mirror of
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake.git
synced 2025-10-13 20:11:19 -04:00
Refactor utls roundtripper_test to deduplicate
This commit is contained in:
Shelikhoo
parent
d8d3e538f1
commit
788e3ae956
1 changed files with 10 additions and 286 deletions
|
|
@ -21,300 +21,24 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
func TestRoundTripper(t *testing.T) {
|
func TestRoundTripper(t *testing.T) {
|
||||||
var selfSignedCert []byte
|
runRoundTripperTest(t, "127.0.0.1:23802", "127.0.0.1:23801", "https://127.0.0.1:23802/", "https://127.0.0.1:23801/")
|
||||||
var selfSignedPrivateKey *rsa.PrivateKey
|
|
||||||
httpServerContext, cancel := stdcontext.WithCancel(stdcontext.Background())
|
|
||||||
Convey("[Test]Set up http servers", t, func(c C) {
|
|
||||||
c.Convey("[Test]Generate Self-Signed Cert", func(c C) {
|
|
||||||
// Ported from https://gist.github.com/samuel/8b500ddd3f6118d052b5e6bc16bc4c09
|
|
||||||
|
|
||||||
// note that we use the insecure math/rand here because some platforms
|
|
||||||
// fail the test suite at build time in Debian, due to entropy starvation.
|
|
||||||
// since that's not a problem at test time, we do *not* use a secure
|
|
||||||
// mechanism for key generation.
|
|
||||||
//
|
|
||||||
// DO NOT REUSE THIS CODE IN PRODUCTION, IT IS DANGEROUS
|
|
||||||
insecureRandReader := rand.New(rand.NewSource(1337))
|
|
||||||
priv, err := rsa.GenerateKey(insecureRandReader, 4096)
|
|
||||||
c.So(err, ShouldBeNil)
|
|
||||||
template := x509.Certificate{
|
|
||||||
SerialNumber: big.NewInt(1),
|
|
||||||
Subject: pkix.Name{
|
|
||||||
CommonName: "Testing Certificate",
|
|
||||||
},
|
|
||||||
NotBefore: time.Now(),
|
|
||||||
NotAfter: time.Now().Add(time.Hour * 24 * 180),
|
|
||||||
|
|
||||||
KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
|
|
||||||
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
|
|
||||||
BasicConstraintsValid: true,
|
|
||||||
}
|
|
||||||
derBytes, err := x509.CreateCertificate(insecureRandReader, &template, &template, priv.Public(), priv)
|
|
||||||
c.So(err, ShouldBeNil)
|
|
||||||
selfSignedPrivateKey = priv
|
|
||||||
selfSignedCert = derBytes
|
|
||||||
})
|
|
||||||
c.Convey("[Test]Setup http2 server", func(c C) {
|
|
||||||
listener, err := tls.Listen("tcp", "127.0.0.1:23802", &tls.Config{
|
|
||||||
NextProtos: []string{http2.NextProtoTLS},
|
|
||||||
Certificates: []tls.Certificate{
|
|
||||||
tls.Certificate{Certificate: [][]byte{selfSignedCert}, PrivateKey: selfSignedPrivateKey},
|
|
||||||
},
|
|
||||||
})
|
|
||||||
c.So(err, ShouldBeNil)
|
|
||||||
s := http.Server{}
|
|
||||||
go s.Serve(listener)
|
|
||||||
go func() {
|
|
||||||
<-httpServerContext.Done()
|
|
||||||
s.Close()
|
|
||||||
}()
|
|
||||||
})
|
|
||||||
c.Convey("[Test]Setup http1 server", func(c C) {
|
|
||||||
listener, err := tls.Listen("tcp", "127.0.0.1:23801", &tls.Config{
|
|
||||||
NextProtos: []string{"http/1.1"},
|
|
||||||
Certificates: []tls.Certificate{
|
|
||||||
tls.Certificate{Certificate: [][]byte{selfSignedCert}, PrivateKey: selfSignedPrivateKey},
|
|
||||||
},
|
|
||||||
})
|
|
||||||
c.So(err, ShouldBeNil)
|
|
||||||
s := http.Server{}
|
|
||||||
go s.Serve(listener)
|
|
||||||
go func() {
|
|
||||||
<-httpServerContext.Done()
|
|
||||||
s.Close()
|
|
||||||
}()
|
|
||||||
})
|
|
||||||
})
|
|
||||||
for _, v := range []struct {
|
|
||||||
id utls.ClientHelloID
|
|
||||||
name string
|
|
||||||
}{
|
|
||||||
{
|
|
||||||
id: utls.HelloChrome_58,
|
|
||||||
name: "HelloChrome_58",
|
|
||||||
},
|
|
||||||
{
|
|
||||||
id: utls.HelloChrome_62,
|
|
||||||
name: "HelloChrome_62",
|
|
||||||
},
|
|
||||||
{
|
|
||||||
id: utls.HelloChrome_70,
|
|
||||||
name: "HelloChrome_70",
|
|
||||||
},
|
|
||||||
{
|
|
||||||
id: utls.HelloChrome_72,
|
|
||||||
name: "HelloChrome_72",
|
|
||||||
},
|
|
||||||
{
|
|
||||||
id: utls.HelloChrome_83,
|
|
||||||
name: "HelloChrome_83",
|
|
||||||
},
|
|
||||||
{
|
|
||||||
id: utls.HelloFirefox_55,
|
|
||||||
name: "HelloFirefox_55",
|
|
||||||
},
|
|
||||||
{
|
|
||||||
id: utls.HelloFirefox_55,
|
|
||||||
name: "HelloFirefox_55",
|
|
||||||
},
|
|
||||||
{
|
|
||||||
id: utls.HelloFirefox_63,
|
|
||||||
name: "HelloFirefox_63",
|
|
||||||
},
|
|
||||||
{
|
|
||||||
id: utls.HelloFirefox_65,
|
|
||||||
name: "HelloFirefox_65",
|
|
||||||
},
|
|
||||||
{
|
|
||||||
id: utls.HelloIOS_11_1,
|
|
||||||
name: "HelloIOS_11_1",
|
|
||||||
},
|
|
||||||
{
|
|
||||||
id: utls.HelloIOS_12_1,
|
|
||||||
name: "HelloIOS_12_1",
|
|
||||||
},
|
|
||||||
} {
|
|
||||||
t.Run("Testing fingerprint for "+v.name, func(t *testing.T) {
|
|
||||||
rtter := NewUTLSHTTPRoundTripper(v.id, &utls.Config{
|
|
||||||
InsecureSkipVerify: true,
|
|
||||||
}, http.DefaultTransport, false)
|
|
||||||
|
|
||||||
for count := 0; count <= 10; count++ {
|
|
||||||
Convey("HTTP 1.1 Test", t, func(c C) {
|
|
||||||
{
|
|
||||||
req, err := http.NewRequest("GET", "https://127.0.0.1:23801/", nil)
|
|
||||||
So(err, ShouldBeNil)
|
|
||||||
_, err = rtter.RoundTrip(req)
|
|
||||||
So(err, ShouldBeNil)
|
|
||||||
}
|
|
||||||
})
|
|
||||||
|
|
||||||
Convey("HTTP 2 Test", t, func(c C) {
|
|
||||||
{
|
|
||||||
req, err := http.NewRequest("GET", "https://127.0.0.1:23802/", nil)
|
|
||||||
So(err, ShouldBeNil)
|
|
||||||
_, err = rtter.RoundTrip(req)
|
|
||||||
So(err, ShouldBeNil)
|
|
||||||
}
|
|
||||||
})
|
|
||||||
}
|
|
||||||
})
|
|
||||||
}
|
|
||||||
|
|
||||||
cancel()
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestRoundTripperOnH1DefaultPort(t *testing.T) {
|
func TestRoundTripperOnH1DefaultPort(t *testing.T) {
|
||||||
if os.Getuid() != 0 {
|
if os.Getuid() != 0 {
|
||||||
t.SkipNow()
|
t.SkipNow()
|
||||||
}
|
}
|
||||||
var selfSignedCert []byte
|
runRoundTripperTest(t, "127.0.0.1:23802", "127.0.0.1:443", "https://127.0.0.1:23802/", "https://127.0.0.1/")
|
||||||
var selfSignedPrivateKey *rsa.PrivateKey
|
|
||||||
httpServerContext, cancel := stdcontext.WithCancel(stdcontext.Background())
|
|
||||||
Convey("[Test]Set up http servers", t, func(c C) {
|
|
||||||
c.Convey("[Test]Generate Self-Signed Cert", func(c C) {
|
|
||||||
// Ported from https://gist.github.com/samuel/8b500ddd3f6118d052b5e6bc16bc4c09
|
|
||||||
|
|
||||||
// note that we use the insecure math/rand here because some platforms
|
|
||||||
// fail the test suite at build time in Debian, due to entropy starvation.
|
|
||||||
// since that's not a problem at test time, we do *not* use a secure
|
|
||||||
// mechanism for key generation.
|
|
||||||
//
|
|
||||||
// DO NOT REUSE THIS CODE IN PRODUCTION, IT IS DANGEROUS
|
|
||||||
insecureRandReader := rand.New(rand.NewSource(1337))
|
|
||||||
priv, err := rsa.GenerateKey(insecureRandReader, 4096)
|
|
||||||
c.So(err, ShouldBeNil)
|
|
||||||
template := x509.Certificate{
|
|
||||||
SerialNumber: big.NewInt(1),
|
|
||||||
Subject: pkix.Name{
|
|
||||||
CommonName: "Testing Certificate",
|
|
||||||
},
|
|
||||||
NotBefore: time.Now(),
|
|
||||||
NotAfter: time.Now().Add(time.Hour * 24 * 180),
|
|
||||||
|
|
||||||
KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
|
|
||||||
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
|
|
||||||
BasicConstraintsValid: true,
|
|
||||||
}
|
|
||||||
derBytes, err := x509.CreateCertificate(insecureRandReader, &template, &template, priv.Public(), priv)
|
|
||||||
c.So(err, ShouldBeNil)
|
|
||||||
selfSignedPrivateKey = priv
|
|
||||||
selfSignedCert = derBytes
|
|
||||||
})
|
|
||||||
c.Convey("[Test]Setup http2 server", func(c C) {
|
|
||||||
listener, err := tls.Listen("tcp", "127.0.0.1:23802", &tls.Config{
|
|
||||||
NextProtos: []string{http2.NextProtoTLS},
|
|
||||||
Certificates: []tls.Certificate{
|
|
||||||
tls.Certificate{Certificate: [][]byte{selfSignedCert}, PrivateKey: selfSignedPrivateKey},
|
|
||||||
},
|
|
||||||
})
|
|
||||||
c.So(err, ShouldBeNil)
|
|
||||||
s := http.Server{}
|
|
||||||
go s.Serve(listener)
|
|
||||||
go func() {
|
|
||||||
<-httpServerContext.Done()
|
|
||||||
s.Close()
|
|
||||||
}()
|
|
||||||
})
|
|
||||||
c.Convey("[Test]Setup http1 server", func(c C) {
|
|
||||||
listener, err := tls.Listen("tcp", "127.0.0.1:443", &tls.Config{
|
|
||||||
NextProtos: []string{"http/1.1"},
|
|
||||||
Certificates: []tls.Certificate{
|
|
||||||
tls.Certificate{Certificate: [][]byte{selfSignedCert}, PrivateKey: selfSignedPrivateKey},
|
|
||||||
},
|
|
||||||
})
|
|
||||||
c.So(err, ShouldBeNil)
|
|
||||||
s := http.Server{}
|
|
||||||
go s.Serve(listener)
|
|
||||||
go func() {
|
|
||||||
<-httpServerContext.Done()
|
|
||||||
s.Close()
|
|
||||||
}()
|
|
||||||
})
|
|
||||||
})
|
|
||||||
for _, v := range []struct {
|
|
||||||
id utls.ClientHelloID
|
|
||||||
name string
|
|
||||||
}{
|
|
||||||
{
|
|
||||||
id: utls.HelloChrome_58,
|
|
||||||
name: "HelloChrome_58",
|
|
||||||
},
|
|
||||||
{
|
|
||||||
id: utls.HelloChrome_62,
|
|
||||||
name: "HelloChrome_62",
|
|
||||||
},
|
|
||||||
{
|
|
||||||
id: utls.HelloChrome_70,
|
|
||||||
name: "HelloChrome_70",
|
|
||||||
},
|
|
||||||
{
|
|
||||||
id: utls.HelloChrome_72,
|
|
||||||
name: "HelloChrome_72",
|
|
||||||
},
|
|
||||||
{
|
|
||||||
id: utls.HelloChrome_83,
|
|
||||||
name: "HelloChrome_83",
|
|
||||||
},
|
|
||||||
{
|
|
||||||
id: utls.HelloFirefox_55,
|
|
||||||
name: "HelloFirefox_55",
|
|
||||||
},
|
|
||||||
{
|
|
||||||
id: utls.HelloFirefox_55,
|
|
||||||
name: "HelloFirefox_55",
|
|
||||||
},
|
|
||||||
{
|
|
||||||
id: utls.HelloFirefox_63,
|
|
||||||
name: "HelloFirefox_63",
|
|
||||||
},
|
|
||||||
{
|
|
||||||
id: utls.HelloFirefox_65,
|
|
||||||
name: "HelloFirefox_65",
|
|
||||||
},
|
|
||||||
{
|
|
||||||
id: utls.HelloIOS_11_1,
|
|
||||||
name: "HelloIOS_11_1",
|
|
||||||
},
|
|
||||||
{
|
|
||||||
id: utls.HelloIOS_12_1,
|
|
||||||
name: "HelloIOS_12_1",
|
|
||||||
},
|
|
||||||
} {
|
|
||||||
t.Run("Testing fingerprint for "+v.name, func(t *testing.T) {
|
|
||||||
rtter := NewUTLSHTTPRoundTripper(v.id, &utls.Config{
|
|
||||||
InsecureSkipVerify: true,
|
|
||||||
}, http.DefaultTransport, false)
|
|
||||||
|
|
||||||
for count := 0; count <= 10; count++ {
|
|
||||||
Convey("HTTP 1.1 Test", t, func(c C) {
|
|
||||||
{
|
|
||||||
req, err := http.NewRequest("GET", "https://127.0.0.1/", nil)
|
|
||||||
So(err, ShouldBeNil)
|
|
||||||
_, err = rtter.RoundTrip(req)
|
|
||||||
So(err, ShouldBeNil)
|
|
||||||
}
|
|
||||||
})
|
|
||||||
|
|
||||||
Convey("HTTP 2 Test", t, func(c C) {
|
|
||||||
{
|
|
||||||
req, err := http.NewRequest("GET", "https://127.0.0.1:23802/", nil)
|
|
||||||
So(err, ShouldBeNil)
|
|
||||||
_, err = rtter.RoundTrip(req)
|
|
||||||
So(err, ShouldBeNil)
|
|
||||||
}
|
|
||||||
})
|
|
||||||
}
|
|
||||||
})
|
|
||||||
}
|
|
||||||
|
|
||||||
cancel()
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestRoundTripperOnH2DefaultPort(t *testing.T) {
|
func TestRoundTripperOnH2DefaultPort(t *testing.T) {
|
||||||
if os.Getuid() != 0 {
|
if os.Getuid() != 0 {
|
||||||
t.SkipNow()
|
t.SkipNow()
|
||||||
}
|
}
|
||||||
|
runRoundTripperTest(t, "127.0.0.1:443", "127.0.0.1:23801", "https://127.0.0.1/", "https://127.0.0.1:23801/")
|
||||||
|
}
|
||||||
|
|
||||||
|
func runRoundTripperTest(t *testing.T, h2listen, h1listen, h2addr, h1addr string) {
|
||||||
var selfSignedCert []byte
|
var selfSignedCert []byte
|
||||||
var selfSignedPrivateKey *rsa.PrivateKey
|
var selfSignedPrivateKey *rsa.PrivateKey
|
||||||
httpServerContext, cancel := stdcontext.WithCancel(stdcontext.Background())
|
httpServerContext, cancel := stdcontext.WithCancel(stdcontext.Background())
|
||||||
|
|
@ -349,7 +73,7 @@ func TestRoundTripperOnH2DefaultPort(t *testing.T) {
|
||||||
selfSignedCert = derBytes
|
selfSignedCert = derBytes
|
||||||
})
|
})
|
||||||
c.Convey("[Test]Setup http2 server", func(c C) {
|
c.Convey("[Test]Setup http2 server", func(c C) {
|
||||||
listener, err := tls.Listen("tcp", "127.0.0.1:443", &tls.Config{
|
listener, err := tls.Listen("tcp", h2listen, &tls.Config{
|
||||||
NextProtos: []string{http2.NextProtoTLS},
|
NextProtos: []string{http2.NextProtoTLS},
|
||||||
Certificates: []tls.Certificate{
|
Certificates: []tls.Certificate{
|
||||||
tls.Certificate{Certificate: [][]byte{selfSignedCert}, PrivateKey: selfSignedPrivateKey},
|
tls.Certificate{Certificate: [][]byte{selfSignedCert}, PrivateKey: selfSignedPrivateKey},
|
||||||
|
|
@ -364,7 +88,7 @@ func TestRoundTripperOnH2DefaultPort(t *testing.T) {
|
||||||
}()
|
}()
|
||||||
})
|
})
|
||||||
c.Convey("[Test]Setup http1 server", func(c C) {
|
c.Convey("[Test]Setup http1 server", func(c C) {
|
||||||
listener, err := tls.Listen("tcp", "127.0.0.1:23801", &tls.Config{
|
listener, err := tls.Listen("tcp", h1listen, &tls.Config{
|
||||||
NextProtos: []string{"http/1.1"},
|
NextProtos: []string{"http/1.1"},
|
||||||
Certificates: []tls.Certificate{
|
Certificates: []tls.Certificate{
|
||||||
tls.Certificate{Certificate: [][]byte{selfSignedCert}, PrivateKey: selfSignedPrivateKey},
|
tls.Certificate{Certificate: [][]byte{selfSignedCert}, PrivateKey: selfSignedPrivateKey},
|
||||||
|
|
@ -436,7 +160,7 @@ func TestRoundTripperOnH2DefaultPort(t *testing.T) {
|
||||||
for count := 0; count <= 10; count++ {
|
for count := 0; count <= 10; count++ {
|
||||||
Convey("HTTP 1.1 Test", t, func(c C) {
|
Convey("HTTP 1.1 Test", t, func(c C) {
|
||||||
{
|
{
|
||||||
req, err := http.NewRequest("GET", "https://127.0.0.1:23801/", nil)
|
req, err := http.NewRequest("GET", h2addr, nil)
|
||||||
So(err, ShouldBeNil)
|
So(err, ShouldBeNil)
|
||||||
_, err = rtter.RoundTrip(req)
|
_, err = rtter.RoundTrip(req)
|
||||||
So(err, ShouldBeNil)
|
So(err, ShouldBeNil)
|
||||||
|
|
@ -445,7 +169,7 @@ func TestRoundTripperOnH2DefaultPort(t *testing.T) {
|
||||||
|
|
||||||
Convey("HTTP 2 Test", t, func(c C) {
|
Convey("HTTP 2 Test", t, func(c C) {
|
||||||
{
|
{
|
||||||
req, err := http.NewRequest("GET", "https://127.0.0.1/", nil)
|
req, err := http.NewRequest("GET", h1addr, nil)
|
||||||
So(err, ShouldBeNil)
|
So(err, ShouldBeNil)
|
||||||
_, err = rtter.RoundTrip(req)
|
_, err = rtter.RoundTrip(req)
|
||||||
So(err, ShouldBeNil)
|
So(err, ShouldBeNil)
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue