1
0
mirror of https://github.com/v2fly/v2ray-core.git synced 2025-01-03 07:56:42 -05:00
v2fly/transport/internet/tls/config_test.go

98 lines
2.5 KiB
Go
Raw Normal View History

2018-04-10 17:02:47 -04:00
package tls_test
import (
gotls "crypto/tls"
"crypto/x509"
"testing"
"time"
2021-02-16 15:31:50 -05:00
"github.com/v2fly/v2ray-core/v4/common"
"github.com/v2fly/v2ray-core/v4/common/protocol/tls/cert"
. "github.com/v2fly/v2ray-core/v4/transport/internet/tls"
2018-04-10 17:02:47 -04:00
)
func TestCertificateIssuing(t *testing.T) {
certificate := ParseCertificate(cert.MustGenerate(nil, cert.Authority(true), cert.KeyUsage(x509.KeyUsageCertSign)))
certificate.Usage = Certificate_AUTHORITY_ISSUE
c := &Config{
Certificate: []*Certificate{
certificate,
},
}
tlsConfig := c.GetTLSConfig()
v2rayCert, err := tlsConfig.GetCertificate(&gotls.ClientHelloInfo{
2021-02-16 15:31:50 -05:00
ServerName: "www.v2fly.org",
2018-04-10 17:02:47 -04:00
})
2019-02-02 16:19:30 -05:00
common.Must(err)
2018-04-10 17:02:47 -04:00
x509Cert, err := x509.ParseCertificate(v2rayCert.Certificate[0])
2019-02-02 16:19:30 -05:00
common.Must(err)
2019-02-09 09:46:48 -05:00
if !x509Cert.NotAfter.After(time.Now()) {
t.Error("NotAfter: ", x509Cert.NotAfter)
}
2018-04-10 17:02:47 -04:00
}
2018-04-18 05:45:49 -04:00
func TestExpiredCertificate(t *testing.T) {
caCert := cert.MustGenerate(nil, cert.Authority(true), cert.KeyUsage(x509.KeyUsageCertSign))
2021-02-16 15:31:50 -05:00
expiredCert := cert.MustGenerate(caCert, cert.NotAfter(time.Now().Add(time.Minute*-2)), cert.CommonName("www.v2fly.org"), cert.DNSNames("www.v2fly.org"))
2018-04-18 05:45:49 -04:00
certificate := ParseCertificate(caCert)
certificate.Usage = Certificate_AUTHORITY_ISSUE
certificate2 := ParseCertificate(expiredCert)
c := &Config{
Certificate: []*Certificate{
certificate,
certificate2,
},
}
tlsConfig := c.GetTLSConfig()
v2rayCert, err := tlsConfig.GetCertificate(&gotls.ClientHelloInfo{
2021-02-16 15:31:50 -05:00
ServerName: "www.v2fly.org",
2018-04-18 05:45:49 -04:00
})
2019-02-02 16:19:30 -05:00
common.Must(err)
2018-04-18 05:45:49 -04:00
x509Cert, err := x509.ParseCertificate(v2rayCert.Certificate[0])
2019-02-02 16:19:30 -05:00
common.Must(err)
2019-02-09 09:46:48 -05:00
if !x509Cert.NotAfter.After(time.Now()) {
t.Error("NotAfter: ", x509Cert.NotAfter)
}
2018-04-18 05:45:49 -04:00
}
2018-09-10 17:55:54 -04:00
func TestInsecureCertificates(t *testing.T) {
c := &Config{}
2018-09-10 17:55:54 -04:00
tlsConfig := c.GetTLSConfig()
if len(tlsConfig.CipherSuites) > 0 {
t.Fatal("Unexpected tls cipher suites list: ", tlsConfig.CipherSuites)
}
}
2018-11-21 07:00:26 -05:00
func BenchmarkCertificateIssuing(b *testing.B) {
certificate := ParseCertificate(cert.MustGenerate(nil, cert.Authority(true), cert.KeyUsage(x509.KeyUsageCertSign)))
certificate.Usage = Certificate_AUTHORITY_ISSUE
c := &Config{
Certificate: []*Certificate{
certificate,
},
}
tlsConfig := c.GetTLSConfig()
lenCerts := len(tlsConfig.Certificates)
b.ResetTimer()
for i := 0; i < b.N; i++ {
_, _ = tlsConfig.GetCertificate(&gotls.ClientHelloInfo{
2021-02-16 15:31:50 -05:00
ServerName: "www.v2fly.org",
2018-11-21 07:00:26 -05:00
})
2021-02-16 15:31:50 -05:00
delete(tlsConfig.NameToCertificate, "www.v2fly.org")
2018-11-21 07:00:26 -05:00
tlsConfig.Certificates = tlsConfig.Certificates[:lenCerts]
}
}