github.com/JimmyHuang454/JLS-go@v0.0.0-20230831150107-90d536585ba0/test/jls_test.go (about) 1 package jls 2 3 import ( 4 "log" 5 "net" 6 "testing" 7 8 "github.com/JimmyHuang454/JLS-go/tls" 9 "github.com/stretchr/testify/assert" 10 ) 11 12 var certPem = []byte(`-----BEGIN CERTIFICATE----- 13 MIIBhTCCASugAwIBAgIQIRi6zePL6mKjOipn+dNuaTAKBggqhkjOPQQDAjASMRAw 14 DgYDVQQKEwdBY21lIENvMB4XDTE3MTAyMDE5NDMwNloXDTE4MTAyMDE5NDMwNlow 15 EjEQMA4GA1UEChMHQWNtZSBDbzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABD0d 16 7VNhbWvZLWPuj/RtHFjvtJBEwOkhbN/BnnE8rnZR8+sbwnc/KhCk3FhnpHZnQz7B 17 5aETbbIgmuvewdjvSBSjYzBhMA4GA1UdDwEB/wQEAwICpDATBgNVHSUEDDAKBggr 18 BgEFBQcDATAPBgNVHRMBAf8EBTADAQH/MCkGA1UdEQQiMCCCDmxvY2FsaG9zdDo1 19 NDUzgg4xMjcuMC4wLjE6NTQ1MzAKBggqhkjOPQQDAgNIADBFAiEA2zpJEPQyz6/l 20 Wf86aX6PepsntZv2GYlA5UpabfT2EZICICpJ5h/iI+i341gBmLiAFQOyTDT+/wQc 21 6MF9+Yw1Yy0t 22 -----END CERTIFICATE-----`) 23 24 var keyPem = []byte(`-----BEGIN EC PRIVATE KEY----- 25 MHcCAQEEIIrYSSNQFaA2Hwf1duRSxKtLYX5CB04fSeQ6tF1aY/PuoAoGCCqGSM49 26 AwEHoUQDQgAEPR3tU2Fta9ktY+6P9G0cWO+0kETA6SFs38GecTyudlHz6xvCdz8q 27 EKTcWGekdmdDPsHloRNtsiCa697B2O9IFA== 28 -----END EC PRIVATE KEY-----`) 29 30 func HandleClient(listener net.Listener) { 31 for true { 32 inClient, err := listener.Accept() 33 if err != nil { 34 log.Println(err) 35 return 36 } 37 buf := make([]byte, 200) 38 _, err = inClient.Read(buf) 39 inClient.Close() 40 return 41 } 42 } 43 44 func TestDial(t *testing.T) { 45 conf := &tls.Config{ 46 InsecureSkipVerify: false, 47 } 48 49 conn, err := tls.Dial("tcp", "apple.com:443", conf) 50 if err != nil { 51 log.Println(err) 52 return 53 } 54 defer conn.Close() 55 56 n, err := conn.Write([]byte("GET http://apple.com HTTP/1.1\r\nHost: apple.com\r\n\r\n")) 57 assert.Nil(t, err) 58 log.Println(n) 59 60 buf := make([]byte, 200) 61 n, err = conn.Read(buf) 62 log.Println(buf) 63 assert.Nil(t, err) 64 err = conn.Close() 65 assert.Nil(t, err) 66 } 67 68 func TestWithSelfSignCert(t *testing.T) { 69 cert, err := tls.X509KeyPair(certPem, keyPem) 70 assert.Nil(t, err) 71 72 serverConfig := &tls.Config{Certificates: []tls.Certificate{cert}} 73 port := "2200" 74 listener, err := tls.Listen("tcp", ":"+port, serverConfig) 75 assert.Nil(t, err) 76 77 go HandleClient(listener) 78 79 var config = &tls.Config{InsecureSkipVerify: true, ServerName: "abc.com"} 80 assert.Equal(t, config.UseJLS, false) 81 82 conn, err := tls.Dial("tcp", "127.0.0.1:"+port, 83 config) 84 assert.Nil(t, err) 85 86 err = conn.Close() 87 assert.Nil(t, err) 88 } 89 90 func TestRightJLS(t *testing.T) { 91 cert, err := tls.X509KeyPair(certPem, keyPem) 92 assert.Nil(t, err) 93 94 serverConfig := &tls.Config{Certificates: []tls.Certificate{cert}, 95 UseJLS: true, JLSPWD: []byte("abc"), JLSIV: []byte("abc")} 96 port := "2001" 97 listener, err := tls.Listen("tcp", ":"+port, serverConfig) 98 assert.Nil(t, err) 99 100 go func() { 101 inClient, err := listener.Accept() 102 assert.Nil(t, err) 103 buf := make([]byte, 200) 104 n, err := inClient.Read(buf) 105 assert.Equal(t, n, 1) 106 inClient.Close() 107 }() 108 109 conn, err := tls.Dial("tcp", "127.0.0.1:"+port, 110 &tls.Config{InsecureSkipVerify: false, 111 ServerName: "abc.com", 112 UseJLS: true, JLSPWD: []byte("abc"), JLSIV: []byte("abc")}) 113 assert.Nil(t, err) 114 conn.Write([]byte{1}) 115 err = conn.Close() 116 assert.Nil(t, err) 117 } 118 119 func TestWrongJLS(t *testing.T) { 120 cert, err := tls.X509KeyPair(certPem, keyPem) 121 assert.Nil(t, err) 122 123 serverConfig := &tls.Config{Certificates: []tls.Certificate{cert}, 124 UseJLS: true, JLSPWD: []byte("abc"), JLSIV: []byte("abc")} 125 port := "2002" 126 listener, err := tls.Listen("tcp", ":"+port, serverConfig) 127 assert.Nil(t, err) 128 129 go func() { 130 inClient, err := listener.Accept() 131 assert.NotNil(t, err) 132 inClient.Close() 133 }() 134 135 conn, err := tls.Dial("tcp", "127.0.0.1:"+port, 136 &tls.Config{InsecureSkipVerify: false, 137 ServerName: "abc.com", 138 UseJLS: true, JLSPWD: []byte("abc"), JLSIV: []byte("abcd")}) 139 assert.NotNil(t, err) 140 assert.Nil(t, conn) 141 } 142 143 func TestProvideChannal(t *testing.T) { 144 serverName := "apple.com" 145 cert, err := tls.X509KeyPair(certPem, keyPem) 146 serverConfig := &tls.Config{Certificates: []tls.Certificate{cert}, 147 ServerName: serverName, 148 UseJLS: true, JLSPWD: []byte("abc"), JLSIV: []byte("abc")} 149 150 port := "2003" 151 address := "127.0.0.1:" + port 152 153 listener, err := net.Listen("tcp", address) 154 assert.Nil(t, err) 155 156 // ok JLS 157 go func() { 158 inClient, err := listener.Accept() 159 assert.Nil(t, err) 160 assert.NotNil(t, inClient) 161 162 safeServer := tls.Server(inClient, serverConfig) 163 assert.NotNil(t, safeServer) 164 err = safeServer.Handshake() 165 assert.Nil(t, err) 166 inClient.Close() 167 }() 168 clientConfig := &tls.Config{InsecureSkipVerify: false, 169 ServerName: serverName, 170 UseJLS: true, JLSPWD: []byte("abc"), JLSIV: []byte("abc")} 171 172 c, err := net.Dial("tcp", address) 173 safeClient := tls.Client(c, clientConfig) 174 err = safeClient.Handshake() 175 assert.Nil(t, err) 176 } 177 178 func TestWrongProvideChannal(t *testing.T) { 179 serverName := "apple.com" 180 cert, err := tls.X509KeyPair(certPem, keyPem) 181 serverConfig := &tls.Config{Certificates: []tls.Certificate{cert}, 182 ServerName: serverName, 183 UseJLS: true, JLSPWD: []byte("1"), JLSIV: []byte("2")} 184 185 port := "2004" 186 address := "127.0.0.1:" + port 187 188 listener, err := net.Listen("tcp", address) 189 assert.Nil(t, err) 190 191 clientConfig := &tls.Config{InsecureSkipVerify: false, 192 ServerName: serverName, 193 UseJLS: true, JLSPWD: []byte("3"), JLSIV: []byte("4")} 194 195 // wrong JLS 196 go func() { 197 inClient, err := listener.Accept() 198 assert.Nil(t, err) 199 assert.NotNil(t, inClient) 200 201 safeServer := tls.Server(inClient, serverConfig) 202 err = safeServer.Handshake() 203 assert.NotNil(t, err) 204 inClient.Close() 205 }() 206 c, err := net.Dial("tcp", address) 207 errorClient := tls.Client(c, clientConfig) 208 err = errorClient.Handshake() 209 assert.NotNil(t, err) 210 log.Println(err) 211 }