github.com/ipfans/trojan-go@v0.11.0/tunnel/tls/tls_test.go (about) 1 package tls 2 3 import ( 4 "context" 5 "net" 6 "os" 7 "sync" 8 "testing" 9 10 "github.com/ipfans/trojan-go/common" 11 "github.com/ipfans/trojan-go/config" 12 "github.com/ipfans/trojan-go/test/util" 13 "github.com/ipfans/trojan-go/tunnel/freedom" 14 "github.com/ipfans/trojan-go/tunnel/transport" 15 ) 16 17 var rsa2048Cert = ` 18 -----BEGIN CERTIFICATE----- 19 MIIC5TCCAc2gAwIBAgIJAJqNVe6g/10vMA0GCSqGSIb3DQEBCwUAMBQxEjAQBgNV 20 BAMMCWxvY2FsaG9zdDAeFw0yMTA5MTQwNjE1MTFaFw0yNjA5MTMwNjE1MTFaMBQx 21 EjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC 22 ggEBAK7bupJ8tmHM3shQ/7N730jzpRsXdNiBxq/Jxx8j+vB3AcxuP5bjXQZqS6YR 23 5W5vrfLlegtq1E/mmaI3Ht0RfIlzev04Dua9PWmIQJD801nEPknbfgCLXDh+pYr2 24 sfg8mUh3LjGtrxyH+nmbTjWg7iWSKohmZ8nUDcX94Llo5FxibMAz8OsAwOmUueCH 25 jP3XswZYHEy+OOP3K0ZEiJy0f5T6ZXk9OWYuPN4VQKJx1qrc9KzZtSPHwqVdkGUi 26 ase9tOPA4aMutzt0btgW7h7UrvG6C1c/Rr1BxdiYq1EQ+yypnAlyToVQSNbo67zz 27 wGQk4GeruIkOgJOLdooN/HjhbHMCAwEAAaM6MDgwFAYDVR0RBA0wC4IJbG9jYWxo 28 b3N0MAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0B 29 AQsFAAOCAQEASsBzHHYiWDDiBVWUEwVZAduTrslTLNOxG0QHBKsHWIlz/3QlhQil 30 ywb3OhfMTUR1dMGY5Iq5432QiCHO4IMCOv7tDIkgb4Bc3v/3CRlBlnurtAmUfNJ6 31 pTRSlK4AjWpGHAEEd/8aCaOE86hMP8WDht8MkJTRrQqpJ1HeDISoKt9nepHOIsj+ 32 I2zLZZtw0pg7FuR4MzWuqOt071iRS46Pupryb3ZEGIWNz5iLrDQod5Iz2ZGSRGqE 33 rB8idX0mlj5AHRRanVR3PAes+eApsW9JvYG/ImuCOs+ZsukY614zQZdR+SyFm85G 34 4NICyeQsmiypNHHgw+xZmGqZg65bXNGoyg== 35 -----END CERTIFICATE----- 36 ` 37 38 var rsa2048Key = ` 39 -----BEGIN PRIVATE KEY----- 40 MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCu27qSfLZhzN7I 41 UP+ze99I86UbF3TYgcavyccfI/rwdwHMbj+W410GakumEeVub63y5XoLatRP5pmi 42 Nx7dEXyJc3r9OA7mvT1piECQ/NNZxD5J234Ai1w4fqWK9rH4PJlIdy4xra8ch/p5 43 m041oO4lkiqIZmfJ1A3F/eC5aORcYmzAM/DrAMDplLngh4z917MGWBxMvjjj9ytG 44 RIictH+U+mV5PTlmLjzeFUCicdaq3PSs2bUjx8KlXZBlImrHvbTjwOGjLrc7dG7Y 45 Fu4e1K7xugtXP0a9QcXYmKtREPssqZwJck6FUEjW6Ou888BkJOBnq7iJDoCTi3aK 46 Dfx44WxzAgMBAAECggEBAKYhib/H0ZhWB4yWuHqUxG4RXtrAjHlvw5Acy5zgmHiC 47 +Sh7ztrTJf0EXN9pvWwRm1ldgXj7hMBtPaaLbD1pccM9/qo66p17Sq/LjlyyeTOe 48 affOHIbz4Sij2zCOdkR9fr0EztTQScF3yBhl4Aa/4cO8fcCeWxm86WEldq9x4xWJ 49 s5WMR4CnrOJhDINLNPQPKX92KyxEQ/RfuBWovx3M0nl3fcUWfESY134t5g/UBFId 50 In19tZ+pGIpCkxP0U1AZWrlZRA8Q/3sO2orUpoAOdCrGk/DcCTMh0c1pMzbYZ1/i 51 cYXn38MpUo8QeG4FElUhAv6kzeBIl2tRBMVzIigo+AECgYEA3No1rHdFu6Ox9vC8 52 E93PTZevYVcL5J5yx6x7khCaOLKKuRXpjOX/h3Ll+hlN2DVAg5Jli/JVGCco4GeK 53 kbFLSyxG1+E63JbgsVpaEOgvFT3bHHSPSRJDnIU+WkcNQ2u4Ky5ahZzbNdV+4fj2 54 NO2iMgkm7hoJANrm3IqqW8epenMCgYEAyq+qdNj5DiDzBcDvLwY+4/QmMOOgDqeh 55 /TzhbDRyr+m4xNT7LLS4s/3wcbkQC33zhMUI3YvOHnYq5Ze/iL/TSloj0QCp1I7L 56 J7sZeM1XimMBQIpCfOC7lf4tU76Fz0DTHAL+CmX1DgmRJdYO09843VsKkscC968R 57 4cwL5oGxxgECgYAM4TTsH/CTJtLEIfn19qOWVNhHhvoMlSkAeBCkzg8Qa2knrh12 58 uBsU3SCIW11s1H40rh758GICDJaXr7InGP3ZHnXrNRlnr+zeqvRBtCi6xma23B1X 59 F5eV0zd1sFsXqXqOGh/xVtp54z+JEinZoForLNl2XVJVGG8KQZP50kUR/QKBgH4O 60 8zzpFT0sUPlrHVdp0wODfZ06dPmoWJ9flfPuSsYN3tTMgcs0Owv3C+wu5UPAegxB 61 X1oq8W8Qn21cC8vJQmgj19LNTtLcXI3BV/5B+Aghu02gr+lq/EA1bYuAG0jjUGlD 62 kyx0bQzl9lhJ4b70PjGtxc2z6KyTPdPpTB143FABAoGAQDoIUdc77/IWcjzcaXeJ 63 8abak5rAZA7cu2g2NVfs+Km+njsB0pbTwMnV1zGoFABdaHLdqbthLWtX7WOb1PDD 64 MQ+kbiLw5uj8IY2HEqJhDGGEdXBqxbW7kyuIAN9Mw+mwKzkikNcFQdxgchWH1d1o 65 lVkr92iEX+IhIeYb4DN1vQw= 66 -----END PRIVATE KEY----- 67 ` 68 69 var eccCert = ` 70 -----BEGIN CERTIFICATE----- 71 MIICTDCCAfKgAwIBAgIQDtCrO8cNST2eY2tA/AGrsDAKBggqhkjOPQQDAjBeMQsw 72 CQYDVQQGEwJDTjEOMAwGA1UEChMFTXlTU0wxKzApBgNVBAsTIk15U1NMIFRlc3Qg 73 RUNDIC0gRm9yIHRlc3QgdXNlIG9ubHkxEjAQBgNVBAMTCU15U1NMLmNvbTAeFw0y 74 MTA5MTQwNjQ1MzNaFw0yNjA5MTMwNjQ1MzNaMCExCzAJBgNVBAYTAkNOMRIwEAYD 75 VQQDEwlsb2NhbGhvc3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASvYy/r7XR1 76 Y39lC2JpRJh582zR2CTNynbuolK9a1jsbXaZv+hpBlHkgzMHsWu7LY9Pnb/Dbp4i 77 1lRASOddD/rLo4HOMIHLMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEF 78 BQcDAQYIKwYBBQUHAwIwHwYDVR0jBBgwFoAUWxGyVxD0fBhTy3tH4eKznRFXFCYw 79 YwYIKwYBBQUHAQEEVzBVMCEGCCsGAQUFBzABhhVodHRwOi8vb2NzcC5teXNzbC5j 80 b20wMAYIKwYBBQUHMAKGJGh0dHA6Ly9jYS5teXNzbC5jb20vbXlzc2x0ZXN0ZWNj 81 LmNydDAUBgNVHREEDTALgglsb2NhbGhvc3QwCgYIKoZIzj0EAwIDSAAwRQIgDQUa 82 GEdmKstLMHUmmPMGm/P9S4vvSZV2VHsb3+AEyIUCIQCdJpbyTCz+mEyskhwrGOw/ 83 blh3WBONv6MBtqPpmgE1AQ== 84 -----END CERTIFICATE----- 85 ` 86 87 var eccKey = ` 88 -----BEGIN EC PRIVATE KEY----- 89 MHcCAQEEIB8G2suYKuBLoodNIwRMp3JPN1fcZxCt3kcOYIx4nbcPoAoGCCqGSM49 90 AwEHoUQDQgAEr2Mv6+10dWN/ZQtiaUSYefNs0dgkzcp27qJSvWtY7G12mb/oaQZR 91 5IMzB7Fruy2PT52/w26eItZUQEjnXQ/6yw== 92 -----END EC PRIVATE KEY----- 93 ` 94 95 func TestDefaultTLSRSA2048(t *testing.T) { 96 os.WriteFile("server-rsa2048.crt", []byte(rsa2048Cert), 0o777) 97 os.WriteFile("server-rsa2048.key", []byte(rsa2048Key), 0o777) 98 serverCfg := &Config{ 99 TLS: TLSConfig{ 100 VerifyHostName: true, 101 CertCheckRate: 1, 102 KeyPath: "server-rsa2048.key", 103 CertPath: "server-rsa2048.crt", 104 }, 105 } 106 clientCfg := &Config{ 107 TLS: TLSConfig{ 108 Verify: false, 109 SNI: "localhost", 110 Fingerprint: "", 111 }, 112 } 113 sctx := config.WithConfig(context.Background(), Name, serverCfg) 114 cctx := config.WithConfig(context.Background(), Name, clientCfg) 115 116 port := common.PickPort("tcp", "127.0.0.1") 117 transportConfig := &transport.Config{ 118 LocalHost: "127.0.0.1", 119 LocalPort: port, 120 RemoteHost: "127.0.0.1", 121 RemotePort: port, 122 } 123 ctx := config.WithConfig(context.Background(), transport.Name, transportConfig) 124 ctx = config.WithConfig(ctx, freedom.Name, &freedom.Config{}) 125 tcpClient, err := transport.NewClient(ctx, nil) 126 common.Must(err) 127 tcpServer, err := transport.NewServer(ctx, nil) 128 common.Must(err) 129 common.Must(err) 130 s, err := NewServer(sctx, tcpServer) 131 common.Must(err) 132 c, err := NewClient(cctx, tcpClient) 133 common.Must(err) 134 135 wg := sync.WaitGroup{} 136 wg.Add(1) 137 var conn1, conn2 net.Conn 138 go func() { 139 conn2, err = s.AcceptConn(nil) 140 common.Must(err) 141 wg.Done() 142 }() 143 conn1, err = c.DialConn(nil, nil) 144 common.Must(err) 145 146 common.Must2(conn1.Write([]byte("12345678\r\n"))) 147 wg.Wait() 148 buf := [10]byte{} 149 conn2.Read(buf[:]) 150 if !util.CheckConn(conn1, conn2) { 151 t.Fail() 152 } 153 conn1.Close() 154 conn2.Close() 155 } 156 157 func TestDefaultTLSECC(t *testing.T) { 158 os.WriteFile("server-ecc.crt", []byte(eccCert), 0o777) 159 os.WriteFile("server-ecc.key", []byte(eccKey), 0o777) 160 serverCfg := &Config{ 161 TLS: TLSConfig{ 162 VerifyHostName: true, 163 CertCheckRate: 1, 164 KeyPath: "server-ecc.key", 165 CertPath: "server-ecc.crt", 166 }, 167 } 168 clientCfg := &Config{ 169 TLS: TLSConfig{ 170 Verify: false, 171 SNI: "localhost", 172 Fingerprint: "", 173 }, 174 } 175 sctx := config.WithConfig(context.Background(), Name, serverCfg) 176 cctx := config.WithConfig(context.Background(), Name, clientCfg) 177 178 port := common.PickPort("tcp", "127.0.0.1") 179 transportConfig := &transport.Config{ 180 LocalHost: "127.0.0.1", 181 LocalPort: port, 182 RemoteHost: "127.0.0.1", 183 RemotePort: port, 184 } 185 ctx := config.WithConfig(context.Background(), transport.Name, transportConfig) 186 ctx = config.WithConfig(ctx, freedom.Name, &freedom.Config{}) 187 tcpClient, err := transport.NewClient(ctx, nil) 188 common.Must(err) 189 tcpServer, err := transport.NewServer(ctx, nil) 190 common.Must(err) 191 common.Must(err) 192 s, err := NewServer(sctx, tcpServer) 193 common.Must(err) 194 c, err := NewClient(cctx, tcpClient) 195 common.Must(err) 196 197 wg := sync.WaitGroup{} 198 wg.Add(1) 199 var conn1, conn2 net.Conn 200 go func() { 201 conn2, err = s.AcceptConn(nil) 202 common.Must(err) 203 wg.Done() 204 }() 205 conn1, err = c.DialConn(nil, nil) 206 common.Must(err) 207 208 common.Must2(conn1.Write([]byte("12345678\r\n"))) 209 wg.Wait() 210 buf := [10]byte{} 211 conn2.Read(buf[:]) 212 if !util.CheckConn(conn1, conn2) { 213 t.Fail() 214 } 215 conn1.Close() 216 conn2.Close() 217 } 218 219 func TestUTLSRSA2048(t *testing.T) { 220 os.WriteFile("server-rsa2048.crt", []byte(rsa2048Cert), 0o777) 221 os.WriteFile("server-rsa2048.key", []byte(rsa2048Key), 0o777) 222 fingerprints := []string{ 223 "chrome", 224 "firefox", 225 "ios", 226 } 227 for _, s := range fingerprints { 228 serverCfg := &Config{ 229 TLS: TLSConfig{ 230 CertCheckRate: 1, 231 KeyPath: "server-rsa2048.key", 232 CertPath: "server-rsa2048.crt", 233 }, 234 } 235 clientCfg := &Config{ 236 TLS: TLSConfig{ 237 Verify: false, 238 SNI: "localhost", 239 Fingerprint: s, 240 }, 241 } 242 sctx := config.WithConfig(context.Background(), Name, serverCfg) 243 cctx := config.WithConfig(context.Background(), Name, clientCfg) 244 245 port := common.PickPort("tcp", "127.0.0.1") 246 transportConfig := &transport.Config{ 247 LocalHost: "127.0.0.1", 248 LocalPort: port, 249 RemoteHost: "127.0.0.1", 250 RemotePort: port, 251 } 252 ctx := config.WithConfig(context.Background(), transport.Name, transportConfig) 253 ctx = config.WithConfig(ctx, freedom.Name, &freedom.Config{}) 254 tcpClient, err := transport.NewClient(ctx, nil) 255 common.Must(err) 256 tcpServer, err := transport.NewServer(ctx, nil) 257 common.Must(err) 258 259 s, err := NewServer(sctx, tcpServer) 260 common.Must(err) 261 c, err := NewClient(cctx, tcpClient) 262 common.Must(err) 263 264 wg := sync.WaitGroup{} 265 wg.Add(1) 266 var conn1, conn2 net.Conn 267 go func() { 268 conn2, err = s.AcceptConn(nil) 269 common.Must(err) 270 wg.Done() 271 }() 272 conn1, err = c.DialConn(nil, nil) 273 common.Must(err) 274 275 common.Must2(conn1.Write([]byte("12345678\r\n"))) 276 wg.Wait() 277 buf := [10]byte{} 278 conn2.Read(buf[:]) 279 if !util.CheckConn(conn1, conn2) { 280 t.Fail() 281 } 282 conn1.Close() 283 conn2.Close() 284 s.Close() 285 c.Close() 286 } 287 } 288 289 func TestUTLSECC(t *testing.T) { 290 os.WriteFile("server-ecc.crt", []byte(eccCert), 0o777) 291 os.WriteFile("server-ecc.key", []byte(eccKey), 0o777) 292 fingerprints := []string{ 293 "chrome", 294 "firefox", 295 "ios", 296 } 297 for _, s := range fingerprints { 298 serverCfg := &Config{ 299 TLS: TLSConfig{ 300 CertCheckRate: 1, 301 KeyPath: "server-ecc.key", 302 CertPath: "server-ecc.crt", 303 }, 304 } 305 clientCfg := &Config{ 306 TLS: TLSConfig{ 307 Verify: false, 308 SNI: "localhost", 309 Fingerprint: s, 310 }, 311 } 312 sctx := config.WithConfig(context.Background(), Name, serverCfg) 313 cctx := config.WithConfig(context.Background(), Name, clientCfg) 314 315 port := common.PickPort("tcp", "127.0.0.1") 316 transportConfig := &transport.Config{ 317 LocalHost: "127.0.0.1", 318 LocalPort: port, 319 RemoteHost: "127.0.0.1", 320 RemotePort: port, 321 } 322 ctx := config.WithConfig(context.Background(), transport.Name, transportConfig) 323 ctx = config.WithConfig(ctx, freedom.Name, &freedom.Config{}) 324 tcpClient, err := transport.NewClient(ctx, nil) 325 common.Must(err) 326 tcpServer, err := transport.NewServer(ctx, nil) 327 common.Must(err) 328 329 s, err := NewServer(sctx, tcpServer) 330 common.Must(err) 331 c, err := NewClient(cctx, tcpClient) 332 common.Must(err) 333 334 wg := sync.WaitGroup{} 335 wg.Add(1) 336 var conn1, conn2 net.Conn 337 go func() { 338 conn2, err = s.AcceptConn(nil) 339 common.Must(err) 340 wg.Done() 341 }() 342 conn1, err = c.DialConn(nil, nil) 343 common.Must(err) 344 345 common.Must2(conn1.Write([]byte("12345678\r\n"))) 346 wg.Wait() 347 buf := [10]byte{} 348 conn2.Read(buf[:]) 349 if !util.CheckConn(conn1, conn2) { 350 t.Fail() 351 } 352 conn1.Close() 353 conn2.Close() 354 s.Close() 355 c.Close() 356 } 357 } 358 359 func TestMatch(t *testing.T) { 360 if !isDomainNameMatched("*.google.com", "www.google.com") { 361 t.Fail() 362 } 363 364 if isDomainNameMatched("*.google.com", "google.com") { 365 t.Fail() 366 } 367 368 if !isDomainNameMatched("localhost", "localhost") { 369 t.Fail() 370 } 371 }