github.com/yaling888/clash@v1.53.0/common/cert/cert_test.go (about) 1 package cert 2 3 import ( 4 "crypto/tls" 5 "crypto/x509" 6 "net" 7 "os" 8 "testing" 9 "time" 10 11 "github.com/stretchr/testify/assert" 12 ) 13 14 func TestCert(t *testing.T) { 15 ca, privateKey, err := generateCert("Clash Test Root CA", true, nil, nil) 16 17 assert.Nil(t, err) 18 assert.NotNil(t, ca) 19 assert.NotNil(t, privateKey) 20 21 c, err := NewConfig(ca, privateKey) 22 assert.Nil(t, err) 23 24 c.SetValidity(20 * time.Hour) 25 26 conf := c.NewTLSConfigForHost("example.org") 27 assert.Equal(t, []string{"http/1.1"}, conf.NextProtos) 28 29 // Test generating a certificate 30 clientHello := &tls.ClientHelloInfo{ 31 ServerName: "example.org", 32 } 33 tlsCert, err := conf.GetCertificate(clientHello) 34 assert.Nil(t, err) 35 assert.NotNil(t, tlsCert) 36 37 // Assert certificate details 38 x509c := tlsCert.Leaf 39 assert.Equal(t, "example.org", x509c.Subject.CommonName) 40 assert.Nil(t, x509c.VerifyHostname("example.org")) 41 assert.Nil(t, x509c.VerifyHostname("abc.example.org")) 42 assert.True(t, x509c.BasicConstraintsValid) 43 assert.True(t, x509c.KeyUsage&x509.KeyUsageDigitalSignature == x509.KeyUsageDigitalSignature) 44 assert.Equal(t, []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth, x509.ExtKeyUsageClientAuth}, x509c.ExtKeyUsage) 45 assert.Equal(t, []string{"example.org", "*.example.org"}, x509c.DNSNames) 46 assert.True(t, x509c.NotBefore.Before(time.Now().Add(-2*time.Hour))) 47 assert.True(t, x509c.NotAfter.After(time.Now().Add(2*time.Hour))) 48 49 // Check that certificate is cached 50 tlsCert2, err := c.GetOrCreateCert("abc.example.org") 51 assert.Nil(t, err) 52 assert.True(t, tlsCert == tlsCert2) 53 54 // Check that certificate is new 55 _, _ = c.GetOrCreateCert("a.b.c.d.e.f.g.h.i.j.example.org") 56 tlsCert3, err := c.GetOrCreateCert("m.k.l.example.org") 57 x509c = tlsCert3.Leaf 58 dnsNames := []string{ 59 "example.org", "*.example.org", "*.j.example.org", "*.i.j.example.org", 60 "*.h.i.j.example.org", "*.g.h.i.j.example.org", "*.f.g.h.i.j.example.org", "*.e.f.g.h.i.j.example.org", 61 "*.d.e.f.g.h.i.j.example.org", "*.c.d.e.f.g.h.i.j.example.org", "*.b.c.d.e.f.g.h.i.j.example.org", 62 "*.l.example.org", "*.k.l.example.org", 63 } 64 assert.Nil(t, err) 65 assert.False(t, tlsCert == tlsCert3) 66 assert.Equal(t, dnsNames, x509c.DNSNames) 67 68 // Check that certificate is cached 69 tlsCert4, err := c.GetOrCreateCert("xyz.example.org") 70 x509c = tlsCert4.Leaf 71 assert.Nil(t, err) 72 assert.True(t, tlsCert3 == tlsCert4) 73 assert.Nil(t, x509c.VerifyHostname("example.org")) 74 assert.Nil(t, x509c.VerifyHostname("jkf.example.org")) 75 assert.Nil(t, x509c.VerifyHostname("n.j.example.org")) 76 assert.Nil(t, x509c.VerifyHostname("c.i.j.example.org")) 77 assert.Nil(t, x509c.VerifyHostname("m.l.example.org")) 78 assert.Error(t, x509c.VerifyHostname("m.l.jkf.example.org")) 79 80 // Check the certificate for an IP 81 tlsCertForIP, err := c.GetOrCreateCert("192.168.0.1") 82 x509c = tlsCertForIP.Leaf 83 assert.Nil(t, err) 84 assert.Equal(t, 1, len(x509c.IPAddresses)) 85 assert.True(t, net.ParseIP("192.168.0.1").Equal(x509c.IPAddresses[0])) 86 87 // Check that certificate is cached 88 tlsCertForIP2, err := c.GetOrCreateCert("192.168.0.1") 89 x509c = tlsCertForIP2.Leaf 90 assert.Nil(t, err) 91 assert.True(t, tlsCertForIP == tlsCertForIP2) 92 assert.Nil(t, x509c.VerifyHostname("192.168.0.1")) 93 } 94 95 func TestGenerateAndSave(t *testing.T) { 96 caPath := "ca.crt" 97 caKeyPath := "ca.key" 98 99 err := GenerateAndSave(caPath, caKeyPath) 100 101 assert.Nil(t, err) 102 103 _ = os.Remove(caPath) 104 _ = os.Remove(caKeyPath) 105 }