github.com/xraypb/Xray-core@v1.8.1/transport/internet/tls/config_test.go (about) 1 package tls_test 2 3 import ( 4 gotls "crypto/tls" 5 "crypto/x509" 6 "testing" 7 "time" 8 9 "github.com/xraypb/Xray-core/common" 10 "github.com/xraypb/Xray-core/common/protocol/tls/cert" 11 . "github.com/xraypb/Xray-core/transport/internet/tls" 12 ) 13 14 func TestCertificateIssuing(t *testing.T) { 15 certificate := ParseCertificate(cert.MustGenerate(nil, cert.Authority(true), cert.KeyUsage(x509.KeyUsageCertSign))) 16 certificate.Usage = Certificate_AUTHORITY_ISSUE 17 18 c := &Config{ 19 Certificate: []*Certificate{ 20 certificate, 21 }, 22 } 23 24 tlsConfig := c.GetTLSConfig() 25 xrayCert, err := tlsConfig.GetCertificate(&gotls.ClientHelloInfo{ 26 ServerName: "www.example.com", 27 }) 28 common.Must(err) 29 30 x509Cert, err := x509.ParseCertificate(xrayCert.Certificate[0]) 31 common.Must(err) 32 if !x509Cert.NotAfter.After(time.Now()) { 33 t.Error("NotAfter: ", x509Cert.NotAfter) 34 } 35 } 36 37 func TestExpiredCertificate(t *testing.T) { 38 caCert := cert.MustGenerate(nil, cert.Authority(true), cert.KeyUsage(x509.KeyUsageCertSign)) 39 expiredCert := cert.MustGenerate(caCert, cert.NotAfter(time.Now().Add(time.Minute*-2)), cert.CommonName("www.example.com"), cert.DNSNames("www.example.com")) 40 41 certificate := ParseCertificate(caCert) 42 certificate.Usage = Certificate_AUTHORITY_ISSUE 43 44 certificate2 := ParseCertificate(expiredCert) 45 46 c := &Config{ 47 Certificate: []*Certificate{ 48 certificate, 49 certificate2, 50 }, 51 } 52 53 tlsConfig := c.GetTLSConfig() 54 xrayCert, err := tlsConfig.GetCertificate(&gotls.ClientHelloInfo{ 55 ServerName: "www.example.com", 56 }) 57 common.Must(err) 58 59 x509Cert, err := x509.ParseCertificate(xrayCert.Certificate[0]) 60 common.Must(err) 61 if !x509Cert.NotAfter.After(time.Now()) { 62 t.Error("NotAfter: ", x509Cert.NotAfter) 63 } 64 } 65 66 func TestInsecureCertificates(t *testing.T) { 67 c := &Config{} 68 69 tlsConfig := c.GetTLSConfig() 70 if len(tlsConfig.CipherSuites) > 0 { 71 t.Fatal("Unexpected tls cipher suites list: ", tlsConfig.CipherSuites) 72 } 73 } 74 75 func BenchmarkCertificateIssuing(b *testing.B) { 76 certificate := ParseCertificate(cert.MustGenerate(nil, cert.Authority(true), cert.KeyUsage(x509.KeyUsageCertSign))) 77 certificate.Usage = Certificate_AUTHORITY_ISSUE 78 79 c := &Config{ 80 Certificate: []*Certificate{ 81 certificate, 82 }, 83 } 84 85 tlsConfig := c.GetTLSConfig() 86 lenCerts := len(tlsConfig.Certificates) 87 88 b.ResetTimer() 89 90 for i := 0; i < b.N; i++ { 91 _, _ = tlsConfig.GetCertificate(&gotls.ClientHelloInfo{ 92 ServerName: "www.example.com", 93 }) 94 delete(tlsConfig.NameToCertificate, "www.example.com") 95 tlsConfig.Certificates = tlsConfig.Certificates[:lenCerts] 96 } 97 }