github.com/xmplusdev/xray-core@v1.8.10/testing/scenarios/tls_test.go (about) 1 package scenarios 2 3 import ( 4 "crypto/x509" 5 "runtime" 6 "testing" 7 "time" 8 9 "github.com/xmplusdev/xray-core/app/proxyman" 10 "github.com/xmplusdev/xray-core/common" 11 "github.com/xmplusdev/xray-core/common/net" 12 "github.com/xmplusdev/xray-core/common/protocol" 13 "github.com/xmplusdev/xray-core/common/protocol/tls/cert" 14 "github.com/xmplusdev/xray-core/common/serial" 15 "github.com/xmplusdev/xray-core/common/uuid" 16 core "github.com/xmplusdev/xray-core/core" 17 "github.com/xmplusdev/xray-core/proxy/dokodemo" 18 "github.com/xmplusdev/xray-core/proxy/freedom" 19 "github.com/xmplusdev/xray-core/proxy/vmess" 20 "github.com/xmplusdev/xray-core/proxy/vmess/inbound" 21 "github.com/xmplusdev/xray-core/proxy/vmess/outbound" 22 "github.com/xmplusdev/xray-core/testing/servers/tcp" 23 "github.com/xmplusdev/xray-core/testing/servers/udp" 24 "github.com/xmplusdev/xray-core/transport/internet" 25 "github.com/xmplusdev/xray-core/transport/internet/grpc" 26 "github.com/xmplusdev/xray-core/transport/internet/http" 27 "github.com/xmplusdev/xray-core/transport/internet/tls" 28 "github.com/xmplusdev/xray-core/transport/internet/websocket" 29 "golang.org/x/sync/errgroup" 30 ) 31 32 func TestSimpleTLSConnection(t *testing.T) { 33 tcpServer := tcp.Server{ 34 MsgProcessor: xor, 35 } 36 dest, err := tcpServer.Start() 37 common.Must(err) 38 defer tcpServer.Close() 39 40 userID := protocol.NewID(uuid.New()) 41 serverPort := tcp.PickPort() 42 serverConfig := &core.Config{ 43 Inbound: []*core.InboundHandlerConfig{ 44 { 45 ReceiverSettings: serial.ToTypedMessage(&proxyman.ReceiverConfig{ 46 PortList: &net.PortList{Range: []*net.PortRange{net.SinglePortRange(serverPort)}}, 47 Listen: net.NewIPOrDomain(net.LocalHostIP), 48 StreamSettings: &internet.StreamConfig{ 49 SecurityType: serial.GetMessageType(&tls.Config{}), 50 SecuritySettings: []*serial.TypedMessage{ 51 serial.ToTypedMessage(&tls.Config{ 52 Certificate: []*tls.Certificate{tls.ParseCertificate(cert.MustGenerate(nil))}, 53 }), 54 }, 55 }, 56 }), 57 ProxySettings: serial.ToTypedMessage(&inbound.Config{ 58 User: []*protocol.User{ 59 { 60 Account: serial.ToTypedMessage(&vmess.Account{ 61 Id: userID.String(), 62 }), 63 }, 64 }, 65 }), 66 }, 67 }, 68 Outbound: []*core.OutboundHandlerConfig{ 69 { 70 ProxySettings: serial.ToTypedMessage(&freedom.Config{}), 71 }, 72 }, 73 } 74 75 clientPort := tcp.PickPort() 76 clientConfig := &core.Config{ 77 Inbound: []*core.InboundHandlerConfig{ 78 { 79 ReceiverSettings: serial.ToTypedMessage(&proxyman.ReceiverConfig{ 80 PortList: &net.PortList{Range: []*net.PortRange{net.SinglePortRange(clientPort)}}, 81 Listen: net.NewIPOrDomain(net.LocalHostIP), 82 }), 83 ProxySettings: serial.ToTypedMessage(&dokodemo.Config{ 84 Address: net.NewIPOrDomain(dest.Address), 85 Port: uint32(dest.Port), 86 NetworkList: &net.NetworkList{ 87 Network: []net.Network{net.Network_TCP}, 88 }, 89 }), 90 }, 91 }, 92 Outbound: []*core.OutboundHandlerConfig{ 93 { 94 ProxySettings: serial.ToTypedMessage(&outbound.Config{ 95 Receiver: []*protocol.ServerEndpoint{ 96 { 97 Address: net.NewIPOrDomain(net.LocalHostIP), 98 Port: uint32(serverPort), 99 User: []*protocol.User{ 100 { 101 Account: serial.ToTypedMessage(&vmess.Account{ 102 Id: userID.String(), 103 }), 104 }, 105 }, 106 }, 107 }, 108 }), 109 SenderSettings: serial.ToTypedMessage(&proxyman.SenderConfig{ 110 StreamSettings: &internet.StreamConfig{ 111 SecurityType: serial.GetMessageType(&tls.Config{}), 112 SecuritySettings: []*serial.TypedMessage{ 113 serial.ToTypedMessage(&tls.Config{ 114 AllowInsecure: true, 115 }), 116 }, 117 }, 118 }), 119 }, 120 }, 121 } 122 123 servers, err := InitializeServerConfigs(serverConfig, clientConfig) 124 common.Must(err) 125 defer CloseAllServers(servers) 126 127 if err := testTCPConn(clientPort, 1024, time.Second*20)(); err != nil { 128 t.Fatal(err) 129 } 130 } 131 132 func TestAutoIssuingCertificate(t *testing.T) { 133 if runtime.GOOS == "windows" { 134 // Not supported on Windows yet. 135 return 136 } 137 138 if runtime.GOARCH == "arm64" { 139 return 140 } 141 142 tcpServer := tcp.Server{ 143 MsgProcessor: xor, 144 } 145 dest, err := tcpServer.Start() 146 common.Must(err) 147 defer tcpServer.Close() 148 149 caCert, err := cert.Generate(nil, cert.Authority(true), cert.KeyUsage(x509.KeyUsageDigitalSignature|x509.KeyUsageKeyEncipherment|x509.KeyUsageCertSign)) 150 common.Must(err) 151 certPEM, keyPEM := caCert.ToPEM() 152 153 userID := protocol.NewID(uuid.New()) 154 serverPort := tcp.PickPort() 155 serverConfig := &core.Config{ 156 Inbound: []*core.InboundHandlerConfig{ 157 { 158 ReceiverSettings: serial.ToTypedMessage(&proxyman.ReceiverConfig{ 159 PortList: &net.PortList{Range: []*net.PortRange{net.SinglePortRange(serverPort)}}, 160 Listen: net.NewIPOrDomain(net.LocalHostIP), 161 StreamSettings: &internet.StreamConfig{ 162 SecurityType: serial.GetMessageType(&tls.Config{}), 163 SecuritySettings: []*serial.TypedMessage{ 164 serial.ToTypedMessage(&tls.Config{ 165 Certificate: []*tls.Certificate{{ 166 Certificate: certPEM, 167 Key: keyPEM, 168 Usage: tls.Certificate_AUTHORITY_ISSUE, 169 }}, 170 }), 171 }, 172 }, 173 }), 174 ProxySettings: serial.ToTypedMessage(&inbound.Config{ 175 User: []*protocol.User{ 176 { 177 Account: serial.ToTypedMessage(&vmess.Account{ 178 Id: userID.String(), 179 }), 180 }, 181 }, 182 }), 183 }, 184 }, 185 Outbound: []*core.OutboundHandlerConfig{ 186 { 187 ProxySettings: serial.ToTypedMessage(&freedom.Config{}), 188 }, 189 }, 190 } 191 192 clientPort := tcp.PickPort() 193 clientConfig := &core.Config{ 194 Inbound: []*core.InboundHandlerConfig{ 195 { 196 ReceiverSettings: serial.ToTypedMessage(&proxyman.ReceiverConfig{ 197 PortList: &net.PortList{Range: []*net.PortRange{net.SinglePortRange(clientPort)}}, 198 Listen: net.NewIPOrDomain(net.LocalHostIP), 199 }), 200 ProxySettings: serial.ToTypedMessage(&dokodemo.Config{ 201 Address: net.NewIPOrDomain(dest.Address), 202 Port: uint32(dest.Port), 203 NetworkList: &net.NetworkList{ 204 Network: []net.Network{net.Network_TCP}, 205 }, 206 }), 207 }, 208 }, 209 Outbound: []*core.OutboundHandlerConfig{ 210 { 211 ProxySettings: serial.ToTypedMessage(&outbound.Config{ 212 Receiver: []*protocol.ServerEndpoint{ 213 { 214 Address: net.NewIPOrDomain(net.LocalHostIP), 215 Port: uint32(serverPort), 216 User: []*protocol.User{ 217 { 218 Account: serial.ToTypedMessage(&vmess.Account{ 219 Id: userID.String(), 220 }), 221 }, 222 }, 223 }, 224 }, 225 }), 226 SenderSettings: serial.ToTypedMessage(&proxyman.SenderConfig{ 227 StreamSettings: &internet.StreamConfig{ 228 SecurityType: serial.GetMessageType(&tls.Config{}), 229 SecuritySettings: []*serial.TypedMessage{ 230 serial.ToTypedMessage(&tls.Config{ 231 ServerName: "example.com", 232 Certificate: []*tls.Certificate{{ 233 Certificate: certPEM, 234 Usage: tls.Certificate_AUTHORITY_VERIFY, 235 }}, 236 }), 237 }, 238 }, 239 }), 240 }, 241 }, 242 } 243 244 servers, err := InitializeServerConfigs(serverConfig, clientConfig) 245 common.Must(err) 246 defer CloseAllServers(servers) 247 248 for i := 0; i < 10; i++ { 249 if err := testTCPConn(clientPort, 1024, time.Second*20)(); err != nil { 250 t.Error(err) 251 } 252 } 253 } 254 255 func TestTLSOverKCP(t *testing.T) { 256 tcpServer := tcp.Server{ 257 MsgProcessor: xor, 258 } 259 dest, err := tcpServer.Start() 260 common.Must(err) 261 defer tcpServer.Close() 262 263 userID := protocol.NewID(uuid.New()) 264 serverPort := udp.PickPort() 265 serverConfig := &core.Config{ 266 Inbound: []*core.InboundHandlerConfig{ 267 { 268 ReceiverSettings: serial.ToTypedMessage(&proxyman.ReceiverConfig{ 269 PortList: &net.PortList{Range: []*net.PortRange{net.SinglePortRange(serverPort)}}, 270 Listen: net.NewIPOrDomain(net.LocalHostIP), 271 StreamSettings: &internet.StreamConfig{ 272 Protocol: internet.TransportProtocol_MKCP, 273 SecurityType: serial.GetMessageType(&tls.Config{}), 274 SecuritySettings: []*serial.TypedMessage{ 275 serial.ToTypedMessage(&tls.Config{ 276 Certificate: []*tls.Certificate{tls.ParseCertificate(cert.MustGenerate(nil))}, 277 }), 278 }, 279 }, 280 }), 281 ProxySettings: serial.ToTypedMessage(&inbound.Config{ 282 User: []*protocol.User{ 283 { 284 Account: serial.ToTypedMessage(&vmess.Account{ 285 Id: userID.String(), 286 }), 287 }, 288 }, 289 }), 290 }, 291 }, 292 Outbound: []*core.OutboundHandlerConfig{ 293 { 294 ProxySettings: serial.ToTypedMessage(&freedom.Config{}), 295 }, 296 }, 297 } 298 299 clientPort := tcp.PickPort() 300 clientConfig := &core.Config{ 301 Inbound: []*core.InboundHandlerConfig{ 302 { 303 ReceiverSettings: serial.ToTypedMessage(&proxyman.ReceiverConfig{ 304 PortList: &net.PortList{Range: []*net.PortRange{net.SinglePortRange(clientPort)}}, 305 Listen: net.NewIPOrDomain(net.LocalHostIP), 306 }), 307 ProxySettings: serial.ToTypedMessage(&dokodemo.Config{ 308 Address: net.NewIPOrDomain(dest.Address), 309 Port: uint32(dest.Port), 310 NetworkList: &net.NetworkList{ 311 Network: []net.Network{net.Network_TCP}, 312 }, 313 }), 314 }, 315 }, 316 Outbound: []*core.OutboundHandlerConfig{ 317 { 318 ProxySettings: serial.ToTypedMessage(&outbound.Config{ 319 Receiver: []*protocol.ServerEndpoint{ 320 { 321 Address: net.NewIPOrDomain(net.LocalHostIP), 322 Port: uint32(serverPort), 323 User: []*protocol.User{ 324 { 325 Account: serial.ToTypedMessage(&vmess.Account{ 326 Id: userID.String(), 327 }), 328 }, 329 }, 330 }, 331 }, 332 }), 333 SenderSettings: serial.ToTypedMessage(&proxyman.SenderConfig{ 334 StreamSettings: &internet.StreamConfig{ 335 Protocol: internet.TransportProtocol_MKCP, 336 SecurityType: serial.GetMessageType(&tls.Config{}), 337 SecuritySettings: []*serial.TypedMessage{ 338 serial.ToTypedMessage(&tls.Config{ 339 AllowInsecure: true, 340 }), 341 }, 342 }, 343 }), 344 }, 345 }, 346 } 347 348 servers, err := InitializeServerConfigs(serverConfig, clientConfig) 349 common.Must(err) 350 defer CloseAllServers(servers) 351 352 if err := testTCPConn(clientPort, 1024, time.Second*20)(); err != nil { 353 t.Error(err) 354 } 355 } 356 357 func TestTLSOverWebSocket(t *testing.T) { 358 tcpServer := tcp.Server{ 359 MsgProcessor: xor, 360 } 361 dest, err := tcpServer.Start() 362 common.Must(err) 363 defer tcpServer.Close() 364 365 userID := protocol.NewID(uuid.New()) 366 serverPort := tcp.PickPort() 367 serverConfig := &core.Config{ 368 Inbound: []*core.InboundHandlerConfig{ 369 { 370 ReceiverSettings: serial.ToTypedMessage(&proxyman.ReceiverConfig{ 371 PortList: &net.PortList{Range: []*net.PortRange{net.SinglePortRange(serverPort)}}, 372 Listen: net.NewIPOrDomain(net.LocalHostIP), 373 StreamSettings: &internet.StreamConfig{ 374 Protocol: internet.TransportProtocol_WebSocket, 375 SecurityType: serial.GetMessageType(&tls.Config{}), 376 SecuritySettings: []*serial.TypedMessage{ 377 serial.ToTypedMessage(&tls.Config{ 378 Certificate: []*tls.Certificate{tls.ParseCertificate(cert.MustGenerate(nil))}, 379 }), 380 }, 381 }, 382 }), 383 ProxySettings: serial.ToTypedMessage(&inbound.Config{ 384 User: []*protocol.User{ 385 { 386 Account: serial.ToTypedMessage(&vmess.Account{ 387 Id: userID.String(), 388 }), 389 }, 390 }, 391 }), 392 }, 393 }, 394 Outbound: []*core.OutboundHandlerConfig{ 395 { 396 ProxySettings: serial.ToTypedMessage(&freedom.Config{}), 397 }, 398 }, 399 } 400 401 clientPort := tcp.PickPort() 402 clientConfig := &core.Config{ 403 Inbound: []*core.InboundHandlerConfig{ 404 { 405 ReceiverSettings: serial.ToTypedMessage(&proxyman.ReceiverConfig{ 406 PortList: &net.PortList{Range: []*net.PortRange{net.SinglePortRange(clientPort)}}, 407 Listen: net.NewIPOrDomain(net.LocalHostIP), 408 }), 409 ProxySettings: serial.ToTypedMessage(&dokodemo.Config{ 410 Address: net.NewIPOrDomain(dest.Address), 411 Port: uint32(dest.Port), 412 NetworkList: &net.NetworkList{ 413 Network: []net.Network{net.Network_TCP}, 414 }, 415 }), 416 }, 417 }, 418 Outbound: []*core.OutboundHandlerConfig{ 419 { 420 ProxySettings: serial.ToTypedMessage(&outbound.Config{ 421 Receiver: []*protocol.ServerEndpoint{ 422 { 423 Address: net.NewIPOrDomain(net.LocalHostIP), 424 Port: uint32(serverPort), 425 User: []*protocol.User{ 426 { 427 Account: serial.ToTypedMessage(&vmess.Account{ 428 Id: userID.String(), 429 }), 430 }, 431 }, 432 }, 433 }, 434 }), 435 SenderSettings: serial.ToTypedMessage(&proxyman.SenderConfig{ 436 StreamSettings: &internet.StreamConfig{ 437 Protocol: internet.TransportProtocol_WebSocket, 438 TransportSettings: []*internet.TransportConfig{ 439 { 440 Protocol: internet.TransportProtocol_WebSocket, 441 Settings: serial.ToTypedMessage(&websocket.Config{}), 442 }, 443 }, 444 SecurityType: serial.GetMessageType(&tls.Config{}), 445 SecuritySettings: []*serial.TypedMessage{ 446 serial.ToTypedMessage(&tls.Config{ 447 AllowInsecure: true, 448 }), 449 }, 450 }, 451 }), 452 }, 453 }, 454 } 455 456 servers, err := InitializeServerConfigs(serverConfig, clientConfig) 457 common.Must(err) 458 defer CloseAllServers(servers) 459 460 var errg errgroup.Group 461 for i := 0; i < 10; i++ { 462 errg.Go(testTCPConn(clientPort, 10240*1024, time.Second*20)) 463 } 464 if err := errg.Wait(); err != nil { 465 t.Error(err) 466 } 467 } 468 469 func TestHTTP2(t *testing.T) { 470 tcpServer := tcp.Server{ 471 MsgProcessor: xor, 472 } 473 dest, err := tcpServer.Start() 474 common.Must(err) 475 defer tcpServer.Close() 476 477 userID := protocol.NewID(uuid.New()) 478 serverPort := tcp.PickPort() 479 serverConfig := &core.Config{ 480 Inbound: []*core.InboundHandlerConfig{ 481 { 482 ReceiverSettings: serial.ToTypedMessage(&proxyman.ReceiverConfig{ 483 PortList: &net.PortList{Range: []*net.PortRange{net.SinglePortRange(serverPort)}}, 484 Listen: net.NewIPOrDomain(net.LocalHostIP), 485 StreamSettings: &internet.StreamConfig{ 486 Protocol: internet.TransportProtocol_HTTP, 487 TransportSettings: []*internet.TransportConfig{ 488 { 489 Protocol: internet.TransportProtocol_HTTP, 490 Settings: serial.ToTypedMessage(&http.Config{ 491 Host: []string{"example.com"}, 492 Path: "/testpath", 493 }), 494 }, 495 }, 496 SecurityType: serial.GetMessageType(&tls.Config{}), 497 SecuritySettings: []*serial.TypedMessage{ 498 serial.ToTypedMessage(&tls.Config{ 499 Certificate: []*tls.Certificate{tls.ParseCertificate(cert.MustGenerate(nil))}, 500 }), 501 }, 502 }, 503 }), 504 ProxySettings: serial.ToTypedMessage(&inbound.Config{ 505 User: []*protocol.User{ 506 { 507 Account: serial.ToTypedMessage(&vmess.Account{ 508 Id: userID.String(), 509 }), 510 }, 511 }, 512 }), 513 }, 514 }, 515 Outbound: []*core.OutboundHandlerConfig{ 516 { 517 ProxySettings: serial.ToTypedMessage(&freedom.Config{}), 518 }, 519 }, 520 } 521 522 clientPort := tcp.PickPort() 523 clientConfig := &core.Config{ 524 Inbound: []*core.InboundHandlerConfig{ 525 { 526 ReceiverSettings: serial.ToTypedMessage(&proxyman.ReceiverConfig{ 527 PortList: &net.PortList{Range: []*net.PortRange{net.SinglePortRange(clientPort)}}, 528 Listen: net.NewIPOrDomain(net.LocalHostIP), 529 }), 530 ProxySettings: serial.ToTypedMessage(&dokodemo.Config{ 531 Address: net.NewIPOrDomain(dest.Address), 532 Port: uint32(dest.Port), 533 NetworkList: &net.NetworkList{ 534 Network: []net.Network{net.Network_TCP}, 535 }, 536 }), 537 }, 538 }, 539 Outbound: []*core.OutboundHandlerConfig{ 540 { 541 ProxySettings: serial.ToTypedMessage(&outbound.Config{ 542 Receiver: []*protocol.ServerEndpoint{ 543 { 544 Address: net.NewIPOrDomain(net.LocalHostIP), 545 Port: uint32(serverPort), 546 User: []*protocol.User{ 547 { 548 Account: serial.ToTypedMessage(&vmess.Account{ 549 Id: userID.String(), 550 }), 551 }, 552 }, 553 }, 554 }, 555 }), 556 SenderSettings: serial.ToTypedMessage(&proxyman.SenderConfig{ 557 StreamSettings: &internet.StreamConfig{ 558 Protocol: internet.TransportProtocol_HTTP, 559 TransportSettings: []*internet.TransportConfig{ 560 { 561 Protocol: internet.TransportProtocol_HTTP, 562 Settings: serial.ToTypedMessage(&http.Config{ 563 Host: []string{"example.com"}, 564 Path: "/testpath", 565 }), 566 }, 567 }, 568 SecurityType: serial.GetMessageType(&tls.Config{}), 569 SecuritySettings: []*serial.TypedMessage{ 570 serial.ToTypedMessage(&tls.Config{ 571 AllowInsecure: true, 572 }), 573 }, 574 }, 575 }), 576 }, 577 }, 578 } 579 580 servers, err := InitializeServerConfigs(serverConfig, clientConfig) 581 common.Must(err) 582 defer CloseAllServers(servers) 583 584 var errg errgroup.Group 585 for i := 0; i < 10; i++ { 586 errg.Go(testTCPConn(clientPort, 1024*1024, time.Second*40)) 587 } 588 if err := errg.Wait(); err != nil { 589 t.Error(err) 590 } 591 } 592 593 func TestGRPC(t *testing.T) { 594 tcpServer := tcp.Server{ 595 MsgProcessor: xor, 596 } 597 dest, err := tcpServer.Start() 598 common.Must(err) 599 defer tcpServer.Close() 600 601 userID := protocol.NewID(uuid.New()) 602 serverPort := tcp.PickPort() 603 serverConfig := &core.Config{ 604 Inbound: []*core.InboundHandlerConfig{ 605 { 606 ReceiverSettings: serial.ToTypedMessage(&proxyman.ReceiverConfig{ 607 PortList: &net.PortList{Range: []*net.PortRange{net.SinglePortRange(serverPort)}}, 608 Listen: net.NewIPOrDomain(net.LocalHostIP), 609 StreamSettings: &internet.StreamConfig{ 610 ProtocolName: "grpc", 611 TransportSettings: []*internet.TransportConfig{ 612 { 613 ProtocolName: "grpc", 614 Settings: serial.ToTypedMessage(&grpc.Config{ServiceName: "🍉"}), 615 }, 616 }, 617 SecurityType: serial.GetMessageType(&tls.Config{}), 618 SecuritySettings: []*serial.TypedMessage{ 619 serial.ToTypedMessage(&tls.Config{ 620 Certificate: []*tls.Certificate{tls.ParseCertificate(cert.MustGenerate(nil))}, 621 }), 622 }, 623 }, 624 }), 625 ProxySettings: serial.ToTypedMessage(&inbound.Config{ 626 User: []*protocol.User{ 627 { 628 Account: serial.ToTypedMessage(&vmess.Account{ 629 Id: userID.String(), 630 }), 631 }, 632 }, 633 }), 634 }, 635 }, 636 Outbound: []*core.OutboundHandlerConfig{ 637 { 638 ProxySettings: serial.ToTypedMessage(&freedom.Config{}), 639 }, 640 }, 641 } 642 643 clientPort := tcp.PickPort() 644 clientConfig := &core.Config{ 645 Inbound: []*core.InboundHandlerConfig{ 646 { 647 ReceiverSettings: serial.ToTypedMessage(&proxyman.ReceiverConfig{ 648 PortList: &net.PortList{Range: []*net.PortRange{net.SinglePortRange(clientPort)}}, 649 Listen: net.NewIPOrDomain(net.LocalHostIP), 650 }), 651 ProxySettings: serial.ToTypedMessage(&dokodemo.Config{ 652 Address: net.NewIPOrDomain(dest.Address), 653 Port: uint32(dest.Port), 654 NetworkList: &net.NetworkList{ 655 Network: []net.Network{net.Network_TCP}, 656 }, 657 }), 658 }, 659 }, 660 Outbound: []*core.OutboundHandlerConfig{ 661 { 662 ProxySettings: serial.ToTypedMessage(&outbound.Config{ 663 Receiver: []*protocol.ServerEndpoint{ 664 { 665 Address: net.NewIPOrDomain(net.LocalHostIP), 666 Port: uint32(serverPort), 667 User: []*protocol.User{ 668 { 669 Account: serial.ToTypedMessage(&vmess.Account{ 670 Id: userID.String(), 671 }), 672 }, 673 }, 674 }, 675 }, 676 }), 677 SenderSettings: serial.ToTypedMessage(&proxyman.SenderConfig{ 678 StreamSettings: &internet.StreamConfig{ 679 ProtocolName: "grpc", 680 TransportSettings: []*internet.TransportConfig{ 681 { 682 ProtocolName: "grpc", 683 Settings: serial.ToTypedMessage(&grpc.Config{ServiceName: "🍉"}), 684 }, 685 }, 686 SecurityType: serial.GetMessageType(&tls.Config{}), 687 SecuritySettings: []*serial.TypedMessage{ 688 serial.ToTypedMessage(&tls.Config{ 689 AllowInsecure: true, 690 }), 691 }, 692 }, 693 }), 694 }, 695 }, 696 } 697 698 servers, err := InitializeServerConfigs(serverConfig, clientConfig) 699 common.Must(err) 700 defer CloseAllServers(servers) 701 702 var errg errgroup.Group 703 for i := 0; i < 10; i++ { 704 errg.Go(testTCPConn(clientPort, 1024*10240, time.Second*40)) 705 } 706 if err := errg.Wait(); err != nil { 707 t.Error(err) 708 } 709 } 710 711 func TestGRPCMultiMode(t *testing.T) { 712 tcpServer := tcp.Server{ 713 MsgProcessor: xor, 714 } 715 dest, err := tcpServer.Start() 716 common.Must(err) 717 defer tcpServer.Close() 718 719 userID := protocol.NewID(uuid.New()) 720 serverPort := tcp.PickPort() 721 serverConfig := &core.Config{ 722 Inbound: []*core.InboundHandlerConfig{ 723 { 724 ReceiverSettings: serial.ToTypedMessage(&proxyman.ReceiverConfig{ 725 PortList: &net.PortList{Range: []*net.PortRange{net.SinglePortRange(serverPort)}}, 726 Listen: net.NewIPOrDomain(net.LocalHostIP), 727 StreamSettings: &internet.StreamConfig{ 728 ProtocolName: "grpc", 729 TransportSettings: []*internet.TransportConfig{ 730 { 731 ProtocolName: "grpc", 732 Settings: serial.ToTypedMessage(&grpc.Config{ServiceName: "🍉"}), 733 }, 734 }, 735 SecurityType: serial.GetMessageType(&tls.Config{}), 736 SecuritySettings: []*serial.TypedMessage{ 737 serial.ToTypedMessage(&tls.Config{ 738 Certificate: []*tls.Certificate{tls.ParseCertificate(cert.MustGenerate(nil))}, 739 }), 740 }, 741 }, 742 }), 743 ProxySettings: serial.ToTypedMessage(&inbound.Config{ 744 User: []*protocol.User{ 745 { 746 Account: serial.ToTypedMessage(&vmess.Account{ 747 Id: userID.String(), 748 }), 749 }, 750 }, 751 }), 752 }, 753 }, 754 Outbound: []*core.OutboundHandlerConfig{ 755 { 756 ProxySettings: serial.ToTypedMessage(&freedom.Config{}), 757 }, 758 }, 759 } 760 761 clientPort := tcp.PickPort() 762 clientConfig := &core.Config{ 763 Inbound: []*core.InboundHandlerConfig{ 764 { 765 ReceiverSettings: serial.ToTypedMessage(&proxyman.ReceiverConfig{ 766 PortList: &net.PortList{Range: []*net.PortRange{net.SinglePortRange(clientPort)}}, 767 Listen: net.NewIPOrDomain(net.LocalHostIP), 768 }), 769 ProxySettings: serial.ToTypedMessage(&dokodemo.Config{ 770 Address: net.NewIPOrDomain(dest.Address), 771 Port: uint32(dest.Port), 772 NetworkList: &net.NetworkList{ 773 Network: []net.Network{net.Network_TCP}, 774 }, 775 }), 776 }, 777 }, 778 Outbound: []*core.OutboundHandlerConfig{ 779 { 780 ProxySettings: serial.ToTypedMessage(&outbound.Config{ 781 Receiver: []*protocol.ServerEndpoint{ 782 { 783 Address: net.NewIPOrDomain(net.LocalHostIP), 784 Port: uint32(serverPort), 785 User: []*protocol.User{ 786 { 787 Account: serial.ToTypedMessage(&vmess.Account{ 788 Id: userID.String(), 789 }), 790 }, 791 }, 792 }, 793 }, 794 }), 795 SenderSettings: serial.ToTypedMessage(&proxyman.SenderConfig{ 796 StreamSettings: &internet.StreamConfig{ 797 ProtocolName: "grpc", 798 TransportSettings: []*internet.TransportConfig{ 799 { 800 ProtocolName: "grpc", 801 Settings: serial.ToTypedMessage(&grpc.Config{ServiceName: "🍉", MultiMode: true}), 802 }, 803 }, 804 SecurityType: serial.GetMessageType(&tls.Config{}), 805 SecuritySettings: []*serial.TypedMessage{ 806 serial.ToTypedMessage(&tls.Config{ 807 AllowInsecure: true, 808 }), 809 }, 810 }, 811 }), 812 }, 813 }, 814 } 815 816 servers, err := InitializeServerConfigs(serverConfig, clientConfig) 817 common.Must(err) 818 defer CloseAllServers(servers) 819 820 var errg errgroup.Group 821 for i := 0; i < 10; i++ { 822 errg.Go(testTCPConn(clientPort, 1024*10240, time.Second*40)) 823 } 824 if err := errg.Wait(); err != nil { 825 t.Error(err) 826 } 827 } 828 829 func TestSimpleTLSConnectionPinned(t *testing.T) { 830 tcpServer := tcp.Server{ 831 MsgProcessor: xor, 832 } 833 dest, err := tcpServer.Start() 834 common.Must(err) 835 defer tcpServer.Close() 836 certificateDer := cert.MustGenerate(nil) 837 certificate := tls.ParseCertificate(certificateDer) 838 certHash := tls.GenerateCertChainHash([][]byte{certificateDer.Certificate}) 839 userID := protocol.NewID(uuid.New()) 840 serverPort := tcp.PickPort() 841 serverConfig := &core.Config{ 842 Inbound: []*core.InboundHandlerConfig{ 843 { 844 ReceiverSettings: serial.ToTypedMessage(&proxyman.ReceiverConfig{ 845 PortList: &net.PortList{Range: []*net.PortRange{net.SinglePortRange(serverPort)}}, 846 Listen: net.NewIPOrDomain(net.LocalHostIP), 847 StreamSettings: &internet.StreamConfig{ 848 SecurityType: serial.GetMessageType(&tls.Config{}), 849 SecuritySettings: []*serial.TypedMessage{ 850 serial.ToTypedMessage(&tls.Config{ 851 Certificate: []*tls.Certificate{certificate}, 852 }), 853 }, 854 }, 855 }), 856 ProxySettings: serial.ToTypedMessage(&inbound.Config{ 857 User: []*protocol.User{ 858 { 859 Account: serial.ToTypedMessage(&vmess.Account{ 860 Id: userID.String(), 861 }), 862 }, 863 }, 864 }), 865 }, 866 }, 867 Outbound: []*core.OutboundHandlerConfig{ 868 { 869 ProxySettings: serial.ToTypedMessage(&freedom.Config{}), 870 }, 871 }, 872 } 873 874 clientPort := tcp.PickPort() 875 clientConfig := &core.Config{ 876 Inbound: []*core.InboundHandlerConfig{ 877 { 878 ReceiverSettings: serial.ToTypedMessage(&proxyman.ReceiverConfig{ 879 PortList: &net.PortList{Range: []*net.PortRange{net.SinglePortRange(clientPort)}}, 880 Listen: net.NewIPOrDomain(net.LocalHostIP), 881 }), 882 ProxySettings: serial.ToTypedMessage(&dokodemo.Config{ 883 Address: net.NewIPOrDomain(dest.Address), 884 Port: uint32(dest.Port), 885 NetworkList: &net.NetworkList{ 886 Network: []net.Network{net.Network_TCP}, 887 }, 888 }), 889 }, 890 }, 891 Outbound: []*core.OutboundHandlerConfig{ 892 { 893 ProxySettings: serial.ToTypedMessage(&outbound.Config{ 894 Receiver: []*protocol.ServerEndpoint{ 895 { 896 Address: net.NewIPOrDomain(net.LocalHostIP), 897 Port: uint32(serverPort), 898 User: []*protocol.User{ 899 { 900 Account: serial.ToTypedMessage(&vmess.Account{ 901 Id: userID.String(), 902 }), 903 }, 904 }, 905 }, 906 }, 907 }), 908 SenderSettings: serial.ToTypedMessage(&proxyman.SenderConfig{ 909 StreamSettings: &internet.StreamConfig{ 910 SecurityType: serial.GetMessageType(&tls.Config{}), 911 SecuritySettings: []*serial.TypedMessage{ 912 serial.ToTypedMessage(&tls.Config{ 913 AllowInsecure: true, 914 PinnedPeerCertificateChainSha256: [][]byte{certHash}, 915 }), 916 }, 917 }, 918 }), 919 }, 920 }, 921 } 922 923 servers, err := InitializeServerConfigs(serverConfig, clientConfig) 924 common.Must(err) 925 defer CloseAllServers(servers) 926 927 if err := testTCPConn(clientPort, 1024, time.Second*20)(); err != nil { 928 t.Fatal(err) 929 } 930 } 931 932 func TestSimpleTLSConnectionPinnedWrongCert(t *testing.T) { 933 tcpServer := tcp.Server{ 934 MsgProcessor: xor, 935 } 936 dest, err := tcpServer.Start() 937 common.Must(err) 938 defer tcpServer.Close() 939 certificateDer := cert.MustGenerate(nil) 940 certificate := tls.ParseCertificate(certificateDer) 941 certHash := tls.GenerateCertChainHash([][]byte{certificateDer.Certificate}) 942 certHash[1] += 1 943 userID := protocol.NewID(uuid.New()) 944 serverPort := tcp.PickPort() 945 serverConfig := &core.Config{ 946 Inbound: []*core.InboundHandlerConfig{ 947 { 948 ReceiverSettings: serial.ToTypedMessage(&proxyman.ReceiverConfig{ 949 PortList: &net.PortList{Range: []*net.PortRange{net.SinglePortRange(serverPort)}}, 950 Listen: net.NewIPOrDomain(net.LocalHostIP), 951 StreamSettings: &internet.StreamConfig{ 952 SecurityType: serial.GetMessageType(&tls.Config{}), 953 SecuritySettings: []*serial.TypedMessage{ 954 serial.ToTypedMessage(&tls.Config{ 955 Certificate: []*tls.Certificate{certificate}, 956 }), 957 }, 958 }, 959 }), 960 ProxySettings: serial.ToTypedMessage(&inbound.Config{ 961 User: []*protocol.User{ 962 { 963 Account: serial.ToTypedMessage(&vmess.Account{ 964 Id: userID.String(), 965 }), 966 }, 967 }, 968 }), 969 }, 970 }, 971 Outbound: []*core.OutboundHandlerConfig{ 972 { 973 ProxySettings: serial.ToTypedMessage(&freedom.Config{}), 974 }, 975 }, 976 } 977 978 clientPort := tcp.PickPort() 979 clientConfig := &core.Config{ 980 Inbound: []*core.InboundHandlerConfig{ 981 { 982 ReceiverSettings: serial.ToTypedMessage(&proxyman.ReceiverConfig{ 983 PortList: &net.PortList{Range: []*net.PortRange{net.SinglePortRange(clientPort)}}, 984 Listen: net.NewIPOrDomain(net.LocalHostIP), 985 }), 986 ProxySettings: serial.ToTypedMessage(&dokodemo.Config{ 987 Address: net.NewIPOrDomain(dest.Address), 988 Port: uint32(dest.Port), 989 NetworkList: &net.NetworkList{ 990 Network: []net.Network{net.Network_TCP}, 991 }, 992 }), 993 }, 994 }, 995 Outbound: []*core.OutboundHandlerConfig{ 996 { 997 ProxySettings: serial.ToTypedMessage(&outbound.Config{ 998 Receiver: []*protocol.ServerEndpoint{ 999 { 1000 Address: net.NewIPOrDomain(net.LocalHostIP), 1001 Port: uint32(serverPort), 1002 User: []*protocol.User{ 1003 { 1004 Account: serial.ToTypedMessage(&vmess.Account{ 1005 Id: userID.String(), 1006 }), 1007 }, 1008 }, 1009 }, 1010 }, 1011 }), 1012 SenderSettings: serial.ToTypedMessage(&proxyman.SenderConfig{ 1013 StreamSettings: &internet.StreamConfig{ 1014 SecurityType: serial.GetMessageType(&tls.Config{}), 1015 SecuritySettings: []*serial.TypedMessage{ 1016 serial.ToTypedMessage(&tls.Config{ 1017 AllowInsecure: true, 1018 PinnedPeerCertificateChainSha256: [][]byte{certHash}, 1019 }), 1020 }, 1021 }, 1022 }), 1023 }, 1024 }, 1025 } 1026 1027 servers, err := InitializeServerConfigs(serverConfig, clientConfig) 1028 common.Must(err) 1029 defer CloseAllServers(servers) 1030 1031 if err := testTCPConn(clientPort, 1024, time.Second*20)(); err == nil { 1032 t.Fatal(err) 1033 } 1034 } 1035 1036 func TestUTLSConnectionPinned(t *testing.T) { 1037 tcpServer := tcp.Server{ 1038 MsgProcessor: xor, 1039 } 1040 dest, err := tcpServer.Start() 1041 common.Must(err) 1042 defer tcpServer.Close() 1043 certificateDer := cert.MustGenerate(nil) 1044 certificate := tls.ParseCertificate(certificateDer) 1045 certHash := tls.GenerateCertChainHash([][]byte{certificateDer.Certificate}) 1046 userID := protocol.NewID(uuid.New()) 1047 serverPort := tcp.PickPort() 1048 serverConfig := &core.Config{ 1049 Inbound: []*core.InboundHandlerConfig{ 1050 { 1051 ReceiverSettings: serial.ToTypedMessage(&proxyman.ReceiverConfig{ 1052 PortList: &net.PortList{Range: []*net.PortRange{net.SinglePortRange(serverPort)}}, 1053 Listen: net.NewIPOrDomain(net.LocalHostIP), 1054 StreamSettings: &internet.StreamConfig{ 1055 SecurityType: serial.GetMessageType(&tls.Config{}), 1056 SecuritySettings: []*serial.TypedMessage{ 1057 serial.ToTypedMessage(&tls.Config{ 1058 Certificate: []*tls.Certificate{certificate}, 1059 }), 1060 }, 1061 }, 1062 }), 1063 ProxySettings: serial.ToTypedMessage(&inbound.Config{ 1064 User: []*protocol.User{ 1065 { 1066 Account: serial.ToTypedMessage(&vmess.Account{ 1067 Id: userID.String(), 1068 }), 1069 }, 1070 }, 1071 }), 1072 }, 1073 }, 1074 Outbound: []*core.OutboundHandlerConfig{ 1075 { 1076 ProxySettings: serial.ToTypedMessage(&freedom.Config{}), 1077 }, 1078 }, 1079 } 1080 1081 clientPort := tcp.PickPort() 1082 clientConfig := &core.Config{ 1083 Inbound: []*core.InboundHandlerConfig{ 1084 { 1085 ReceiverSettings: serial.ToTypedMessage(&proxyman.ReceiverConfig{ 1086 PortList: &net.PortList{Range: []*net.PortRange{net.SinglePortRange(clientPort)}}, 1087 Listen: net.NewIPOrDomain(net.LocalHostIP), 1088 }), 1089 ProxySettings: serial.ToTypedMessage(&dokodemo.Config{ 1090 Address: net.NewIPOrDomain(dest.Address), 1091 Port: uint32(dest.Port), 1092 NetworkList: &net.NetworkList{ 1093 Network: []net.Network{net.Network_TCP}, 1094 }, 1095 }), 1096 }, 1097 }, 1098 Outbound: []*core.OutboundHandlerConfig{ 1099 { 1100 ProxySettings: serial.ToTypedMessage(&outbound.Config{ 1101 Receiver: []*protocol.ServerEndpoint{ 1102 { 1103 Address: net.NewIPOrDomain(net.LocalHostIP), 1104 Port: uint32(serverPort), 1105 User: []*protocol.User{ 1106 { 1107 Account: serial.ToTypedMessage(&vmess.Account{ 1108 Id: userID.String(), 1109 }), 1110 }, 1111 }, 1112 }, 1113 }, 1114 }), 1115 SenderSettings: serial.ToTypedMessage(&proxyman.SenderConfig{ 1116 StreamSettings: &internet.StreamConfig{ 1117 SecurityType: serial.GetMessageType(&tls.Config{}), 1118 SecuritySettings: []*serial.TypedMessage{ 1119 serial.ToTypedMessage(&tls.Config{ 1120 Fingerprint: "random", 1121 AllowInsecure: true, 1122 PinnedPeerCertificateChainSha256: [][]byte{certHash}, 1123 }), 1124 }, 1125 }, 1126 }), 1127 }, 1128 }, 1129 } 1130 1131 servers, err := InitializeServerConfigs(serverConfig, clientConfig) 1132 common.Must(err) 1133 defer CloseAllServers(servers) 1134 1135 if err := testTCPConn(clientPort, 1024, time.Second*20)(); err != nil { 1136 t.Fatal(err) 1137 } 1138 } 1139 1140 func TestUTLSConnectionPinnedWrongCert(t *testing.T) { 1141 tcpServer := tcp.Server{ 1142 MsgProcessor: xor, 1143 } 1144 dest, err := tcpServer.Start() 1145 common.Must(err) 1146 defer tcpServer.Close() 1147 certificateDer := cert.MustGenerate(nil) 1148 certificate := tls.ParseCertificate(certificateDer) 1149 certHash := tls.GenerateCertChainHash([][]byte{certificateDer.Certificate}) 1150 certHash[1] += 1 1151 userID := protocol.NewID(uuid.New()) 1152 serverPort := tcp.PickPort() 1153 serverConfig := &core.Config{ 1154 Inbound: []*core.InboundHandlerConfig{ 1155 { 1156 ReceiverSettings: serial.ToTypedMessage(&proxyman.ReceiverConfig{ 1157 PortList: &net.PortList{Range: []*net.PortRange{net.SinglePortRange(serverPort)}}, 1158 Listen: net.NewIPOrDomain(net.LocalHostIP), 1159 StreamSettings: &internet.StreamConfig{ 1160 SecurityType: serial.GetMessageType(&tls.Config{}), 1161 SecuritySettings: []*serial.TypedMessage{ 1162 serial.ToTypedMessage(&tls.Config{ 1163 Certificate: []*tls.Certificate{certificate}, 1164 }), 1165 }, 1166 }, 1167 }), 1168 ProxySettings: serial.ToTypedMessage(&inbound.Config{ 1169 User: []*protocol.User{ 1170 { 1171 Account: serial.ToTypedMessage(&vmess.Account{ 1172 Id: userID.String(), 1173 }), 1174 }, 1175 }, 1176 }), 1177 }, 1178 }, 1179 Outbound: []*core.OutboundHandlerConfig{ 1180 { 1181 ProxySettings: serial.ToTypedMessage(&freedom.Config{}), 1182 }, 1183 }, 1184 } 1185 1186 clientPort := tcp.PickPort() 1187 clientConfig := &core.Config{ 1188 Inbound: []*core.InboundHandlerConfig{ 1189 { 1190 ReceiverSettings: serial.ToTypedMessage(&proxyman.ReceiverConfig{ 1191 PortList: &net.PortList{Range: []*net.PortRange{net.SinglePortRange(clientPort)}}, 1192 Listen: net.NewIPOrDomain(net.LocalHostIP), 1193 }), 1194 ProxySettings: serial.ToTypedMessage(&dokodemo.Config{ 1195 Address: net.NewIPOrDomain(dest.Address), 1196 Port: uint32(dest.Port), 1197 NetworkList: &net.NetworkList{ 1198 Network: []net.Network{net.Network_TCP}, 1199 }, 1200 }), 1201 }, 1202 }, 1203 Outbound: []*core.OutboundHandlerConfig{ 1204 { 1205 ProxySettings: serial.ToTypedMessage(&outbound.Config{ 1206 Receiver: []*protocol.ServerEndpoint{ 1207 { 1208 Address: net.NewIPOrDomain(net.LocalHostIP), 1209 Port: uint32(serverPort), 1210 User: []*protocol.User{ 1211 { 1212 Account: serial.ToTypedMessage(&vmess.Account{ 1213 Id: userID.String(), 1214 }), 1215 }, 1216 }, 1217 }, 1218 }, 1219 }), 1220 SenderSettings: serial.ToTypedMessage(&proxyman.SenderConfig{ 1221 StreamSettings: &internet.StreamConfig{ 1222 SecurityType: serial.GetMessageType(&tls.Config{}), 1223 SecuritySettings: []*serial.TypedMessage{ 1224 serial.ToTypedMessage(&tls.Config{ 1225 Fingerprint: "random", 1226 AllowInsecure: true, 1227 PinnedPeerCertificateChainSha256: [][]byte{certHash}, 1228 }), 1229 }, 1230 }, 1231 }), 1232 }, 1233 }, 1234 } 1235 1236 servers, err := InitializeServerConfigs(serverConfig, clientConfig) 1237 common.Must(err) 1238 defer CloseAllServers(servers) 1239 1240 if err := testTCPConn(clientPort, 1024, time.Second*20)(); err == nil { 1241 t.Fatal(err) 1242 } 1243 }