2018-04-10 23:02:47 +02:00
|
|
|
package tls_test
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
gotls "crypto/tls"
|
|
|
|
|
"crypto/x509"
|
|
|
|
|
"testing"
|
|
|
|
|
"time"
|
|
|
|
|
|
2022-01-02 15:16:23 +00:00
|
|
|
"github.com/v2fly/v2ray-core/v5/common"
|
|
|
|
|
"github.com/v2fly/v2ray-core/v5/common/protocol/tls/cert"
|
|
|
|
|
. "github.com/v2fly/v2ray-core/v5/transport/internet/tls"
|
2018-04-10 23:02:47 +02:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
func TestCertificateIssuing(t *testing.T) {
|
|
|
|
|
certificate := ParseCertificate(cert.MustGenerate(nil, cert.Authority(true), cert.KeyUsage(x509.KeyUsageCertSign)))
|
|
|
|
|
certificate.Usage = Certificate_AUTHORITY_ISSUE
|
|
|
|
|
|
|
|
|
|
c := &Config{
|
|
|
|
|
Certificate: []*Certificate{
|
|
|
|
|
certificate,
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
tlsConfig := c.GetTLSConfig()
|
|
|
|
|
v2rayCert, err := tlsConfig.GetCertificate(&gotls.ClientHelloInfo{
|
2021-02-17 04:31:50 +08:00
|
|
|
ServerName: "www.v2fly.org",
|
2018-04-10 23:02:47 +02:00
|
|
|
})
|
2019-02-02 22:19:30 +01:00
|
|
|
common.Must(err)
|
2018-04-10 23:02:47 +02:00
|
|
|
|
|
|
|
|
x509Cert, err := x509.ParseCertificate(v2rayCert.Certificate[0])
|
2019-02-02 22:19:30 +01:00
|
|
|
common.Must(err)
|
2019-02-09 15:46:48 +01:00
|
|
|
if !x509Cert.NotAfter.After(time.Now()) {
|
|
|
|
|
t.Error("NotAfter: ", x509Cert.NotAfter)
|
|
|
|
|
}
|
2018-04-10 23:02:47 +02:00
|
|
|
}
|
2018-04-18 11:45:49 +02:00
|
|
|
|
|
|
|
|
func TestExpiredCertificate(t *testing.T) {
|
|
|
|
|
caCert := cert.MustGenerate(nil, cert.Authority(true), cert.KeyUsage(x509.KeyUsageCertSign))
|
2021-02-17 04:31:50 +08:00
|
|
|
expiredCert := cert.MustGenerate(caCert, cert.NotAfter(time.Now().Add(time.Minute*-2)), cert.CommonName("www.v2fly.org"), cert.DNSNames("www.v2fly.org"))
|
2018-04-18 11:45:49 +02:00
|
|
|
|
|
|
|
|
certificate := ParseCertificate(caCert)
|
|
|
|
|
certificate.Usage = Certificate_AUTHORITY_ISSUE
|
|
|
|
|
|
|
|
|
|
certificate2 := ParseCertificate(expiredCert)
|
|
|
|
|
|
|
|
|
|
c := &Config{
|
|
|
|
|
Certificate: []*Certificate{
|
|
|
|
|
certificate,
|
|
|
|
|
certificate2,
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
tlsConfig := c.GetTLSConfig()
|
|
|
|
|
v2rayCert, err := tlsConfig.GetCertificate(&gotls.ClientHelloInfo{
|
2021-02-17 04:31:50 +08:00
|
|
|
ServerName: "www.v2fly.org",
|
2018-04-18 11:45:49 +02:00
|
|
|
})
|
2019-02-02 22:19:30 +01:00
|
|
|
common.Must(err)
|
2018-04-18 11:45:49 +02:00
|
|
|
|
|
|
|
|
x509Cert, err := x509.ParseCertificate(v2rayCert.Certificate[0])
|
2019-02-02 22:19:30 +01:00
|
|
|
common.Must(err)
|
2019-02-09 15:46:48 +01:00
|
|
|
if !x509Cert.NotAfter.After(time.Now()) {
|
|
|
|
|
t.Error("NotAfter: ", x509Cert.NotAfter)
|
|
|
|
|
}
|
2018-04-18 11:45:49 +02:00
|
|
|
}
|
2018-09-10 23:55:54 +02:00
|
|
|
|
|
|
|
|
func TestInsecureCertificates(t *testing.T) {
|
2021-01-01 09:01:14 +00:00
|
|
|
c := &Config{}
|
2018-09-10 23:55:54 +02:00
|
|
|
|
|
|
|
|
tlsConfig := c.GetTLSConfig()
|
|
|
|
|
if len(tlsConfig.CipherSuites) > 0 {
|
|
|
|
|
t.Fatal("Unexpected tls cipher suites list: ", tlsConfig.CipherSuites)
|
|
|
|
|
}
|
|
|
|
|
}
|
2018-11-21 13:00:26 +01:00
|
|
|
|
|
|
|
|
func BenchmarkCertificateIssuing(b *testing.B) {
|
|
|
|
|
certificate := ParseCertificate(cert.MustGenerate(nil, cert.Authority(true), cert.KeyUsage(x509.KeyUsageCertSign)))
|
|
|
|
|
certificate.Usage = Certificate_AUTHORITY_ISSUE
|
|
|
|
|
|
|
|
|
|
c := &Config{
|
|
|
|
|
Certificate: []*Certificate{
|
|
|
|
|
certificate,
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
tlsConfig := c.GetTLSConfig()
|
|
|
|
|
lenCerts := len(tlsConfig.Certificates)
|
|
|
|
|
|
|
|
|
|
b.ResetTimer()
|
|
|
|
|
|
|
|
|
|
for i := 0; i < b.N; i++ {
|
|
|
|
|
_, _ = tlsConfig.GetCertificate(&gotls.ClientHelloInfo{
|
2021-02-17 04:31:50 +08:00
|
|
|
ServerName: "www.v2fly.org",
|
2018-11-21 13:00:26 +01:00
|
|
|
})
|
2021-02-17 04:31:50 +08:00
|
|
|
delete(tlsConfig.NameToCertificate, "www.v2fly.org")
|
2018-11-21 13:00:26 +01:00
|
|
|
tlsConfig.Certificates = tlsConfig.Certificates[:lenCerts]
|
|
|
|
|
}
|
|
|
|
|
}
|
