github.com/Uhtred009/v2ray-core-1@v4.31.2+incompatible/transport/internet/tls/config_test.go

github.com/Uhtred009/v2ray-core-1@v4.31.2+incompatible/transport/internet/tls/config_test.go (about)

     1  package tls_test
     2  
     3  import (
     4  	gotls "crypto/tls"
     5  	"crypto/x509"
     6  	"testing"
     7  	"time"
     8  
     9  	"v2ray.com/core/common"
    10  	"v2ray.com/core/common/protocol/tls/cert"
    11  	. "v2ray.com/core/transport/internet/tls"
    12  )
    13  
    14  func TestCertificateIssuing(t *testing.T) {
    15  	certificate := ParseCertificate(cert.MustGenerate(nil, cert.Authority(true), cert.KeyUsage(x509.KeyUsageCertSign)))
    16  	certificate.Usage = Certificate_AUTHORITY_ISSUE
    17  
    18  	c := &Config{
    19  		Certificate: []*Certificate{
    20  			certificate,
    21  		},
    22  	}
    23  
    24  	tlsConfig := c.GetTLSConfig()
    25  	v2rayCert, err := tlsConfig.GetCertificate(&gotls.ClientHelloInfo{
    26  		ServerName: "www.v2ray.com",
    27  	})
    28  	common.Must(err)
    29  
    30  	x509Cert, err := x509.ParseCertificate(v2rayCert.Certificate[0])
    31  	common.Must(err)
    32  	if !x509Cert.NotAfter.After(time.Now()) {
    33  		t.Error("NotAfter: ", x509Cert.NotAfter)
    34  	}
    35  }
    36  
    37  func TestExpiredCertificate(t *testing.T) {
    38  	caCert := cert.MustGenerate(nil, cert.Authority(true), cert.KeyUsage(x509.KeyUsageCertSign))
    39  	expiredCert := cert.MustGenerate(caCert, cert.NotAfter(time.Now().Add(time.Minute*-2)), cert.CommonName("www.v2ray.com"), cert.DNSNames("www.v2ray.com"))
    40  
    41  	certificate := ParseCertificate(caCert)
    42  	certificate.Usage = Certificate_AUTHORITY_ISSUE
    43  
    44  	certificate2 := ParseCertificate(expiredCert)
    45  
    46  	c := &Config{
    47  		Certificate: []*Certificate{
    48  			certificate,
    49  			certificate2,
    50  		},
    51  	}
    52  
    53  	tlsConfig := c.GetTLSConfig()
    54  	v2rayCert, err := tlsConfig.GetCertificate(&gotls.ClientHelloInfo{
    55  		ServerName: "www.v2ray.com",
    56  	})
    57  	common.Must(err)
    58  
    59  	x509Cert, err := x509.ParseCertificate(v2rayCert.Certificate[0])
    60  	common.Must(err)
    61  	if !x509Cert.NotAfter.After(time.Now()) {
    62  		t.Error("NotAfter: ", x509Cert.NotAfter)
    63  	}
    64  }
    65  
    66  func TestInsecureCertificates(t *testing.T) {
    67  	c := &Config{
    68  		AllowInsecureCiphers: true,
    69  	}
    70  
    71  	tlsConfig := c.GetTLSConfig()
    72  	if len(tlsConfig.CipherSuites) > 0 {
    73  		t.Fatal("Unexpected tls cipher suites list: ", tlsConfig.CipherSuites)
    74  	}
    75  }
    76  
    77  func BenchmarkCertificateIssuing(b *testing.B) {
    78  	certificate := ParseCertificate(cert.MustGenerate(nil, cert.Authority(true), cert.KeyUsage(x509.KeyUsageCertSign)))
    79  	certificate.Usage = Certificate_AUTHORITY_ISSUE
    80  
    81  	c := &Config{
    82  		Certificate: []*Certificate{
    83  			certificate,
    84  		},
    85  	}
    86  
    87  	tlsConfig := c.GetTLSConfig()
    88  	lenCerts := len(tlsConfig.Certificates)
    89  
    90  	b.ResetTimer()
    91  
    92  	for i := 0; i < b.N; i++ {
    93  		_, _ = tlsConfig.GetCertificate(&gotls.ClientHelloInfo{
    94  			ServerName: "www.v2ray.com",
    95  		})
    96  		delete(tlsConfig.NameToCertificate, "www.v2ray.com")
    97  		tlsConfig.Certificates = tlsConfig.Certificates[:lenCerts]
    98  	}
    99  }