github.com/xraypb/Xray-core@v1.8.1/transport/internet/tls/config_test.go (about)

     1  package tls_test
     2  
     3  import (
     4  	gotls "crypto/tls"
     5  	"crypto/x509"
     6  	"testing"
     7  	"time"
     8  
     9  	"github.com/xraypb/Xray-core/common"
    10  	"github.com/xraypb/Xray-core/common/protocol/tls/cert"
    11  	. "github.com/xraypb/Xray-core/transport/internet/tls"
    12  )
    13  
    14  func TestCertificateIssuing(t *testing.T) {
    15  	certificate := ParseCertificate(cert.MustGenerate(nil, cert.Authority(true), cert.KeyUsage(x509.KeyUsageCertSign)))
    16  	certificate.Usage = Certificate_AUTHORITY_ISSUE
    17  
    18  	c := &Config{
    19  		Certificate: []*Certificate{
    20  			certificate,
    21  		},
    22  	}
    23  
    24  	tlsConfig := c.GetTLSConfig()
    25  	xrayCert, err := tlsConfig.GetCertificate(&gotls.ClientHelloInfo{
    26  		ServerName: "www.example.com",
    27  	})
    28  	common.Must(err)
    29  
    30  	x509Cert, err := x509.ParseCertificate(xrayCert.Certificate[0])
    31  	common.Must(err)
    32  	if !x509Cert.NotAfter.After(time.Now()) {
    33  		t.Error("NotAfter: ", x509Cert.NotAfter)
    34  	}
    35  }
    36  
    37  func TestExpiredCertificate(t *testing.T) {
    38  	caCert := cert.MustGenerate(nil, cert.Authority(true), cert.KeyUsage(x509.KeyUsageCertSign))
    39  	expiredCert := cert.MustGenerate(caCert, cert.NotAfter(time.Now().Add(time.Minute*-2)), cert.CommonName("www.example.com"), cert.DNSNames("www.example.com"))
    40  
    41  	certificate := ParseCertificate(caCert)
    42  	certificate.Usage = Certificate_AUTHORITY_ISSUE
    43  
    44  	certificate2 := ParseCertificate(expiredCert)
    45  
    46  	c := &Config{
    47  		Certificate: []*Certificate{
    48  			certificate,
    49  			certificate2,
    50  		},
    51  	}
    52  
    53  	tlsConfig := c.GetTLSConfig()
    54  	xrayCert, err := tlsConfig.GetCertificate(&gotls.ClientHelloInfo{
    55  		ServerName: "www.example.com",
    56  	})
    57  	common.Must(err)
    58  
    59  	x509Cert, err := x509.ParseCertificate(xrayCert.Certificate[0])
    60  	common.Must(err)
    61  	if !x509Cert.NotAfter.After(time.Now()) {
    62  		t.Error("NotAfter: ", x509Cert.NotAfter)
    63  	}
    64  }
    65  
    66  func TestInsecureCertificates(t *testing.T) {
    67  	c := &Config{}
    68  
    69  	tlsConfig := c.GetTLSConfig()
    70  	if len(tlsConfig.CipherSuites) > 0 {
    71  		t.Fatal("Unexpected tls cipher suites list: ", tlsConfig.CipherSuites)
    72  	}
    73  }
    74  
    75  func BenchmarkCertificateIssuing(b *testing.B) {
    76  	certificate := ParseCertificate(cert.MustGenerate(nil, cert.Authority(true), cert.KeyUsage(x509.KeyUsageCertSign)))
    77  	certificate.Usage = Certificate_AUTHORITY_ISSUE
    78  
    79  	c := &Config{
    80  		Certificate: []*Certificate{
    81  			certificate,
    82  		},
    83  	}
    84  
    85  	tlsConfig := c.GetTLSConfig()
    86  	lenCerts := len(tlsConfig.Certificates)
    87  
    88  	b.ResetTimer()
    89  
    90  	for i := 0; i < b.N; i++ {
    91  		_, _ = tlsConfig.GetCertificate(&gotls.ClientHelloInfo{
    92  			ServerName: "www.example.com",
    93  		})
    94  		delete(tlsConfig.NameToCertificate, "www.example.com")
    95  		tlsConfig.Certificates = tlsConfig.Certificates[:lenCerts]
    96  	}
    97  }