 	return cfh, kfh, nil
 }
 
+// ConfigureTLSConfig will configure the tls.Config with the KeyPair certificate and private key.
+// The returned tls.Config can be used for a server or client.
+func (kp *KeyPair) ConfigureTLSConfig(tlsConfig *tls.Config) *tls.Config {
+	tlsConfig.Certificates = []tls.Certificate{
+		{
+			Certificate: [][]byte{kp.PublicKey()},
+			PrivateKey:  kp.PrivateKey(),
+		},
+	}
+	return tlsConfig
+}
+
 // GenerateCerts generates a x509 certificate and key.
 // It returns the certificate and key as byte slices, and any error that occurred.
 //

testcerts_test.go

@@ -1,7 +1,6 @@
 package testcerts
 
 import (
-	"crypto/tls"
 	"crypto/x509"
 	"fmt"
 	"net/http"
@@ -341,7 +340,7 @@
 // testUsingCerts is called by the two tests below. Both test setting up certificates and subsequently
 // configuring the transport of the http.Client to use the generated certificate.
 // One uses the own public key as part of the pool (self signed cert) and one uses the cert from the CA.
 func testUsingCerts(t *testing.T, rootCAs func(ca *CertificateAuthority, certs *KeyPair) *x509.CertPool) {
 	// Create a signed Certificate and Key for "localhost"
 	ca := NewCA()
 	certs, err := ca.NewKeyPair("localhost")
@@ -373,15 +372,9 @@
 	<-time.After(3 * time.Second)
 
 	// Setup HTTP Client with Cert Pool
-	certpool := rootCAs(ca, certs)
-	if certpool == nil {
-		t.Fatalf("Test configuration error: rootCAs arg function returned nil instead of a x509.CertPool")
-	}
 	client := &http.Client{
 		Transport: &http.Transport{
-			TLSClientConfig: &tls.Config{
-				RootCAs: certpool,
-			},
+			TLSClientConfig: certs.ConfigureTLSConfig(ca.GenerateTLSConfig()),
 		},
 	}
 
@@ -405,3 +398,61 @@
 		return ca.certPool
 	})
 }
+
+func ExampleNewCA() {
+	// Generate a new Certificate Authority
+	ca := NewCA()
+
+	// Create a new KeyPair with a list of domains
+	certs, err := ca.NewKeyPair("localhost")
+	if err != nil {
+		fmt.Printf("Error generating keypair - %s", err)
+	}
+
+	// Write the certificates to a file
+	cert, key, err := certs.ToTempFile("")
+	if err != nil {
+		fmt.Printf("Error writing certs to temp files - %s", err)
+	}
+
+	// Create an HTTP Server
+	server := &http.Server{
+		Addr: "0.0.0.0:8443",
+	}
+	defer server.Close()
+
+	go func() {
+		// Start HTTP Listener
+		err = server.ListenAndServeTLS(cert.Name(), key.Name())
+		if err != nil && err != http.ErrServerClosed {
+			fmt.Printf("Listener returned error - %s", err)
+		}
+	}()
+
+	// Add handler
+	server.Handler = http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		w.Write([]byte("Hello, World!"))
+	})
+
+	// Wait for Listener to start
+	<-time.After(3 * time.Second)
+
+	// Setup HTTP Client with Cert Pool
+	client := &http.Client{
+		Transport: &http.Transport{
+			TLSClientConfig: certs.ConfigureTLSConfig(ca.GenerateTLSConfig()),
+		},
+	}
+
+	// Make an HTTPS request
+	rsp, err := client.Get("https://localhost:8443")
+	if err != nil {
+		fmt.Printf("Client returned error - %s", err)
+	}
+
+	// Print the response
+	fmt.Println(rsp.Status)
+
+	// Output:
+	// 200 OK
+}