zishuo/golib
1
0
Fork 0
mirror of https://github.com/nabbar/golib.git synced 2025-12-24 11:51:02 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
0656703eae6642eaa46507713dfd973263f55f33
golib/certificates/README.md
nabbar 942068222c 2025-11 Improvement, Tests, Documentations, Bug Fix, Optimization 
Global Repos / Workflow
- ADD/UPDATE documentation: comprehensive documentation with monitoring patterns
- UPDATE workflow: split old workflow into multiple files
- UPDATE .gitignore: added cluster.old.tar.gz and build artifacts
- UPDATE .golangci.yml: enhanced linter rules and disabled deprecated linters

[archive]
- ADD/UPDATE documentation: comprehensive documentation with monitoring patterns
- ADD/UPDATE tests: enhanced benchmark, config, encoding, example, integration, lifecycle, metrics, security, transitions
- FIX extract: recursive decompression for nested archives (e.g., .tar.gz handling)
- FIX extract: ZIP archive support now properly uses ReaderAt interface with seek reset
- ADD extract: proper symlink and hard link handling in archives
- UPDATE tar/writer: improved error handling and file mode preservation
- UPDATE zip/writer: enhanced validation and error messages
- UPDATE compress/interface: added support for additional compression formats
- UPDATE helper/compressor: fixed typo in error handling

[artifact]
- ADD/UPDATE documentation: comprehensive documentation with monitoring patterns
- ADD/UPDATE tests: enhanced benchmark, config, encoding, example, integration, lifecycle, metrics, security, transitions
- UPDATE artifact: improved error handling and context management
- UPDATE client/interface: enhanced API with better type safety and context propagation
- UPDATE client/model: refactored for better maintainability
- UPDATE github: removed unused error codes, improved model validation
- UPDATE gitlab: enhanced API pagination and error handling
- UPDATE jfrog: improved artifactory API compatibility
- UPDATE s3aws: enhanced S3 bucket operations and error messages

[atomic]
- ADD/UPDATE documentation: comprehensive documentation with monitoring patterns
- ADD/UPDATE tests: enhanced benchmark, config, encoding, example, integration, lifecycle, metrics, security, transitions
- UPDATE cast: improved type conversion with better error handling
- UPDATE interface: enhanced atomic operations with generics support
- UPDATE synmap: fixed race conditions in concurrent access patterns
- UPDATE value: improved atomic value operations with better memory ordering

[aws]
- ADD/UPDATE documentation: comprehensive documentation with monitoring patterns
- ADD/UPDATE tests: enhanced benchmark, config, encoding, example, integration, lifecycle, metrics, security, transitions
- UPDATE bucket: enhanced ACL and CORS configuration with validation
- UPDATE configAws/models: improved credential handling and region configuration
- UPDATE configCustom/interface: added support for custom endpoints
- UPDATE http/request: improved retry logic and timeout handling
- UPDATE interface: enhanced AWS client with context propagation
- UPDATE model: refactored for AWS SDK v2 compatibility
- UPDATE multipart/interface: improved chunk handling for large uploads
- UPDATE pusher: optimized hash calculation and upload progress tracking
- UPDATE resolver: enhanced endpoint resolution with custom DNS
- DELETE test files: removed bucket_test.go, group_test.go, object_test.go, policy_test.go, role_test.go, user_test.go

[cache]
- ADD/UPDATE documentation: comprehensive documentation with monitoring patterns
- ADD/UPDATE tests: enhanced benchmark, config, encoding, example, integration, lifecycle, metrics, security, transitions
- ADD context: context-aware cache lifecycle management
- UPDATE interface: complete rewrite with Go generics for type-safe key-value operations
- ADD item package: generic cache item with expiration tracking (interface and model)
- UPDATE model: refactored to use generics (Cache[K comparable, V any])
- REFACTOR: split item.go into modelAny.go for better code organization

[certificates]
- ADD/UPDATE documentation: comprehensive documentation with monitoring patterns
- ADD/UPDATE tests: enhanced benchmark, config, encoding, example, integration, lifecycle, metrics, security, transitions
- UPDATE auth/encode: improved PEM encoding with better error messages
- UPDATE auth/interface: enhanced authentication certificate handling
- UPDATE ca: improved CA certificate generation and validation
- UPDATE certs: enhanced certificate configuration with SAN support
- UPDATE cipher: improved cipher suite selection and validation
- UPDATE curves: enhanced elliptic curve handling with additional curves
- ADD deprecated.go: marked deprecated TLS versions and cipher suites
- UPDATE interface: enhanced certificate interface with context support
- UPDATE model: improved certificate model with better validation
- UPDATE rootca: enhanced root CA pool management
- UPDATE tlsversion: added TLS 1.3 support with proper validation
- UPDATE tools: improved certificate utility functions

[cobra]
- ADD/UPDATE documentation: comprehensive documentation with monitoring patterns
- ADD/UPDATE tests: enhanced benchmark, config, encoding, example, integration, lifecycle, metrics, security, transitions
- UPDATE completion: improved shell completion generation (bash, zsh, fish, powershell)
- UPDATE configure: enhanced configuration file handling
- UPDATE printError: improved error formatting with color support
- UPDATE interface: enhanced cobra interface with context support
- UPDATE model: improved cobra model with better validation

[config]
- ADD/UPDATE documentation: comprehensive documentation with monitoring patterns
- ADD/UPDATE tests: enhanced benchmark, config, encoding, example, integration, lifecycle, metrics, security, transitions
- UPDATE components: improved component lifecycle management
- UPDATE const/const: improved constant definitions
- UPDATE context: enhanced context handling with better propagation
- UPDATE errors: improved error definitions
- UPDATE events: enhanced event management
- UPDATE manage: improved configuration management with validation
- UPDATE model: refactored config model
- UPDATE shell: enhanced shell integration for interactive configuration
- UPDATE types: improved component and componentList types

[console]
- ADD/UPDATE documentation: comprehensive documentation with monitoring patterns
- ADD/UPDATE tests: enhanced benchmark, config, encoding, example, integration, lifecycle, metrics, security, transitions
- ADD buff.go: BuffPrintf function for colored output to io.Writer (moved from ioutils/multiplexer)
- DELETE color.go: removed legacy color file (consolidated functionality)
- UPDATE error: improved error definitions with better messages
- ADD interface: console interface for abstraction
- ADD model: console model for state management
- UPDATE padding: enhanced string padding with Unicode support
- UPDATE prompt: improved interactive prompt handling

[context]
- ADD/UPDATE documentation: comprehensive documentation with monitoring patterns
- ADD/UPDATE tests: enhanced benchmark, config, encoding, example, integration, lifecycle, metrics, security, transitions
- DELETE config.go: removed deprecated configuration (replaced by Config[T] interface)
- UPDATE context: improved context handling with better cancellation support
- UPDATE gin/interface: enhanced Gin context integration with type safety
- ADD helper: context helper functions for common operations
- ADD interface: generic Config[T comparable] interface for type-safe context storage
- ADD map: MapManage[T] interface for concurrent-safe map operations
- ADD model: thread-safe context model implementation with sync.Map

[database]
- ADD/UPDATE documentation: comprehensive documentation with monitoring patterns
- ADD/UPDATE tests: enhanced benchmark, config, encoding, example, integration, lifecycle, metrics, security, transitions
- UPDATE gorm/config: improved database configuration
- UPDATE gorm/driver: enhanced database driver with better connection pooling
- UPDATE gorm/driver_darwin: macOS-specific database optimizations
- UPDATE gorm/interface: improved GORM interface with context support
- UPDATE gorm/model: refactored model for better maintainability
- UPDATE gorm/monitor: enhanced monitoring for database connections
- UPDATE kvtypes: improved types for key-value store (compare, driver, item, table)

[duration]
- ADD/UPDATE documentation: comprehensive documentation with monitoring patterns
- ADD/UPDATE tests: enhanced benchmark, config, encoding, example, integration, lifecycle, metrics, security, transitions
- UPDATE big: enhanced big.Duration for large time spans with arithmetic operations
- UPDATE encode: improved marshaling for JSON, YAML, TOML, Text, CBOR
- UPDATE format: enhanced human-readable formatting (ns, μs, ms, s, m, h, d, w)
- UPDATE interface: improved duration interface with arithmetic methods
- UPDATE model: refactored Duration type
- UPDATE operation: enhanced arithmetic operations (Add, Sub, Mul, Div)
- UPDATE parse: improved parsing with multiple format support
- UPDATE truncate: enhanced truncation for rounding durations

[encoding]
- ADD/UPDATE documentation: comprehensive documentation with monitoring patterns
- ADD/UPDATE tests: enhanced benchmark, config, encoding, example, integration, lifecycle, metrics, security, transitions
- UPDATE aes: improved AES encryption with reader/writer interfaces
- UPDATE hexa: enhanced hexadecimal encoding with better error handling
- UPDATE mux: improved multiplexer/demultiplexer for stream handling
- UPDATE randRead: enhanced random data generation
- UPDATE sha256 package: SHA-256 hashing with reader/writer interfaces

[errors]
- ADD/UPDATE documentation: comprehensive documentation with monitoring patterns
- ADD/UPDATE tests: enhanced benchmark, config, encoding, example, integration, lifecycle, metrics, security, transitions
- ADD pool package: thread-safe error pool for collecting multiple errors with concurrent access
- UPDATE code: improved error code definition and lookup
- UPDATE errors: enhanced error creation with better stack trace
- UPDATE interface: improved error interface with more methods
- UPDATE mode: enhanced error mode handling (production vs development)
- UPDATE return: improved error return handling with context
- UPDATE trace: enhanced error tracing with file and line information

[file]
- ADD/UPDATE documentation: comprehensive documentation with monitoring patterns
- ADD/UPDATE tests: enhanced benchmark, config, encoding, example, integration, lifecycle, metrics, security, transitions
- UPDATE bandwidth: improved bandwidth tracking with concurrency tests
- UPDATE perm: enhanced file permission handling with Unix/Windows support
- UPDATE perm/encode: improved marshaling for JSON, YAML, TOML
- UPDATE perm/format: enhanced permission formatting (e.g., "rwxr-xr-x")
- UPDATE perm/parse: improved parsing of permission strings and octal values
- UPDATE progress: enhanced progress tracking for file I/O operations
- UPDATE progress/io*: improved reader, writer, seeker, closer interfaces with progress callbacks

[ftpclient]
- ADD/UPDATE documentation: comprehensive documentation with monitoring patterns
- ADD/UPDATE tests: enhanced benchmark, config, encoding, example, integration, lifecycle, metrics, security, transitions
- UPDATE config: improved FTP configuration with TLS support
- UPDATE errors: enhanced error definitions
- UPDATE interface: improved FTP client interface
- UPDATE model: refactored FTP client model

[httpcli]
- ADD/UPDATE documentation: comprehensive documentation with monitoring patterns
- ADD/UPDATE tests: enhanced benchmark, config, encoding, example, integration, lifecycle, metrics, security, transitions
- UPDATE cli: improved HTTP client with retry logic and timeout handling
- UPDATE dns-mapper: enhanced DNS mapping for custom resolution
- UPDATE dns-mapper/config: improved DNS mapper configuration
- UPDATE dns-mapper/errors: enhanced error handling
- UPDATE dns-mapper/interface: improved DNS mapper interface
- UPDATE dns-mapper/transport: enhanced HTTP transport with DNS override
- UPDATE errors: improved error definitions
- UPDATE options: enhanced client options with context support

[httpserver]
- ADD/UPDATE documentation: comprehensive documentation with monitoring patterns
- ADD/UPDATE tests: enhanced benchmark, config, encoding, example, integration, lifecycle, metrics, security, transitions
- UPDATE config: improved server configuration with TLS and middleware support
- UPDATE handler: enhanced request handler with better error handling
- UPDATE interface: improved server interface with context support and monitoring integration
- UPDATE model: refactored server model with better validation
- UPDATE monitor: enhanced monitoring integration with status tracking
- UPDATE pool: improved server pool management (config, interface, list, model)
- UPDATE run: enhanced server runtime with graceful shutdown
- UPDATE server: improved core server implementation with better lifecycle
- ADD testhelpers/certs.go: certificate generation utilities for testing
- UPDATE types: improved const, fields, and handler types

[ioutils]
- ADD/UPDATE documentation: comprehensive documentation with monitoring patterns
- ADD/UPDATE tests: enhanced benchmark, config, encoding, example, integration, lifecycle, metrics, security, transitions
- UPDATE bufferReadCloser: improved buffered reader/writer with closer
- UPDATE fileDescriptor: enhanced file descriptor limit management (platform-specific for Linux/macOS/Windows)
- UPDATE ioprogress: improved progress tracking for I/O operations
- UPDATE iowrapper: enhanced I/O wrapper with custom interfaces
- UPDATE mapCloser: improved map of closers for resource management
- UPDATE maxstdio: enhanced C implementation for max stdio file descriptor retrieval
- DELETE multiplexer/model.go: removed legacy multiplexer (functionality moved to console/buff.go and retro/)
- UPDATE nopwritecloser: improved no-op write closer
- UPDATE tools: enhanced I/O utility functions

[ldap]
- UPDATE ldap: improved LDAP client with better connection handling and search operations

[logger]
- ADD/UPDATE documentation: comprehensive documentation with monitoring patterns
- ADD/UPDATE tests: enhanced benchmark, config, encoding, example, integration, lifecycle, metrics, security, transitions
- UPDATE config: improved default values, file options, and syslog configuration
- UPDATE entry/interface: enhanced log entry with context support
- UPDATE fields: improved field handling with JSON cloning
- UPDATE gorm/interface: enhanced GORM logger with trace ID support
- UPDATE hashicorp/interface: improved HashiCorp logger integration
- FIX hookfile/system: use os.OpenRoot for secure file operations (prevents path traversal)
- FIX hookfile/system: fixed import path from libsrv "golib/server" to "golib/runner"
- ADD hookfile: IsRunning() method to track file hook state
- UPDATE hookstderr/interface: enhanced stderr hook with better buffering
- UPDATE hookstdout/interface: enhanced stdout hook with better buffering
- UPDATE hooksyslog: improved syslog integration with channel and priority handling
- ADD hookwriter package: generic io.Writer hook for custom output destinations
- UPDATE interface: enhanced logger interface with context propagation
- UPDATE level: improved log level handling and comparison
- UPDATE log: enhanced logging with better formatting
- UPDATE manage: improved logger lifecycle management
- UPDATE model: refactored logger model for better maintainability

[mail]
- UPDATE sender: improved mail sender with better MIME handling
- UPDATE interface: enhanced interface with monitoring support
- UPDATE monitor: added monitoring integration for mail operations

[monitor]
- ADD/UPDATE documentation: comprehensive documentation with monitoring patterns
- ADD/UPDATE tests: enhanced benchmark, config, encoding, example, integration, lifecycle, metrics, security, transitions
- ADD status package: new subpackage for status management with Status type (KO, Warn, OK)
- ADD status/encode: marshaling support for JSON, YAML, TOML, Text, CBOR
- ADD status/format: human-readable status formatting
- ADD status/interface: Status type with Parse and String methods
- UPDATE encode: improved encoding with better error handling
- UPDATE error: enhanced error definitions
- UPDATE info: improved system info collection (CPU, mem, disk, network)
- UPDATE interface: enhanced monitor interface with status support and better component integration
- UPDATE metrics: improved metrics collection and export
- UPDATE middleware: enhanced monitoring middleware for HTTP
- UPDATE pool/interface: enhanced pool interface with better monitoring integration
- UPDATE pool/metrics: improved metrics collection in pool
- UPDATE pool/model: refactored pool model for better maintainability
- UPDATE pool/pool: enhanced pool implementation with better lifecycle
- UPDATE server: enhanced server monitoring with status tracking
- UPDATE types/monitor: improved monitor type definitions

[nats]
- UPDATE client: improved NATS client with better subscription handling
- UPDATE config: enhanced NATS configuration with cluster support
- UPDATE monitor: added monitoring integration for NATS operations
- UPDATE server: improved NATS server integration with monitoring

[network]
- ADD/UPDATE documentation: comprehensive documentation with monitoring patterns
- ADD/UPDATE tests: enhanced benchmark, config, encoding, example, integration, lifecycle, metrics, security, transitions
- UPDATE bytes: improved byte size handling for network operations
- UPDATE number: enhanced number utilities for network data
- UPDATE protocol/encode: improved protocol encoding
- ADD protocol/format: protocol formatting utilities
- UPDATE protocol/interface: enhanced protocol interface
- UPDATE protocol/model: refactored protocol model

[password]
- ADD/UPDATE documentation: comprehensive documentation with monitoring patterns
- ADD/UPDATE tests: enhanced benchmark, config, encoding, example, integration, lifecycle, metrics, security, transitions
- UPDATE password: improved password utilities with strength validation and secure generation

[pidcontroller]
- UPDATE interface: improved PID controller interface
- UPDATE model: enhanced PID controller model with better tuning parameters

[pprof]
- UPDATE tools: improved pprof utilities for profiling integration

[prometheus]
- ADD/UPDATE documentation: comprehensive documentation with monitoring patterns
- ADD/UPDATE tests: enhanced benchmark, config, encoding, example, integration, lifecycle, metrics, security, transitions
- UPDATE bloom/bloom: improved bloom filter with better concurrency handling
- UPDATE bloom/collection: enhanced bloom filter collection operations
- UPDATE interface: enhanced prometheus interface with better type safety
- UPDATE metrics/interface: enhanced metrics interface with better registration
- UPDATE metrics/model: refactored metrics model for better maintainability
- UPDATE model: refactored prometheus model with better validation
- UPDATE pool: enhanced metric pool with concurrent access
- UPDATE pool/interface: enhanced pool interface
- UPDATE pool/model: refactored pool model
- UPDATE route: improved routing for metric endpoints
- UPDATE types: enhanced type definitions for metrics
- UPDATE webmetrics: improved existing metrics (requestBody, requestIPTotal, requestLatency, requestSlow, requestTotal, requestURITotal, responseBody)
- ADD webmetrics/activeConnections: gauge for tracking concurrent HTTP connections
- ADD webmetrics/requestErrors: counter for HTTP request errors
- ADD webmetrics/responseSizeByEndpoint: histogram for response size distribution by endpoint
- ADD webmetrics/statusCodeTotal: counter for HTTP status codes

[request]
- UPDATE interface: enhanced request interface with better type safety
- UPDATE model: refactored request model for better maintainability
- UPDATE options: improved request options with better validation
- UPDATE url: enhanced URL handling with better parsing

[retro]
- ADD/UPDATE documentation: comprehensive documentation with monitoring patterns
- ADD/UPDATE tests: enhanced benchmark, config, encoding, example, integration, lifecycle, metrics, security, transitions
- UPDATE encoding: improved encoding utilities with better format support
- UPDATE format: enhanced formatting functions for retro compatibility
- UPDATE model: refactored retro model with better validation
- UPDATE utils: improved utility functions for version handling
- UPDATE version: enhanced version utilities for retro compatibility

[router]
- ADD/UPDATE documentation: comprehensive documentation with monitoring patterns
- ADD/UPDATE tests: enhanced benchmark, config, encoding, example, integration, lifecycle, metrics, security, transitions
- UPDATE auth/interface: enhanced authentication interface with better validation
- UPDATE auth/model: improved authentication model
- UPDATE authheader/interface: enhanced authentication header interface
- UPDATE default: improved default router configuration
- UPDATE error: enhanced error definitions for router
- UPDATE header/config: improved header configuration
- UPDATE header/interface: enhanced header interface
- UPDATE header/model: refactored header model
- UPDATE interface: improved router interface with better type safety
- UPDATE middleware: improved router middleware with better error handling
- UPDATE model: refactored router model for better maintainability
- UPDATE router: enhanced core router implementation
- UPDATE tools: enhanced router utilities for route registration

[runner]
- ADD/UPDATE documentation: comprehensive documentation with monitoring patterns
- ADD/UPDATE tests: enhanced benchmark, config, encoding, example, integration, lifecycle, metrics, security, transitions
- UPDATE package: move package for lifecycle management of long-running services (moved from server/runner)
- ADD interface: Runner interface with Start, Stop, Restart, IsRunning, and Uptime methods
- ADD startStop package: service lifecycle with blocking start and graceful stop (interface, model, comprehensive tests)
- ADD ticker package: periodic task execution at regular intervals (interface, model, comprehensive tests)
- ADD tests: concurrency, construction, errors, lifecycle, and uptime tests for both startStop and ticker
- ADD tools: RecoveryCaller for panic recovery in goroutines

[semaphore]
- ADD/UPDATE documentation: comprehensive documentation with monitoring patterns
- ADD/UPDATE tests: enhanced benchmark, config, encoding, example, integration, lifecycle, metrics, security, transitions
- FIX bar/bar: Dec method now properly decrements (was calling Inc64, now calls Dec64 with negative value)
- UPDATE bar: improved progress bar with better MPB integration
- UPDATE bar/context: enhanced context handling for cancellation
- UPDATE bar/interface: added methods for Total() and better progress tracking
- UPDATE bar/model: improved model with atomic operations
- UPDATE bar tests: enhanced bar_operations_test, edge_cases_test, integration_test, and semaphore_test
- UPDATE context: enhanced context propagation
- UPDATE interface: improved semaphore interface with weighted operations
- UPDATE model: refactored model for better thread safety
- UPDATE progress: enhanced progress tracking with multiple bars
- UPDATE sem/interface: added IsRunning() method for state tracking
- UPDATE sem/ulimit: improved ulimit handling for file descriptors
- UPDATE sem/weighted: enhanced weighted semaphore operations
- UPDATE types: improved type definitions for bar, progress, and semaphore

[server]
- REFACTOR: moved runner subpackage to root-level runner package
- DELETE: empty package after moved runner subpackage

[shell]
- UPDATE goprompt: improved interactive prompt handling with better input validation

[size]
- ADD/UPDATE documentation: comprehensive documentation with monitoring patterns
- ADD/UPDATE tests: enhanced benchmark, config, encoding, example, integration, lifecycle, metrics, security, transitions
- ADD arithmetic.go: NEW file with arithmetic operations (Add, Sub, Mul, Div with overflow detection)
- UPDATE encode: improved marshaling for JSON, YAML, TOML, Text, CBOR
- UPDATE format: enhanced human-readable formatting (B, KB, MB, GB, TB, PB, EB)
- UPDATE interface: added arithmetic methods (Mul, MulErr, Div, DivErr, Add, AddErr, Sub, SubErr)
- UPDATE model: refactored Size type with better validation
- UPDATE parse: improved parsing with unit detection (IEC and SI standards)

[smtp]
- UPDATE client: improved SMTP client with better error handling
- UPDATE config: enhanced configuration with validation
- UPDATE config/error: improved error definitions
- UPDATE config/interface: enhanced interface with context support
- UPDATE config/model: refactored model for better maintainability
- UPDATE interface: improved SMTP interface with monitoring support
- UPDATE monitor: added monitoring integration for SMTP operations
- DELETE network/network.go: removed legacy network handling (consolidated into client)
- UPDATE tlsmode/tls: enhanced TLS mode handling (None, TLS, StartTLS)
- UPDATE types/interface: improved type interface

[socket]
- ADD/UPDATE documentation: comprehensive documentation with monitoring patterns
- ADD/UPDATE tests: enhanced benchmark, config, encoding, example, integration, lifecycle, metrics, security, transitions
- ADD client/interface_darwin: macOS-specific socket client options
- UPDATE client/interface_linux: platform-specific socket options for Linux
- UPDATE client/interface_other: platform-specific socket options for other platforms
- UPDATE client/tcp/error: improved TCP client error handling
- UPDATE client/tcp/interface: enhanced TCP client interface
- UPDATE client/tcp/model: improved TCP client model
- UPDATE client/udp/error: improved UDP client error handling
- UPDATE client/udp/interface: enhanced UDP client interface
- UPDATE client/udp/model: improved UDP client model
- UPDATE client/unix/error: improved Unix socket client error handling
- UPDATE client/unix/ignore: enhanced ignore functionality
- UPDATE client/unix/interface: enhanced Unix socket client interface
- UPDATE client/unix/model: improved Unix socket client model
- UPDATE client/unixgram/error: improved Unix datagram client error handling
- UPDATE client/unixgram/ignore: enhanced ignore functionality
- UPDATE client/unixgram/interface: enhanced Unix datagram client interface
- UPDATE client/unixgram/model: improved Unix datagram client model
- UPDATE config/client: improved client configuration
- UPDATE config/server: improved server configuration
- DELETE delim: moved legacy delimiter to I/O package
- UPDATE interface: improved socket interface
- UPDATE io: enhanced I/O operations
- DELETE multi: moved legacy multi to I/O package
- ADD server/interface_darwin: macOS-specific socket server options
- UPDATE server/interface_linux: platform-specific server options for Linux
- UPDATE server/interface_other: platform-specific server options for other platforms
- UPDATE server/tcp/error: improved TCP server error handling
- UPDATE server/tcp/interface: enhanced TCP server interface
- UPDATE server/tcp/listener: improved TCP server listener
- UPDATE server/tcp/model: improved TCP server model
- UPDATE server/udp/error: improved UDP server error handling
- UPDATE server/udp/interface: enhanced UDP server interface
- UPDATE server/udp/listener: improved UDP server listener
- UPDATE server/udp/model: improved UDP server model
- UPDATE server/unix/error: improved Unix socket server error handling
- UPDATE server/unix/ignore: enhanced ignore functionality
- UPDATE server/unix/interface: enhanced Unix socket server interface
- UPDATE server/unix/listener: improved Unix socket server listener
- UPDATE server/unix/model: improved Unix socket server model
- UPDATE server/unixgram/error: improved Unix datagram server error handling
- UPDATE server/unixgram/ignore: enhanced ignore functionality
- UPDATE server/unixgram/interface: enhanced Unix datagram server interface
- UPDATE server/unixgram/listener: improved Unix datagram server listener
- UPDATE server/unixgram/model: improved Unix datagram server model

[static]
- UPDATE interface: improved static interface with monitoring support
- UPDATE model: refactored static model
- UPDATE monitor: added monitoring integration for static file operations

[status]
- ADD/UPDATE documentation: comprehensive documentation with monitoring patterns
- ADD/UPDATE tests: enhanced benchmark, config, encoding, example, integration, lifecycle, metrics, security, transitions
- UPDATE cache: improved status cache with better synchronization
- UPDATE config: improved status configuration
- UPDATE control/encode: improved control encoding
- UPDATE control/interface: enhanced control interface with status tracking
- UPDATE control/model: refactored control model
- UPDATE encode: improved status encoding
- UPDATE error: enhanced error definitions for status
- UPDATE info: improved status info handling
- UPDATE interface: enhanced status interface
- UPDATE listmandatory/interface: improved list mandatory interface
- UPDATE listmandatory/model: refactored list mandatory model
- UPDATE mandatory/interface: enhanced mandatory interface
- UPDATE mandatory/model: refactored mandatory model
- UPDATE model: refactored status model
- UPDATE pool: improved status pool
- UPDATE route: enhanced status route handling

[test]
- DELETE: all manual tests are or will be replaced by proper automated test suites in respective packages

[version]
- ADD/UPDATE documentation: comprehensive documentation with monitoring patterns
- ADD/UPDATE tests: enhanced benchmark, config, encoding, example, integration, lifecycle, metrics, security, transitions
- UPDATE error: improved error definitions for version
- UPDATE license: enhanced license handling
- UPDATE version: improved version utilities

[viper]
- ADD/UPDATE documentation: comprehensive documentation with monitoring patterns
- ADD/UPDATE tests: enhanced benchmark, config, encoding, example, integration, lifecycle, metrics, security, transitions
- UPDATE interface: enhanced viper interface with context support
- UPDATE model: refactored viper model for better maintainability
2025-11-15 21:09:32 +01:00

20 KiB
Raw Blame History

Certificates Package

License: MIT Go Version

Comprehensive TLS/SSL certificate management for secure communications in Go applications.

Table of Contents

Overview

The certificates package provides a complete solution for configuring TLS/SSL connections in Go applications. It offers type-safe configuration for certificates, cipher suites, elliptic curves, TLS versions, and client authentication modes.

Design Philosophy

  1. Type-Safe: Leverage Go generics and type wrappers for compile-time safety
  2. Flexible Input: Support for PEM strings, file paths, and structured configuration
  3. Security-First: Default to secure configurations with modern TLS standards
  4. Multi-Format: JSON, YAML, TOML, and CBOR encoding support
  5. Thread-Safe: All operations are safe for concurrent access

Key Features

  • Certificate Management: Load and manage certificate pairs (private key + certificate)
  • CA Management: Support for root CA and client CA certificate pools
  • TLS Version Control: Configure minimum and maximum TLS versions (1.0-1.3)
  • Cipher Suite Selection: Modern, secure cipher suites for TLS 1.2 and 1.3
  • Elliptic Curve Configuration: Support for X25519, P256, P384, and P521
  • Client Authentication: Five authentication modes from none to strict verification
  • Dynamic Configuration: Runtime configuration updates and rotation
  • Multiple Encodings: JSON, YAML, TOML, CBOR support for all types
  • Thread-Safe Operations: Concurrent access protection throughout

Installation

go get github.com/nabbar/golib/certificates

Requirements:

  • Go 1.18 or higher (for generics support)
  • No external dependencies beyond crypto/tls and encoding libraries

Architecture

Package Structure

certificates/
├── certificates        # Main package
│   ├── interface.go   # TLSConfig interface and types
│   ├── model.go       # Implementation
│   ├── config.go      # Configuration structures
│   └── tools.go       # Helper functions
└── Subpackages/
    ├── auth/          # Client authentication modes
    ├── ca/            # Certificate Authority management
    ├── certs/         # Certificate pair management
    ├── cipher/        # Cipher suite configuration
    ├── curves/        # Elliptic curve configuration
    └── tlsversion/    # TLS version management

Component Diagram

┌─────────────────────────────────────────────────┐
│              TLSConfig Interface                │
│   Main configuration for TLS connections        │
└───────────┬─────────────────────────────────────┘
            │
            ├──> Root CA Pool (ca.Cert)
            │    └─ x509.CertPool
            │
            ├──> Client CA Pool (ca.Cert)
            │    └─ x509.CertPool
            │
            ├──> Certificate Pairs (certs.Cert)
            │    └─ tls.Certificate
            │
            ├──> TLS Version (tlsversion.Version)
            │    ├─ Min: TLS 1.2 (recommended)
            │    └─ Max: TLS 1.3 (preferred)
            │
            ├──> Cipher Suites (cipher.Cipher)
            │    ├─ TLS 1.2: ECDHE+AES-GCM
            │    └─ TLS 1.3: AES-GCM, ChaCha20
            │
            ├──> Elliptic Curves (curves.Curves)
            │    ├─ X25519 (preferred)
            │    └─ P256, P384, P521
            │
            └──> Client Auth (auth.ClientAuth)
                 └─ NoClientCert, Request, Require, Verify, Strict

Type System

Type Package Purpose
TLSConfig certificates Main interface for TLS configuration
ClientAuth auth Client authentication modes
Cert (CA) ca Certificate Authority certificates
Cert (pairs) certs Certificate pairs (key + cert)
Cipher cipher TLS cipher suite identifiers
Curves curves Elliptic curve identifiers
Version tlsversion TLS protocol version

Quick Start

Basic Server Configuration

package main

import (
    "crypto/tls"
    "net/http"
    
    "github.com/nabbar/golib/certificates"
    "github.com/nabbar/golib/certificates/tlsversion"
)

func main() {
    // Create TLS configuration
    tlsConfig := certificates.New()
    
    // Set TLS versions
    tlsConfig.SetVersionMin(tlsversion.VersionTLS12)
    tlsConfig.SetVersionMax(tlsversion.VersionTLS13)
    
    // Add server certificate
    err := tlsConfig.AddCertificatePairFile("/path/to/key.pem", "/path/to/cert.pem")
    if err != nil {
        panic(err)
    }
    
    // Create HTTP server with TLS
    server := &http.Server{
        Addr:      ":443",
        TLSConfig: tlsConfig.TLS("example.com"),
    }
    
    server.ListenAndServeTLS("", "")
}

Client Configuration with mTLS

package main

import (
    "crypto/tls"
    "net/http"
    
    "github.com/nabbar/golib/certificates"
    "github.com/nabbar/golib/certificates/auth"
)

func main() {
    // Create client TLS configuration
    tlsConfig := certificates.New()
    
    // Add root CA to verify server
    err := tlsConfig.AddRootCAFile("/path/to/ca.pem")
    if err != nil {
        panic(err)
    }
    
    // Add client certificate for mTLS
    err = tlsConfig.AddCertificatePairFile("/path/to/client-key.pem", "/path/to/client-cert.pem")
    if err != nil {
        panic(err)
    }
    
    // Create HTTP client
    client := &http.Client{
        Transport: &http.Transport{
            TLSClientConfig: tlsConfig.TLS("server.example.com"),
        },
    }
    
    resp, err := client.Get("https://server.example.com")
    // ...
}

Configuration from Strings

// PEM-encoded certificate and key
keyPEM := `-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA...
-----END RSA PRIVATE KEY-----`

certPEM := `-----BEGIN CERTIFICATE-----
MIIDXTCCAkWgAwIBAgIJ...
-----END CERTIFICATE-----`

tlsConfig := certificates.New()
err := tlsConfig.AddCertificatePairString(keyPEM, certPEM)
if err != nil {
    panic(err)
}

Subpackages

auth - Client Authentication Modes

Provides client authentication mode types for TLS connections.

Supported Modes:

  • NoClientCert: No client certificate required
  • RequestClientCert: Request but don't require client certificate
  • RequireAnyClientCert: Require any client certificate (unverified)
  • VerifyClientCertIfGiven: Verify client certificate if provided
  • RequireAndVerifyClientCert: Require and verify client certificate

Example:

import "github.com/nabbar/golib/certificates/auth"

authMode := auth.Parse("require")
tlsConfig.SetClientAuth(authMode)

Full auth package documentation →

ca - Certificate Authority Management

Manages CA certificates for verifying certificate chains.

Key Features:

  • Parse CA certificates from PEM strings or bytes
  • Support for certificate chains
  • Convert to x509.CertPool for TLS
  • Multiple encoding formats (JSON, YAML, TOML, CBOR)

Example:

import "github.com/nabbar/golib/certificates/ca"

caCert, err := ca.Parse(pemString)
if err != nil {
    log.Fatal(err)
}
pool := caCert.GetCertPool()

Full ca package documentation →

certs - Certificate Pair Management

Manages certificate pairs (private key + certificate) for TLS servers and clients.

Key Features:

  • Parse certificate pairs from PEM strings or files
  • Support for certificate chains
  • Multiple configuration formats (ConfigPair, ConfigChain)
  • Convert to tls.Certificate

Example:

import "github.com/nabbar/golib/certificates/certs"

cert, err := certs.Parse(keyPEM + "\n" + certPEM)
if err != nil {
    log.Fatal(err)
}
tlsCert := cert.GetTLS()

Full certs package documentation →

cipher - Cipher Suite Selection

Provides TLS cipher suite types and parsing for secure connections.

Supported Cipher Suites:

TLS 1.2:

  • RSA with AES-GCM
  • ECDHE-RSA with AES-GCM (forward secrecy)
  • ECDHE-ECDSA with AES-GCM (forward secrecy)
  • ECDHE with ChaCha20-Poly1305 (forward secrecy, mobile-optimized)

TLS 1.3:

  • AES-128-GCM-SHA256
  • AES-256-GCM-SHA384
  • ChaCha20-Poly1305-SHA256

Example:

import "github.com/nabbar/golib/certificates/cipher"

cipher := cipher.Parse("ECDHE-RSA-AES128-GCM-SHA256")
if cipher != cipher.Unknown {
    fmt.Println("Supported cipher:", cipher.String())
}

Full cipher package documentation →

curves - Elliptic Curve Configuration

Provides elliptic curve types for ECDHE cipher suites.

Supported Curves:

  • X25519: Modern, high-performance (preferred)
  • P256 (secp256r1): NIST curve, widely supported
  • P384 (secp384r1): NIST curve, higher security
  • P521 (secp521r1): NIST curve, maximum security

Example:

import "github.com/nabbar/golib/certificates/curves"

curve := curves.Parse("X25519")
tlsConfig.AddCurves(curve)

Full curves package documentation →

tlsversion - TLS Version Management

Provides TLS protocol version types and management.

Supported Versions:

  • VersionTLS10: TLS 1.0 (deprecated, not recommended)
  • VersionTLS11: TLS 1.1 (deprecated, not recommended)
  • VersionTLS12: TLS 1.2 (secure, widely supported)
  • VersionTLS13: TLS 1.3 (modern, most secure)

Example:

import "github.com/nabbar/golib/certificates/tlsversion"

minVer := tlsversion.Parse("1.2")
maxVer := tlsversion.Parse("1.3")
tlsConfig.SetVersionMin(minVer)
tlsConfig.SetVersionMax(maxVer)

Full tlsversion package documentation →

Configuration

TLSConfig Interface

The main TLSConfig interface provides comprehensive methods for configuring TLS connections:

Certificate Management:

  • AddCertificatePairString(key, cert string) error
  • AddCertificatePairFile(keyFile, certFile string) error
  • GetCertificatePair() []tls.Certificate
  • LenCertificatePair() int
  • CleanCertificatePair()

Root CA Management:

  • AddRootCA(rootCA ca.Cert) bool
  • AddRootCAString(rootCA string) bool
  • AddRootCAFile(pemFile string) error
  • GetRootCA() []ca.Cert
  • GetRootCAPool() *x509.CertPool

Client CA Management:

  • AddClientCAString(ca string) bool
  • AddClientCAFile(pemFile string) error
  • GetClientCA() []ca.Cert
  • GetClientCAPool() *x509.CertPool
  • SetClientAuth(auth.ClientAuth)

Version Control:

  • SetVersionMin(tlsversion.Version)
  • GetVersionMin() tlsversion.Version
  • SetVersionMax(tlsversion.Version)
  • GetVersionMax() tlsversion.Version

Cipher & Curve Configuration:

  • SetCipherList([]cipher.Cipher)
  • AddCiphers(...cipher.Cipher)
  • GetCiphers() []cipher.Cipher
  • SetCurveList([]curves.Curves)
  • AddCurves(...curves.Curves)
  • GetCurves() []curves.Curves

Advanced Options:

  • RegisterRand(io.Reader) - Custom randomness source
  • SetDynamicSizingDisabled(bool) - Control record sizing
  • SetSessionTicketDisabled(bool) - Control session resumption
  • TLS(serverName string) *tls.Config - Get final tls.Config

Configuration Examples

Minimal Server Configuration:

cfg := certificates.New()
cfg.AddCertificatePairFile("server-key.pem", "server-cert.pem")
tlsConfig := cfg.TLS("example.com")

Strict Server with mTLS:

cfg := certificates.New()
cfg.SetVersionMin(tlsversion.VersionTLS12)
cfg.SetVersionMax(tlsversion.VersionTLS13)
cfg.AddCertificatePairFile("server-key.pem", "server-cert.pem")
cfg.AddClientCAFile("client-ca.pem")
cfg.SetClientAuth(auth.RequireAndVerifyClientCert)
tlsConfig := cfg.TLS("example.com")

Client with Custom CA:

cfg := certificates.New()
cfg.AddRootCAFile("custom-ca.pem")
cfg.AddCertificatePairFile("client-key.pem", "client-cert.pem")
tlsConfig := cfg.TLS("")

Security Best Practices

TLS Version Selection

Recommended Configuration:

cfg.SetVersionMin(tlsversion.VersionTLS12)  // Minimum TLS 1.2
cfg.SetVersionMax(tlsversion.VersionTLS13)  // Maximum TLS 1.3

Security Rationale:

  • TLS 1.0 and 1.1 are deprecated (RFC 8996)
  • TLS 1.2 provides wide compatibility
  • TLS 1.3 offers improved security and performance

Cipher Suite Selection

Prefer ECDHE cipher suites for forward secrecy:

cipherSuites := []cipher.Cipher{
    cipher.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
    cipher.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
    cipher.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
    cipher.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
}
cfg.SetCipherList(cipherSuites)

Avoid:

  • Non-ECDHE cipher suites (no forward secrecy)
  • Legacy cipher suites (RC4, 3DES, MD5)
  • Export-grade cryptography

Elliptic Curve Selection

Recommended:

cfg.AddCurves(
    curves.X25519,  // Modern, fast, secure (preferred)
    curves.P256,    // NIST, widely supported
)

Security Notes:

  • X25519 offers best performance and security
  • P256 provides broad compatibility
  • Avoid P384/P521 unless required by policy

Certificate Management

Best Practices:

  • Use strong key sizes (RSA 2048+, ECDSA P-256+)
  • Implement certificate rotation
  • Monitor certificate expiration
  • Use proper file permissions (0600 for private keys)
  • Store private keys securely (HSM, vault)

Example with Rotation:

func rotateCertificate(cfg certificates.TLSConfig) error {
    // Load new certificate
    err := cfg.AddCertificatePairFile("new-key.pem", "new-cert.pem")
    if err != nil {
        return err
    }
    
    // Remove old certificates
    cfg.CleanCertificatePair()
    
    return nil
}

Client Authentication

Security Levels:

Mode Use Case Security
NoClientCert Public services Low
RequestClientCert Optional auth Medium
RequireAnyClientCert Testing Medium
VerifyClientCertIfGiven Flexible auth Medium-High
RequireAndVerifyClientCert mTLS, high security High

For high-security environments:

cfg.SetClientAuth(auth.RequireAndVerifyClientCert)
cfg.AddClientCAFile("trusted-clients-ca.pem")

Use Cases

HTTPS Web Server

package main

import (
    "net/http"
    "github.com/nabbar/golib/certificates"
    "github.com/nabbar/golib/certificates/tlsversion"
)

func main() {
    // Configure TLS
    tlsCfg := certificates.New()
    tlsCfg.SetVersionMin(tlsversion.VersionTLS12)
    tlsCfg.AddCertificatePairFile("server.key", "server.crt")
    
    // Create HTTPS server
    server := &http.Server{
        Addr:      ":443",
        TLSConfig: tlsCfg.TLS("example.com"),
        Handler:   http.DefaultServeMux,
    }
    
    server.ListenAndServeTLS("", "")
}

Microservice with mTLS

// Server side
serverCfg := certificates.New()
serverCfg.AddCertificatePairFile("service.key", "service.crt")
serverCfg.AddClientCAFile("clients-ca.pem")
serverCfg.SetClientAuth(auth.RequireAndVerifyClientCert)

// Client side
clientCfg := certificates.New()
clientCfg.AddRootCAFile("services-ca.pem")
clientCfg.AddCertificatePairFile("client.key", "client.crt")

client := &http.Client{
    Transport: &http.Transport{
        TLSClientConfig: clientCfg.TLS("service.example.com"),
    },
}

gRPC Service

import (
    "google.golang.org/grpc"
    "google.golang.org/grpc/credentials"
    "github.com/nabbar/golib/certificates"
)

tlsCfg := certificates.New()
tlsCfg.AddCertificatePairFile("grpc.key", "grpc.crt")
tlsCfg.AddRootCAFile("ca.pem")

creds := credentials.NewTLS(tlsCfg.TLS("grpc.example.com"))
server := grpc.NewServer(grpc.Creds(creds))

Database Connection

import (
    "database/sql"
    "crypto/tls"
    "github.com/go-sql-driver/mysql"
    "github.com/nabbar/golib/certificates"
)

tlsCfg := certificates.New()
tlsCfg.AddRootCAFile("db-ca.pem")
tlsCfg.AddCertificatePairFile("client.key", "client.crt")

mysql.RegisterTLSConfig("custom", tlsCfg.TLS(""))
db, err := sql.Open("mysql", "user:pass@tcp(host:3306)/db?tls=custom")

API Reference

Main Types

TLSConfig - Main interface for TLS configuration

type TLSConfig interface {
    // Certificate management
    AddCertificatePairString(key, crt string) error
    AddCertificatePairFile(keyFile, crtFile string) error
    GetCertificatePair() []tls.Certificate
    
    // CA management  
    AddRootCAString(rootCA string) bool
    AddRootCAFile(pemFile string) error
    GetRootCAPool() *x509.CertPool
    
    // Version control
    SetVersionMin(v tlsversion.Version)
    SetVersionMax(v tlsversion.Version)
    
    // Generate final config
    TLS(serverName string) *tls.Config
}

Factory Functions

New() - Create new TLSConfig

func New() TLSConfig

Subpackage Types

See individual subpackage documentation for detailed type information:

Testing

Test Suite: Ginkgo v2 + Gomega with comprehensive coverage

# Run all tests
go test ./...

# With coverage
go test -cover ./...

# With race detection
CGO_ENABLED=1 go test -race ./...

# Using Ginkgo CLI
go install github.com/onsi/ginkgo/v2/ginkgo@latest
ginkgo -r

Coverage by Package:

Package Coverage Specs
certificates ~70% 15
auth 73.0% 12
ca 68.5% 18
certs 47.8% 9
cipher 50.6% 12
curves 50.5% 9
tlsversion 54.5% 9

See TESTING.md for detailed testing documentation.

Contributing

Contributions are welcome! Please follow these guidelines:

Code Contributions:

  • Do not use AI to generate package implementation code
  • AI may assist with tests, documentation, and bug fixing
  • All contributions must pass go test -race
  • Follow existing code style and patterns
  • Add tests for new features

Documentation:

  • Update README.md for new features
  • Add examples for common use cases
  • Keep subpackage documentation synchronized

Security:

  • Report security issues privately
  • Follow responsible disclosure practices
  • Use secure defaults in new features

Pull Requests:

  • Provide clear description of changes
  • Reference related issues
  • Include test results
  • Update documentation

AI Transparency Notice

In accordance with Article 50.4 of the EU AI Act, AI assistance has been used for testing, documentation, and bug fixing under human supervision.

Resources

Documentation:

Tools:

Package Links:

License

MIT License - See LICENSE file for details.

Copyright (c) 2020 Nicolas JUHEL

Last Updated: 2025-11-07

Reference in New Issue View Git Blame Copy Permalink