安全编程

声明：内容来自《Go语言编程》

[TOC]

1 支持HTTPS的web服务器

package main

import (
    "fmt"
    "net/http"
)

const SERVER_PORT = 8080
const SERVER_DOMAIN = "localhost"
const RESPONSE_TEMPLATE = "hello"

func rootHandler(w http.ResponseWriter, req *http.Request) {
    w.Header().Set("Content-Type", "text/html")
    w.Header().Set("Content-Length", fmt.Sprint(len(RESPONSE_TEMPLATE)))
    w.Write([]byte(RESPONSE_TEMPLATE))
}

func main() {
    http.HandleFunc(fmt.Sprintf("%s:%d/", SERVER_DOMAIN,
        SERVER_PORT), rootHandler)
    http.ListenAndServeTLS(fmt.Sprintf(":%d", SERVER_PORT),
        "rui.crt", "rui.key", nil)
}

2 支持HTTPS的文件服务器

package main

import (
    "fmt"
    "net/http"
)

func main() {
    h:= http.FileServer(http.Dir("."))
    err:=http.ListenAndServeTLS(":8080","rui.crt","rui.key",h)
    if err!=nil{
        fmt.Println(err)
    }
}

3 基于SSL/TLS的ECHO程序

3.1 服务端

package main

import (
    "crypto/rand"
    "crypto/tls"
    "io"
    "log"
    "net"
    "time"
)

func main() {

    cert, err := tls.LoadX509KeyPair("rui.crt", "rui.key")
    if err != nil {
        log.Fatalf("server: loadkeys: %s", err)
    }
    config := tls.Config{Certificates: []tls.Certificate{cert}}
    config.Time = time.Now
    config.Rand = rand.Reader

    service := "127.0.0.1:8000"

    listener, err := tls.Listen("tcp", service, &config)
    if err != nil {
        log.Fatalf("server: listen: %s", err)
    }

    log.Print("server: listening")
    for {
        conn, err := listener.Accept()
        if err != nil {
            log.Printf("server: accept: %s", err)
            break
        }
        log.Printf("server: accepted from %s", conn.RemoteAddr())

        go handleClient(conn)
    }
}

func handleClient(conn net.Conn) {
    defer conn.Close()

    buf := make([]byte, 512)
    for {
        log.Print("server: conn: waiting")
        n, err := conn.Read(buf)
        if err != nil {
            if err != io.EOF {
                log.Printf("server: conn: read: %s", err)
            }
            break
        }
        log.Printf("server: conn: echo %q\n", string(buf[:n]))
        n, err = conn.Write(buf[:n])
        log.Printf("server: conn: wrote %d bytes", n)

        if err != nil {
            log.Printf("server: write: %s", err)
            break
        }
    }
    log.Println("server: conn: closed")
}

3.2 客户端

package main

import (
    "crypto/tls"
    "io"
    "log"
)

func main() {
    conn, err := tls.Dial("tcp", "127.0.0.1:8000", nil)
    if err != nil {
        log.Fatalf("client: dial: %s", err)
    }
    defer conn.Close()
    log.Println("client: connected to: ", conn.RemoteAddr())

    state := conn.ConnectionState()
    log.Println("client: handshake: ", state.HandshakeComplete)
    log.Println("client: mutual: ", state.NegotiatedProtocolIsMutual)

    message := "Hello\n"
    n, err := io.WriteString(conn, message)
    if err != nil {
        log.Fatalf("client: write: %s", err)
    }
    log.Printf("client: wrote %q (%d bytes)", message, n)

    reply := make([]byte, 256)
    n, err = conn.Read(reply)
    log.Printf("client: read %q (%d bytes)", string(reply[:n]), n)
    log.Print("client: exiting")
}