From 63de17982b3f769a2d451ff13cf502a3625c9864 Mon Sep 17 00:00:00 2001
From: Chris Hager <chris@linuxuser.at>
Date: Thu, 21 Nov 2024 18:59:39 +0100
Subject: [PATCH] example use of tls generation (#35)

---
 .gitignore                  |  1 +
 examples/tls-server/main.go | 66 +++++++++++++++++++++++++++++++++++++
 2 files changed, 67 insertions(+)
 create mode 100644 examples/tls-server/main.go

diff --git a/.gitignore b/.gitignore
index aeb8638..d19803d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -17,3 +17,4 @@
 # IDE
 .idea/
 .vscode/
+cert.pem
\ No newline at end of file
diff --git a/examples/tls-server/main.go b/examples/tls-server/main.go
new file mode 100644
index 0000000..7f48800
--- /dev/null
+++ b/examples/tls-server/main.go
@@ -0,0 +1,66 @@
+package main
+
+//
+// This example demonstrates how to create a TLS certificate and key and serve it on a port.
+//
+// The certificate can be required by curl like this:
+//
+//   curl --cacert cert.pem https://localhost:4433
+//
+
+import (
+	"crypto/tls"
+	"fmt"
+	"net/http"
+	"os"
+	"time"
+
+	utils_tls "github.com/flashbots/go-utils/tls"
+)
+
+// Configuration
+const listenAddr = ":4433"
+const certPath = "cert.pem"
+
+func main() {
+	cert, key, err := utils_tls.GenerateTLS(time.Hour*24*265, []string{"localhost"})
+	if err != nil {
+		panic(err)
+	}
+	fmt.Println("Generated TLS certificate and key:")
+	fmt.Println(string(cert))
+
+	// write cert to file
+	err = os.WriteFile(certPath, cert, 0644)
+	if err != nil {
+		panic(err)
+	}
+	fmt.Println("Wrote certificate to", certPath)
+
+	certificate, err := tls.X509KeyPair(cert, key)
+	if err != nil {
+		panic(err)
+	}
+
+	mux := http.NewServeMux()
+	mux.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
+		// write certificate to response
+		_, _ = w.Write(cert)
+	})
+
+	srv := &http.Server{
+		Addr:              listenAddr,
+		Handler:           mux,
+		ReadHeaderTimeout: time.Second,
+		TLSConfig: &tls.Config{
+			Certificates:             []tls.Certificate{certificate},
+			MinVersion:               tls.VersionTLS13,
+			PreferServerCipherSuites: true,
+		},
+	}
+
+	fmt.Println("Starting HTTPS server", "addr", listenAddr)
+	if err := srv.ListenAndServeTLS("", ""); err != nil {
+		panic(err)
+	}
+}