github.com/eagleql/xray-core@v1.4.4/transport/internet/xtls/config_test.go (about)

     1  package xtls_test
     2  
     3  import (
     4  	"crypto/x509"
     5  	"testing"
     6  	"time"
     7  
     8  	xtls "github.com/xtls/go"
     9  
    10  	"github.com/eagleql/xray-core/common"
    11  	"github.com/eagleql/xray-core/common/protocol/tls/cert"
    12  	. "github.com/eagleql/xray-core/transport/internet/xtls"
    13  )
    14  
    15  func TestCertificateIssuing(t *testing.T) {
    16  	certificate := ParseCertificate(cert.MustGenerate(nil, cert.Authority(true), cert.KeyUsage(x509.KeyUsageCertSign)))
    17  	certificate.Usage = Certificate_AUTHORITY_ISSUE
    18  
    19  	c := &Config{
    20  		Certificate: []*Certificate{
    21  			certificate,
    22  		},
    23  	}
    24  
    25  	xtlsConfig := c.GetXTLSConfig()
    26  	xrayCert, err := xtlsConfig.GetCertificate(&xtls.ClientHelloInfo{
    27  		ServerName: "www.example.com",
    28  	})
    29  	common.Must(err)
    30  
    31  	x509Cert, err := x509.ParseCertificate(xrayCert.Certificate[0])
    32  	common.Must(err)
    33  	if !x509Cert.NotAfter.After(time.Now()) {
    34  		t.Error("NotAfter: ", x509Cert.NotAfter)
    35  	}
    36  }
    37  
    38  func TestExpiredCertificate(t *testing.T) {
    39  	caCert := cert.MustGenerate(nil, cert.Authority(true), cert.KeyUsage(x509.KeyUsageCertSign))
    40  	expiredCert := cert.MustGenerate(caCert, cert.NotAfter(time.Now().Add(time.Minute*-2)), cert.CommonName("www.example.com"), cert.DNSNames("www.example.com"))
    41  
    42  	certificate := ParseCertificate(caCert)
    43  	certificate.Usage = Certificate_AUTHORITY_ISSUE
    44  
    45  	certificate2 := ParseCertificate(expiredCert)
    46  
    47  	c := &Config{
    48  		Certificate: []*Certificate{
    49  			certificate,
    50  			certificate2,
    51  		},
    52  	}
    53  
    54  	xtlsConfig := c.GetXTLSConfig()
    55  	xrayCert, err := xtlsConfig.GetCertificate(&xtls.ClientHelloInfo{
    56  		ServerName: "www.example.com",
    57  	})
    58  	common.Must(err)
    59  
    60  	x509Cert, err := x509.ParseCertificate(xrayCert.Certificate[0])
    61  	common.Must(err)
    62  	if !x509Cert.NotAfter.After(time.Now()) {
    63  		t.Error("NotAfter: ", x509Cert.NotAfter)
    64  	}
    65  }
    66  
    67  func TestInsecureCertificates(t *testing.T) {
    68  	c := &Config{}
    69  
    70  	xtlsConfig := c.GetXTLSConfig()
    71  	if len(xtlsConfig.CipherSuites) > 0 {
    72  		t.Fatal("Unexpected tls cipher suites list: ", xtlsConfig.CipherSuites)
    73  	}
    74  }
    75  
    76  func BenchmarkCertificateIssuing(b *testing.B) {
    77  	certificate := ParseCertificate(cert.MustGenerate(nil, cert.Authority(true), cert.KeyUsage(x509.KeyUsageCertSign)))
    78  	certificate.Usage = Certificate_AUTHORITY_ISSUE
    79  
    80  	c := &Config{
    81  		Certificate: []*Certificate{
    82  			certificate,
    83  		},
    84  	}
    85  
    86  	xtlsConfig := c.GetXTLSConfig()
    87  	lenCerts := len(xtlsConfig.Certificates)
    88  
    89  	b.ResetTimer()
    90  
    91  	for i := 0; i < b.N; i++ {
    92  		_, _ = xtlsConfig.GetCertificate(&xtls.ClientHelloInfo{
    93  			ServerName: "www.example.com",
    94  		})
    95  		delete(xtlsConfig.NameToCertificate, "www.example.com")
    96  		xtlsConfig.Certificates = xtlsConfig.Certificates[:lenCerts]
    97  	}
    98  }