github.com/Uhtred009/v2ray-core-1@v4.31.2+incompatible/transport/internet/xtls/config_test.go

github.com/Uhtred009/v2ray-core-1@v4.31.2+incompatible/transport/internet/xtls/config_test.go (about)

     1  package xtls_test
     2  
     3  import (
     4  	"crypto/x509"
     5  	"testing"
     6  	"time"
     7  
     8  	xtls "github.com/xtls/go"
     9  
    10  	"v2ray.com/core/common"
    11  	"v2ray.com/core/common/protocol/tls/cert"
    12  	. "v2ray.com/core/transport/internet/xtls"
    13  )
    14  
    15  func TestCertificateIssuing(t *testing.T) {
    16  	certificate := ParseCertificate(cert.MustGenerate(nil, cert.Authority(true), cert.KeyUsage(x509.KeyUsageCertSign)))
    17  	certificate.Usage = Certificate_AUTHORITY_ISSUE
    18  
    19  	c := &Config{
    20  		Certificate: []*Certificate{
    21  			certificate,
    22  		},
    23  	}
    24  
    25  	xtlsConfig := c.GetXTLSConfig()
    26  	v2rayCert, err := xtlsConfig.GetCertificate(&xtls.ClientHelloInfo{
    27  		ServerName: "www.v2fly.org",
    28  	})
    29  	common.Must(err)
    30  
    31  	x509Cert, err := x509.ParseCertificate(v2rayCert.Certificate[0])
    32  	common.Must(err)
    33  	if !x509Cert.NotAfter.After(time.Now()) {
    34  		t.Error("NotAfter: ", x509Cert.NotAfter)
    35  	}
    36  }
    37  
    38  func TestExpiredCertificate(t *testing.T) {
    39  	caCert := cert.MustGenerate(nil, cert.Authority(true), cert.KeyUsage(x509.KeyUsageCertSign))
    40  	expiredCert := cert.MustGenerate(caCert, cert.NotAfter(time.Now().Add(time.Minute*-2)), cert.CommonName("www.v2fly.org"), cert.DNSNames("www.v2fly.org"))
    41  
    42  	certificate := ParseCertificate(caCert)
    43  	certificate.Usage = Certificate_AUTHORITY_ISSUE
    44  
    45  	certificate2 := ParseCertificate(expiredCert)
    46  
    47  	c := &Config{
    48  		Certificate: []*Certificate{
    49  			certificate,
    50  			certificate2,
    51  		},
    52  	}
    53  
    54  	xtlsConfig := c.GetXTLSConfig()
    55  	v2rayCert, err := xtlsConfig.GetCertificate(&xtls.ClientHelloInfo{
    56  		ServerName: "www.v2fly.org",
    57  	})
    58  	common.Must(err)
    59  
    60  	x509Cert, err := x509.ParseCertificate(v2rayCert.Certificate[0])
    61  	common.Must(err)
    62  	if !x509Cert.NotAfter.After(time.Now()) {
    63  		t.Error("NotAfter: ", x509Cert.NotAfter)
    64  	}
    65  }
    66  
    67  func TestInsecureCertificates(t *testing.T) {
    68  	c := &Config{
    69  		AllowInsecureCiphers: true,
    70  	}
    71  
    72  	xtlsConfig := c.GetXTLSConfig()
    73  	if len(xtlsConfig.CipherSuites) > 0 {
    74  		t.Fatal("Unexpected tls cipher suites list: ", xtlsConfig.CipherSuites)
    75  	}
    76  }
    77  
    78  func BenchmarkCertificateIssuing(b *testing.B) {
    79  	certificate := ParseCertificate(cert.MustGenerate(nil, cert.Authority(true), cert.KeyUsage(x509.KeyUsageCertSign)))
    80  	certificate.Usage = Certificate_AUTHORITY_ISSUE
    81  
    82  	c := &Config{
    83  		Certificate: []*Certificate{
    84  			certificate,
    85  		},
    86  	}
    87  
    88  	xtlsConfig := c.GetXTLSConfig()
    89  	lenCerts := len(xtlsConfig.Certificates)
    90  
    91  	b.ResetTimer()
    92  
    93  	for i := 0; i < b.N; i++ {
    94  		_, _ = xtlsConfig.GetCertificate(&xtls.ClientHelloInfo{
    95  			ServerName: "www.v2fly.org",
    96  		})
    97  		delete(xtlsConfig.NameToCertificate, "www.v2fly.org")
    98  		xtlsConfig.Certificates = xtlsConfig.Certificates[:lenCerts]
    99  	}
   100  }